AnonD-418, 16 Nov 2016One of the many reasons not to trust Chinese smartphones at all...do you really still believe iPhones a North American? hahahahaha
My customer confidence has been lowered by this revelation by being breach of trust. As the identity of this third party application has been identified; not from any information shared by BLU yet in searching out other sources. So being as this is being called a software application by BLU yet BLU is responsible for vetting being this is a firmware application which cannot be uninstalled so is not a software application. I do not wish to be a customer of theirs any further because of this breach of customer trust whether intentional by design or not.
What my issue is, and paraphrasing recent forums, when flaws emerge in those devices; it's the halting-state problem because the flaw is a defect. When flaws emerge in devices, they can be exploited with malware that can run in a system that is designed to prevent its owner from knowing what it's doing. My phone is a supercomputer in my pocket that has a camera and a microphone to know who I am, what I am talking about, all the places I go, and knows who all my friends are.
And when spies, or when crooks, or when griefers, get into that protected mode, they're able to operate with impunity in a way that confounds all of our ideas about security. I think we're going to have terrible breaches, automated breaches, that are "targets of opportunity" breaches, where they just take a million people and grab footage from their nest cameras, analyze it programmatically, and dump it all onto the Internet for any intents and purposes. This is unnerving.
Anonymous, 16 Nov 2016Why don't US (Google, Apple and Microsoft) make cellphone by themselves in the USA, so no worr... moreIs about the software and any tails left for the placeholders to follow. The fact the hardware is made in China, India or Mars is irrelevant.
Martin, 16 Nov 2016This IS a concern if the information sent is personal - email & messaging content for exam... moreCheckout the press release from Kryptowire with some technical info on finding the offending app.
I have a Huawei Honor 5X phone and I checked it does not have the two systems apps (com.adups.xxx) associated with this privacy hack. Huawei uses Adups OTA software for Android updates.
I guess for those who do not mind exposing their personal lives to the world via Facbook posts, twitter texts and other social media software, this security breach seems to be just a nuisance. I happen to be on the other side of the privacy spectrum and I find this breach totally unacceptable. It is one thing Google tracks your browsing habits by default (can be turned off) but a wholly separate issue when a system app sends your SMS texts, contact list and GPS info to a server half world away without your consent, regularly. To me SMS texts are the most private info on a smartphone with unfiltered political views, personal habits, family chats and finance info. These texts exist only on the phones, not in the cloud. I do not use any chat software like Google Chats or WeChat since the texts are stored in online servers. SMS texts seems to be the last line of defense against prying eyes unless you lost the phone. Now we have this breach. Sigh.
Will I buy another Chinese Android phone with good value and decent spec like 5X, maybe. You can't avoid them unless you go with expensive Apple or Samsung phones. It is going to be tough going forward to select five phones for my family on a budget.
Why don't US (Google, Apple and Microsoft) make cellphone by themselves in the USA, so no worry and no complain.
This IS a concern if the information sent is personal - email & messaging content for example. I have just purchased a Xiaomi Mi Max. Does anyone know if this is affected and if it is, how the app can be disabled?
Lilian, 16 Nov 2016A chinese application sending data to chinese servers - that's more accurate. Note that all X... moreI use xiaomi too, and i dont have any serious issue if they are stealing my data as i am not running secret service but what i want to see is thise hypocrytic american's responses who blame chinese OEMs of stealing data....
All applications send/upload data to their servers.
Don't try to be innocent.
Fix would be 120K users won't be able to identify their data getting shared to specific Chinese server
ssbatman21, 16 Nov 2016So an american smartphone is sending user data to chinese servers.A chinese application sending data to chinese servers - that's more accurate.
Note that all Xiaomi Android applications do the same thing... People still use them...
ssbatman21, 16 Nov 2016So an american smartphone is sending user data to chinese servers.BLU basically rebrands Gionee phones. They don't design or manufacture their own phones and from the looks of it use recompiled Gionee software, too.