Update: ZTE provided a statement to PYMNTS: “We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”
Its long been known that Android devices aren’t as secure as Apple’s iOS, but a new report revealed that some Android devices could get infiltrated with software that tracks a user’s behavior with their mobile device, including phone calls and text messages, and sends the data to China.
According to the report, the infections were discovered by security firm Kryptowire, which said it could be a potentially serious security risk. The report noted that China-based Shanghai Adups Technology developed the software, which is installed on an unknown amount of Android-based devices. The information stolen, which also includes contact lists, call logs and other sensitive personal information, is sent automatically to Adups every 72 hours, noted the report, citing Kryptowire. The software doesn’t stop there either. The report noted the software could be used to remotely install software on the infected devices without the owner even knowing it. In the report, Kryptowire said Adup’s software is running on 700 million devices around the world with most of its clients being small Chinese device markers. It also counts some large Chinese manufacturers, including ZTE, as customers.
Adups told Fortune the software was designed for a Chinese manufacturer that wanted all that information on devices to boost its level of customer support. The company said in a statement to The New York Times that it can’t disclose which manufacturer wanted the software. It also declined to say how many Android devices could be affected by the software. One company that was willing to comment was BLU Products, which sells devices in the U.S. via Amazon.com. About 120,000 BLU phones had the software installed on them.
“BLU Products has identified and has quickly removed a recent security issue caused by a third-party application which had been collecting unauthorized personal data in the form of text messages, call logs and contacts from customers using a limited number of BLU mobile devices,” BLU Products said in a statement, according to the report. “Our customer’s privacy and security are of the upmost (sic) importance and priority. The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.”