Cheap Android phones are secretly sending text messages and other personal information to China

US security researchers have uncovered a backdoor in several low-cost smartphone models that is sending private data to a server in Shanghai

Security researchers have uncovered a worrying privacy breach in low-cost Chinese smartphones being sold in the US.
It appears these cheap Android handsets are sending users' personal information - including the contents of their messages - back to Shanghai.
These budget phones - often costing $50 or less - are being sold at major US retailers including Best Buy and Amazon.
According to researchers at Kryptowire , this is one of the most extensive privacy breaches ever found on a consumer gadget. As well as messages, the phones are sending back location data, contact lists, application usage, call history and unique identifiers such as the IMEI number.

ZTE Grand S Lite (Photo: Reuters)

When the researchers looked into it, they found that packets of data were being sent to a company called Shanghai Adups Technology (Adups) every 72 hours. Adups makes software for phones manufactured by Chinese companies ZTE and Huawei.
"Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users' consent or knowledge," states Kryptowire


"The collected information was encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai."
Unlike malicious software added by hackers, the researchers point out this backdoor was installed by the manufacturers before the phones were released.

And while ZTE and Huawei are both Chinese, the researchers found the evidence on a Florida-based BLU Products phone.
Samuel Ohev-Zion, the chief executive of BLU Products told the New York Times : “It was obviously something that we were not aware of. We moved very quickly to correct it.”
Understandably, those who discovered the flaw are worried about the dangers coming from phones produced quickly and cheaply in China.


"As smartphones are ubiquitous and, in many cases, a business necessity, our findings underscore the need for more transparency at every stage of the supply chain and increased consumer awareness," states Kryptowire.

Amazon has responded to the news by issuing a statement: "We recently learned of a security issue on select Blu phones, some of which are sold on Amazon.com.
"The manufacturer has confirmed they sent a software update to resolve the issue on impacted phones.
"Now that the issue has been resolved, we're working to make these phones available to Amazon.com customers again."
It's as yet unclear how far the backdoor software has spread. Although no UK phones were tested, BLU, ZTE, Huawei and a number of other Chinese manufacturers sell cheap phones here. If you own a BLU product, it's a good idea to update it to the latest software as soon as possible, which will remove the backdoor.