It might be a real news or it might be a fake news just to make a dent into the Chinese smartphone market, but this link reports that cheap Android smartphones, or budget Android smartphones in the US might be sending personal data, secretly, to China.
The above TechCrunch link quotes a press release from the cyber security firm Kryptowire:
These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
This is a bit disconcerting – as you can read above, no information is left untouched. There is a company in China called Shanghai Adups Technology Co. Ltd. in whose server the entire gamut of personal data is transmitted. The firmware from this Chinese technology company is installed in over 700 million active smartphone devices and the company also claims that its software is used in more than 70% devices across 200 and more countries. Their Firmware Over The Air (FOTA) systems are integrated into more than 400 mobile operators, semiconductor vendors and device manufacturers making smartphones, wearables, cars and televisions.
Sources are saying that it might be the Chinese government that is collecting all that data. Upon contacted by Kryptowire the firm seems to have sent out an update killing all the bits of firmware that were sending personal data to China.
It’s easier to do such shady things with cheaper smartphones. It’s another matter that most of the cheaper smartphones are Android smartphones. There is no accountability. People who buy cheaper smartphones aren’t particularly interested in data protection and other advanced features although, someone owning a cheaper smartphone doesn’t mean his or her privacy can be violated like this.