Skip to main content
  1. Home
  2. Mobile
  3. News

How to keep yourself safe from Chinese spyware on budget Android phones

Kyle Wiggers
By

Mobile Malware
Image used with permission by copyright holder
The last thing you want your smartphone doing is sending your text messages, contacts, and location history to a server in China. But according to mobile security firm Kryptowire, a particularly nasty brand of Android software did just that, transmitting text, data, call, location, and app data to a Chinese server every 72 hours.

Researchers began to raise red flags last fall, when it was discovered the the data mining tool in question — called Adups — had been living inside hundreds of millions of devices produced by more than 40 manufacturers. Florida-based Blu Products was one of the affected parties, and assured at the time that the problem had been identified and every trace of the spyware had been removed from its phones.

Recommended Videos

Now, nearly 10 months since the initial report, Amazon has suspended the sale of several Blu devices from its Prime Exclusive lineup over re-emerging security concerns. Kryptowire appeared at July’s Black Hat security conference in Las Vegas to say the spyware still existed on some of Blu’s current phones, which led to Amazon’s decision the following week.

Related

The code, which comes preinstalled on certain Android devices, sends the data surreptitiously. “Even if you wanted to, you wouldn’t have known about it,” Kryptowire vice president of product Tom Karygiannis told The New York Times last year.

How to know if you’ve been affected, and what to do

An investigation conducted by mobile security researchers at Trustlook in December found that as many as 43 manufacturers, including brands like Lenovo and Gionee, contained similar spyware. According to the firm’s report, the software collects serial numbers, software version numbers, operator information, and texting and call data from infected phones; the company found traces in All Win Tech smartphones in Taiwan, Archos devices in France, DEXP phones in Russia, and Prestigio hardware in the Czech Republic.

Here’s a list of manufacturers with affected devices:

  • Aaron Electronics
  • Aeon Mobile
  • All Win Tech
  • Amoi Technology
  • Archos
  • AUX
  • Bird
  • BLU
  • Cellon
  • Coship Mobile
  • Cubot Mobile
  • DEWAV Communication
  • DEXP Digital Experience
  • Eastaeon Technology
  • Electronic Technology
  • Gionee
  • GOSO
  • Hisense
  • Hongyu
  • Huaqin
  • Huiye
  • Inventec Corporation
  • Konka Group
  • Lenovo
  • Logicom
  • Longcheer
  • Malata Mobile
  • Mediatek Helio
  • Prestigio
  • Ragentek
  • RDA Micro
  • Reallytek
  • RUIO
  • Sanmu
  • Sprocomm
  • Tinno
  • Uniscope
  • VSUN
  • Water World Technology
  • Wind Communication
  • WingTech
  • Yifang Digital
  • Zhuhai Quanzhi
  • ZTE

At this time, there’s no sure way to know if Adups is sending your personal information. However, some phone makers use Adups, rather than Google, to push over-the-air system updates, which is a clear indicator that the software is at least present on your device. The offending file, com.adups.fota, typically appears as “System Update” or “Wireless Update” within your phone’s list of apps in the settings menu. These are system apps, so they cannot be uninstalled — though they can be disabled. At the moment, disabling is the only known way to prevent Adups from running without rooting or installing custom firmware, which are riskier measures that will void your manufacturer’s warranty.

In November, Trustlook updated its Antivirus & Mobile Security app on the Google Play Store to check for Adups’ presence. The firm says it has updated the app continually to search for new Adups system programs linked to data collection as they’ve been discovered.

Specific phones known to include Adups more recently are the Blu Grand M and Cubot X16S. In addition to discovering the spyware in those two devices, Kryptowire’s Ryan Johnson told CNET he hasn’t found it in any handsets priced over $300. Additionally, only MediaTek chipsets have thus far been linked to the scheme. It would seem Adups is targeting low-cost hardware, predominantly from manufacturers that don’t sell phones in the U.S.

For those reasons, at this time we recommend staying away from budget smartphones powered by MediaTek processors built by any of the companies listed above.

Where it came from

The spyware is the product of Chinese firm Shanghai Adups Technology Company, and it targeted more than 700 million low-end Android devices. Adups said it worked with phone makers like Huawei and ZTE to develop the tool to monitor user behavior — ostensibly to identify junk text messages and calls.

But the software was never intended for American phones. An apparent bug caused more than 120,000 phones sold by Blu to become infected with the Adups tool. “Blu Products has identified and has quickly removed a recent security issue caused by a third-party application which has been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of Blu mobile devices,” a spokesperson for the company said in November.

In Blu’s case, the malware appears to have originated from a seemingly innocuous support app. Adups provides a utility that manufacturers use to perform remote firmware updates. “It was obviously something that we were not aware of,” Samuel Ohev-Zion, Blu’s chief executive, told The New York Times.

