We recently warned you that some Android phones contain software that keeps track of the user's every move. Security firm Kryptowire says the software transmits all text messages, call logs, contact lists, location data and other information to a server in China.
The software was preinstalled on some inexpensive, unlocked smartphones without the user's knowledge of the surveillance technique. We now have more information on what went wrong.
It turns out that personal data is being collected by a third-party app from Shanghai Adups Technology Company in China called "Wireless Update." The data that is collected is then sent to a server in China every 72 hours. This backdoor app is designed to fetch firmware updates from the phone's manufacturer or service provider.
Adups says the data collected is intended to help Chinese phone makers monitor the behavior of its users and the code runs on 700 million phones, cars and other smart gadgets. Unfortunately, the software made it onto some smartphones in the U.S. by mistake. As of now, we know of around 120,000 affected phones made by U.S. phone manufacturer BLU Products.
Affected Phones in the U.S.
BLU Products leads the U.S. in sales of unlocked smartphones and some of its models were affected by Adups' surveillance software. Adups also lists ZTE and Huawei on its website as different phone makers to which it provides software. There have been no confirmed phone models from those companies as being affected as of yet.
Here is the list of BLU Products' affected phones:
- R1 HD
- Energy X Plus 2
- Studio Touch
- Advance 4.0 L2
- Neo XL
- Energy Diamond
These gadgets can be purchased at Best Buy, Amazon and other online retailers. They sell in the $60 range.
What you should do
BLU Products says that once it discovered data was being collected by the third-party app, a software update was released to eliminate the issue. If you have an affected phone, there is a way for you to check and see that you are running the updated software.
Here is what you should do if you have one of the phone models on the list of affected phones.
- Open Settings
- Tap Apps
- Tap the Menu icon located in the upper right-hand corner
- Tap Show System
- Tap Wireless Update - This is where you verify which Wireless Update your phone is running. If your phone is running 184.108.40.206.004 it is not affected. If it shows 5.0.x to 5.3.x you need to contact BLU Products immediately.
Here is a statement that BLU Products released addressing the security concern:
"BLU Products has identified and has quickly removed a recent security issue caused by a third-party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices.
"Our customer's privacy and security are of the utmost importance and priority.
"The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.
"If you have any concerns or questions in regards to your BLU Smartphone, feel free to contact us directly at bluproducts.com/service, call us at 1-877-602-8762, or email us at email@example.com."
We will stay on top of this story for any further developments. Keep checking in with our Happening Now section to see if there are more affected phone models added to the list.