Cybersecurity firm Kryptowire claims that many Android phones are loaded with a backdoor that is transferring data, call logs, and text messages to China.
The New York Times reports that the backdoor was discovered on multiple phones across America and China. The program at issue is installed on the phones before the user ever turns it on, created by Shanghai Adups Technology Company based in China. According to Shanghai Adups, the software is for updating phones’ firmware and runs on more than 700 million devices across the world. A US based phone company, BLU products, claims that it found as many as 120,000 cases of affected phones.
The software doesn’t come pre-installed with the brand new Google Pixel or Samsung Galaxy phones, but is commonly found on lower end, cheaper smartphones. The software collects data such as phone numbers, text messages, call logs, and location information and transmits it to servers in China.
The BLU Products executive Samuel Ohev-Zion told the New York Times, “It was obviously something that we were not aware of. We moved very quickly to correct it.” He stated that Shanghai Adups Technology Company told him that all of the data from BLU customers had been destroyed.
Cybersecurity firm Kryptowire has taken it’s findings to the federal government and plans to release a public report on the issue this week.