Blu claims Adups disregarded its request not to mine users’ data. “We have an email history with Adups saying we did not want that functionality on our devices, and they violated our request,” Ohev-Zion told PCMag. The company retained the services of Kryptowire to “keep tabs” on its software for a year, and partnered with chipmaker MediaTek to ensure its phones receive up-to-date, “clean” versions of Android.

Adups said that it had destroyed all information collected from Blu phones. “Today there is no Blu device that is collecting that information,” Ohev-Zion said last year. Now, Kryptowire is claiming that statement is false, while Blu maintains the situation has been dealt with. Meanwhile, an Adups spokeswoman told CNET all issues were resolved in 2016 and no longer exist.

It is not the first time Adups has raised the ire of an American tech company. Google, Android’s primary developer, instructed the Chinese firm to remove its surveillance tools from phones that shipped with the Google Play Store.

It is unclear precisely which devices are vulnerable. So far, the company has declined to publish a list of affected phones and said that there was not an easy way for customers to determine whether or not their devices contained Adups’ monitoring software. A representative for the company told The New York Times that it was incumbent on phone manufacturers, not Adups, to inform users that their personal information was being collected.

ZTE USA released a statement to press in November. “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not,” it said. “ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”

Update: Added newest information regarding Blu’s Amazon Prime Exclusive phones, in addition to an updated list of affected manufacturers and recommendations on how to spot the spyware and avoid buying a device that may contain it.

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Realme launches MagDart, a MagSafe-style wireless charger for its Android phones
Realme MagDart charging puck.

Apple is no longer the only company making a circular magnetic charging disc for use with its phones. Realme has launched MagDart, a wireless charging system which it says is the first magnetic wireless charger for Android phones. Just like Apple's system is only for iPhones, MagDart is only for Realme's own phones, rather than any Android device. It hasn’t stopped at the charging disc either, but has also announced a MagDart power bank, a case, a wallet, and even a selfie light that uses the system.

At the heart of MagDart is Realme’s SuperDart 50W wall charger and a 15W, 3.9mm thick wireless charging disc. By separating the two sections, Realme says it keeps the temperatures under control, which is further assisted by an active cooling system. This allows a faster charging speed, with a 4500mAh battery expected to go from zero to 100% in less than an hour. Wireless charging is usually considerably slower than its wired alternative, but MagDart seems to minimize the difference.

Read more
How to clear the cache on your Android phone
4 weeks with the samsung galaxy s21 ultra update front

There's nothing worse than your phone running slowly, apps crashing or freezing, or pages failing to load in your web browser. Did you realize that the problem could be caused by your phone's cache? The cache is made up of small pieces of information stored by your web browsers and apps in order to improve performance, and when cached files become overloaded or corrupted, performance issues are often the result. So, like those laggy web pages, crashing apps, or stuttering games. Don't worry -- there's a quick and easy way to clear your cache on Android, and we're about to show you how.

If this doesn't help the situation, you might want to try restarting your phone in safe mode to determine if it's a third-party app that's causing your performance issues. And if all else fails, performing a factory reset may be your best option. Although it will wipe all your data, so don't forget to backup everything first!
Clearing your browser cache on Android

Read more
How to share iPhone photos with Android devices
Photography feature image.

Photo sharing is a universal activity regardless of whether your mobile device follows the Apple or Android persuasion. But it sure doesn't feel that way much of the time. In fact, it can be a challenge to share a simple photo or photoshoot cross-platform -- complex, but not impossible. We show you how it's done in iOS 14.6.
Reconcile photo platforms
While JPEG and H.264 are widely viewed as universal photo and video formats, since iOS 11, Apple's newest operating systems have updated them with even more highly compressed HEIF (High-Efficiency Image File Format) and HEVC (High-Efficiency Video Coding). The newer Apple formats are not proprietary, but they are less popular, and some Android devices may have trouble translating them. You can rectify that by switching formats on your iPhone so that it records JPEG stills and H.264 video instead of the newer highly compressed formats.

Go to Settings > Camera > Formats and choose Most Compatible. The resulting images will be of equal quality, take up more space on your device, and be compatible with all Android devices. Then, go to Settings > Photos > Transfer to Mac or PC and tap Automatic to ensure photos and videos get sent using the JPEG and H.264 formats.
Sharing options
Now that the formats are compatible, you can now decide how to share them -- email, text message, or via apps like WhatsApp, Google Drive, Dropbox, Twitter, or any other app that allows attachments or lets you upload and download files and folders, or access links. Below are a few different ways to accomplish this.

Read more