Security firm Kryptowire recently discovered pre-installed software in some Android phones that secretly sends all the user’s text messages to China every 72 hours, The New York Times reported.
Kryptowire, the security firm that discovered the clandestine feature, said the software was written by the China’s Shanghai Adups Technology Company. The software monitors where users go, whom they talk to and what they write in text messages, as well as transmitting the full contents of contact lists and other data.
It is unclear if this was done as an attempt to gain information for advertising purposes or a Chinese government effort to collect intelligence. Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages.
International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature.
However, it was apparently carried out by design and was not a bug, and offers a frightening example of how companies can manipulate technology to compromise privacy and monitor cellphone behavior, The Times reported.
It is not clear how users can determine whether their phones are vulnerable, as Adups has not published a list of affected phones.
Kryptowire, which says it discovered the problem through a combination of chance and curiosity, informed the U.S. government of its findings.
The Department of Homeland Security said it was recently made aware of the matter and “is working with our public and private sector partners to identify appropriate mitigation strategies.”