Close
Sections
Avast Blog Your Android could be sending messages to China

Your Android could be sending messages to China

Nikolaos Chrysaidos 18 Nov 2016

A pre-installed backdoor on more than 700 Android devices transmits data to a server in China every 72 hours.

A pre-installed backdoor on more than 700 Android devices was discovered by Kryptowire. The backdoor allows a Chinese company called Adups to transmit information like text messages, contact lists, and IMEI numbers without users’ knowledge or consent – every 72 hours.

App logo.png

What this backdoor does is to collect all the data that it wants into an archive named source.zip.

Analytics report Adups.png

The archive above includes data like the application list (DcApp.json), message list (dc_msg_key.json), the user call log list (DcTellMessage.json) and other information from users' devices.

It uploads the archive to the server: bigdata.adups.com/mobileupload.action.

Adsup server.png

Devices affected

The main devices affected in the US are phones from Blu Products, which are sold on Amazon and Best Buy. Other devices include some pre-paid and disposable phones, but the backdoor mainly affects Chinese Android owners. Adups admitted that this version of their software was not supposed to be shipped out on American devices, but to help phone manufacturers monitor Chinese user behavior.

Avast helps you find out if you are affected

The application that includes the backdoor is an app called Wireless Update, which checks for firmware updates. Blu Products has issued a statement saying the application has been self-updated and that information is no longer being transmitted to Adups.Wireless Update.png

However, other devices could still be transmitting information. While neither you nor Avast can remove or disable the backdoor, Avast Mobile Security detects if the backdoor is present. If Avast Mobile Security detects the backdoor, it is up to you if you want to continue using your phone or if you want to get in touch with your phone’s manufacturer, who can hopefully issue a patch.

This is a good example of how complex Android security is, because of its many layers and all the different players involved.

This backdoor is being detected by Avast as Android:SMForw-ZK [Trj] and Android:SpyAgent-YG [Trj]

Related articles

5 tips to fight mobile adware

Avast Threat Labs found that 72% of attacks on Android devices use adware, but you can protect your advice with these 5 tips.

10 Mar 2020 min read

9 tips everyone forgets to follow on their smartphone

Learn how to protect your privacy on your cell phone with these 9 easy tips.

1 Nov 2019 min read

Beware the adware, and more news of the week

Adware-laced apps were downloaded 440 million times before the carefully hidden malware was discovered.

7 Jun 2019 min read

Subscribe to our newsletter

Subscribe

Most popular

Video: Accept all cookies? A recipe for online privacy this holiday season

11 Dec 2023

How to use Discord’s ‘Family Center’ to help protect your child

24 Jul 2023

The hidden pitfalls of travel apps

13 Jul 2023

Avast researchers uncover disturbing crowdfunding scheme

28 Jun 2023

Your essential cybersecurity checklist for safe summer travel

14 Jun 2023
Logo Avast Footer

1988 - 2024 Copyright © Avast Software s.r.o. | Sitemap Privacy policy

--> -->