Secret backdoor in U.S. Android phones sent location, text, contact data to China

“For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours,” Matt Apuzzo and Michael S. Schmidt report for The New York Times. “Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.”

“International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear,” Apuzzo and Schmidt report. “The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices.”

“Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. ‘Even if you wanted to, you wouldn’t have known about it,’ he said,” Apuzzo and Schmidt report. “Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. ‘People who have some technical skills could,’ Mr. Karygiannis, the Kryptowire vice president, said. ‘But the average consumer? No.'”

Read more in the full article here.

MacDailyNews Take: Android is “open.” As in: Bend over and open wide.

Anyone who values their security and privacy would be foolish to use any device that fails to sport the Apple logo [that includes, phones, tablets, smartwatches, Wi-Fi routers, etcetera].MacDailyNews, March 22, 2016

Google to pay $5.5 million for sneaking around Apple’s privacy settings to collect user data – August 31, 2016
Cybersecurity researchers: Fitness trackers vulnerable to tracking, privacy breaches – but not Apple Watch – February 2, 2016
EFF files complaint asking for federal investigation; says Google broke privacy pledge, tracked students – December 1, 2015
Tim Cook gets privacy and encryption: We shouldn’t surrender them to Google – June 4, 2015
Apple CEO Tim Cook champions privacy, blasts ‘so-called free services’ – June 3, 2015
How Google aims to delve deeper into users’ lives – May 29, 2015
Apple CEO Cook: Unlike some other companies, Apple won’t invade your right to privacy – March 2, 2015
Edward Snowden’s privacy tips: ‘Get rid of Dropbox,” avoid Facebook and Google – October 13, 2014
Apple CEO Tim Cook ups privacy to new level, takes direct swipe at Google – September 18, 2014
U.S. NSA watching, tracking phone users with Google Maps – January 28, 2014
U.S. NSA secretly infiltrated Yahoo, Google data centers worldwide, Snowden documents say – October 30, 2013
Google has already inserted some U.S. NSA code into Android – July 10, 2013
Court rules NSA doesn’t have to reveal its semi-secret relationship with Google – May 22, 2013
Google Street View cars grabbed locations of cellphones, computers – July 26, 2011
Consumer Watchdog calls for probe of Google’s inappropriate relationship with Obama administration – January 25, 2011
Wired: Google, CIA Invest in ‘future’ of Web monitoring – July 29, 2010
37 states join probe into Google’s questionable Wi-Fi data collection – July 22, 2010
Google Street View Wi-Fi data included passwords and email – June 18, 2010

[Thanks to MacDailyNews Readers “Fred Mertz” and “David Boycott” for the heads up.]


  1. What part of Android users are our (Gaggle’s) products don’t you understand? Ignoramus tech dolts.

    Institute an Android OS tariff now. Those cheap phones won’t be cheap $$$$ but they are cheap, just like their cheap users whose reward IP thieves. If you don’t like it? GTFO.

    Some people you just can’t reach.

  2. So every business that bought Android based phones must now spend 10-15 minutes of labor checking each phone to make sure this backdoor is not on it. If a company has 1,000 phones that’s 250 labor hours added to the cost of getting those phones. Every phone that has this backdoor must be replaced. That’s not a lot for this one instance, but it points to a bigger issue.

    If a company has information that is ITAR controlled and any of its phones has this backdoor, then this may be technically an export violation. Because it was not willful on the company’s part, a voluntary self disclosure that details what information was on those phones, was sent and/or received through those phones, and where the users took those phones will be a royal pain to compile and submit.

    Likely no actions will be taken against the company by the DoD or State other than a clear direction to immediately get rid of those phones, never get similar phones again, and implement a monitoring system that scans company phones for such backdoors. THAT is where the real cost starts to come in: all that investigation, reporting, and future monitoring.

    My opinion is that any company that uses Android phones for sensitive business (whether it’s a company that deals with things like ITAR controlled information or not) that does not use a custom version of Android they get *directly* from Alphabet/Google is asking for trouble at some point down the road.

    No phone is 100% safe (well, L-3 Communications, Communication Systems-East made a phone that was NSA certified with special encryption capabilities and that was as close to 100% safe as humanly possible) — not even the iPhone. But, on a scale of zero to 100, I’d put the iPhone up in the higher 90s, and I’d put the average Android based phone down in the mid 20s.

  3. According to media reports, Trump’s personal phone is some form of Android device. There are tweets from him originating on both iOS and Android devices, but he has never been seen with an iOS device.

    Do you want the ChiComms to have a mobile hotline to the White House? Trumpsters might want to tell The Donald to give Tim Cook a call.

  4. And China says they will stop buying iPhones if Trump were to impose tariffs duties on their exports. Guess their next move will be that all foreigners are not allow to bring into China smartphones that are not Andriods. That’s one way to force everyone entering China to buy only Andriod phones and they can then spy on everyone.

  5. That is pure evil.
    However, you have to keep in mind that this wasn’t installed by Google or any Android people; it was installed by a Chinese company. Remind us again where iPhones are manufactured.

    1. They already pulled that stunt on iPods. iPods had to be manufactured with FAT32 partitions because Windoze machines do not recognize Apple partitions. So the Chinese where putting viruses on iPod FAT32 partitions at the time of manufacture.

  6. Looks to me like a clear violation of US wiretap laws. And if a single user of phone was a government worker/agency, espionage laws should also apply.

    This should be referred to the DOJ for criminal prosecution.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.