Security experts say they have discovered secret ‘backdoor’ software in some Android phones that sends users’ personal data to China.
Kryptowire, the security firm that discovered the vulnerability, confirmed this information on its website on Tuesday. The firm wrote that certain Android devices contain pre-installed software that collects and sends personal data, such as texts and geographical location, to an unauthorized third-party.
American authorities are unsure of the nature of the secret data mining, but two possible theories are that it could be for advertising purposes or to send intelligence information to the Chinese government, the New York Times reports.
The New York Times also noted that international customers and disposable and prepaid phone users represent the most vulnerable to the software breach. Shanghai Adups Technology Company, which wrote the software, confirmed that the code runs on over 700 million phones, cars and other smart devices.
Kryptowire stumbled upon the issue after a researcher bought an inexpensive BLU R1 HD phone for an overseas trip. During the phone’s setup process, the researcher noted “unusual network activity.” Over the course of a week, the phone was found to be transmitting text messages to a server registered to Adups located in Shanghai.
On its website, Kryptowire noted that the software and its behavior managed to bypass mobile anti-virus protection because it ships with the device and is not assumed to be malware. BLU Products said 120,000 of its phones were affected and it had updated the software to eliminate the feature, according to the New York Times.