When it comes to the security issues impacting Android, Adups has been a company in the news lately. Adups was found to be the firmware on Blu Phones, which ended up uploading the data to Chinese servers and it became a huge problem. We found out through Kryptowire that the firmware company based out of China was spying on many different things, including text messages and location information. Now, another security research firm has found the same Adups firmware installed on over 40 more Android phone manufacturers.
Adups Firmware Discovered on Millions of Android Devices
When it comes to the Adups situation, people thought for a long time that the only phones affected were the Blu R1 HD phones that were sold within the United States at retailers like Amazon. Blu ended up pulling the phones off the shelves and then created an update that would patch the security risks associated with Adups. Blu also said the company no longer deals with Adups and that no information was actually stolen or used in the Chinese server data breach.
Now though, Trustlook, which is a security research firm, said that the Adups firmware that was preinstalled on Blu devices has been found on multiple other Android phones by various manufacturers. To be exact, Trustlook said that over 700 million Android phones have Adups software preinstalled on the device, and the company is warning users that information could end up in the wrong hands. These Adups apps are preinstalled on the Android phones, so it is hard to tell it is there unless you are a security firm looking for this information. A lot of the companies that were found to use the Adups apps to provide firmware updates are those smaller companies that are based out of China. Even though most were China-based manufacturers, a few big names that are found within the United States also were found to use Adups apps. Those manufacturers include ZTE, Archos, and Lenovo. Trustlook also said the same thing Kryptowire said in terms of the preinstalled apps being responsible for taking data like call logs and texts.
Trustlook specifically said that there is a lot of different user information being collected by Adups, and also various specifications are being collected. Some specifications being collected include IMSI, MAC address, operator, version number, and IMEI. The Adups is also collecting call logs and text messages, and all of this is done in the background without the knowledge or consent of the Android user.
Overall Trustlook found that 43 manufacturers used the Adups apps for firmware updates, although the company did not say if any data is being collected and sent back to the Chinese servers like with what happened with the Blu Android phones. Blu seemed to have the right idea by patching the issues created by Adups and being done with the firmware company. It is likely that these other manufacturers, especially ZTE and Lenovo, will take that step and also deliver security updates in order to patch the risks associated with Adups apps. ZTE actually said something a while ago before this report broke, saying that devices within the United States have never had Adups apps installed on them.
Adups did respond to the initial report when the Android Blu situation hit. Adups said that it was a mistake to install the apps on the phones within the United States. The company also tried to say that their software was only meant to get rid of calls and texts and were junk, but not many people believe that. It is also questionable how the company could manage to preinstall the apps on Android phones and not realize that some of the phones would make it to the United States. Adups said that it was only meant for people in places like China, but how do you control where the Android phones go once they are manufactured?
So what does this all mean for you? Well, for one you should immediately always update your Android device once an update is available. This is because Android is open so it is more at risk for malware and spyware than iOS devices are. You cannot really do anything on your own to remove the Adups software since it is preinstalled, but Trustlook has a tool that allows you to see whether or not Adups is on your Android phone. The only thing you can do at this point is to wait for your phone manufacturer to issue an update or security patch, and then download that immediately to your device. It is not known yet if or when the companies now affected and being called out with Adups installed will issue security updates, but hopefully the companies follow in the footsteps of Blu and take care of this situation quickly.