ZTE and Huewei, both powerhouse Smartphone brands in China now claim that their devices in Australia do not contain the controversial Adups software which US security Company Kryptowire said was found on several Android smartphones in the USA.
Adups the software Company that polls devices every 72 and sends information found on Smartphones back to China has removed reference to ZTE and Huawei from their website after the software was discovered on Android devices in the USA.
Adups claims that they have over 700 million active users, a market share exceeding 70% across 200+ countries and regions.
Their biggest market is China where ZTE a Company part owned by the Chinese Government and Huawei are major smartphone brands.
Michael Brunton from ZTE Australia sent ChannelNews an email that said in part ‘ZTE has not released any phones to Australia with Adups software and any implication or statement otherwise is a complete fabrication’.
“We have closed this issue with our carrier partner”.
He added “We confirm that ZTE devices in Australia have never had the Adups software cited in recent news reports installed on them. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected”.
Kryptowire was founded in 2011 by the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security (DHS S&T).
They said in a statement now on their website that they identified “several models of Android mobile devices” that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users’ consent.
See statement here.
Kryptowire said that these devices were available through major US-based online retailers.
ChannelNews has now established that all of the handsets purchased were manufactured by Chinese smartphone Companies.
These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).
The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
According, to its website, Adups provides software to two of the largest mobile phone manufacturers in the world, ZTE and Huawei. Both are based in China and both sell into the Australian and US markets, all of Telstra house brand phones are made by ZTE.
In June 2016, some Blu Product, Inc devices that are sold in the USA applied a version of the Adups FOTA application that Adups now claims inadvertently included the functionality of flagging junk texts and calls that had been requested by other Adups clients, there was no mention tyhat the Company collected other data.
In a statement issued to Blu Products, Adups said that they intentionally designed the software to help Chinese phone manufacturers monitor user behaviour, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said.
“This is a private company that made a mistake,” said Lily Lim, a lawyer who represents Adups.
The ZTE statement relating to Australia was followed up by a statement from Huawei Australia, who claimed that they are not part owned by the Chinese Government and that their devices like the ZTE devices “do not contain Adups software”
During a face to face meeting with ChannelNews executives of Huawei said that they were currently “taking legal action” against Adups who three days ago were claiming on their website that their biggest customers were ZTE and Huewei.
Huawei claims that they “Have never been a customer of Adups”
One US observer said “One has to believe that ZTE and Huawei were customers of Adups, it was there for the world to see last week on their website. Now they have taken that reference down”.
They added” They also said that the software had been requested by Chinese phone manufacturers and the only two manufacturers referenced on the Adups web site were ZTE and Huawei”.
“Android Smartphones from these manufacturers were purchased or obtained by Kryptowire and were among the brands that Kryptowire tested before releasing their report to Homeland Security who hold Kryptowire in high regard and in part funded their operation initially”.
Sam Skontos, VP and Regional MD South-east Asia and Pacific for Alcatel Australia’s #3 mobile brand said that Alcatel and its parent company, TCL Mobile which is also a Chinese Company , has no relationship with Adups and has no such firmware on any of its devices. Further, Alcatel/TCT Mobile conducts their Firmware Over The Air (FOTA) updates through its own in-house servers, not through third party suppliers.
He added “It is a sad day when we are talking about spyware on devices and the fact that some global companies think it’s OK to take security and privacy away from consumers”.
“This is just another example of how some Chinese manufacturers enter markets, do not disclose this type of activity to anyone including industry stakeholders, show no regard whatsoever for consumer security and privacy laws, until of course they are caught out. Firmware updates may be issued but the damage has been done, and questions need to be asked about why this was on their handsets in the first place”.