{
	"id": "4532b0a9-41d7-429a-b404-280804eee05d",
	"created_at": "2026-04-06T00:09:36.472371Z",
	"updated_at": "2026-04-10T03:21:17.127537Z",
	"deleted_at": null,
	"sha1_hash": "87ae23dbb3e65db43e64968ddbc716f7e661e66a",
	"title": "Why Did Chinese Spyware Linger in U.S. Phones?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 388689,
	"plain_text": "Why Did Chinese Spyware Linger in U.S. Phones?\r\nBy Jeremy Kirk\r\nArchived: 2026-04-05 22:43:55 UTC\r\nData Privacy , Enterprise Mobility Management / BYOD , Governance \u0026 Risk Management\r\nCode Sent Call Logs, Texts and More to Shanghai (jeremy_kirk) • November 16, 2016    \r\nIn what's being chalked up as an apparent mistake, more than 120,000 Android phones sold in the U.S. were\r\nshipped with spying code that sent text messages, call logs and other sensitive data to a server in Shanghai.\r\nSee Also: ZTNA Buyer's Guide\r\nThe New York Times reported on Nov. 15 that Kryptowire, a mobile enterprise security company, discovered the\r\ncode on a lower-end smartphone made by BLU Products of Doral, Fla. The phones are sold at Best Buy and\r\nAmazon.com, among other retail outlets.\r\nKryptowire says the code, which it found on a BLU R1 HD devices, transmitted fine-grained location information\r\nand allowed for the remote installation of other apps. Text message and call logs were transmitted every 72 hours\r\nto the Shanghai server, and once a day for other personally identifiable data, the company says.\r\nIt turns out, however, that other security researchers noticed suspicious and faulty code on BLU devices as early\r\nas March 2015, and it has taken nearly that long to remove it from the company's devices.\r\nThe finding, in part, shows the risk that can come in opting for less expensive smartphones, whose manufacturers\r\nmay not diligently fix security vulnerabilities. It's also raising eyebrows because of the connection with China,\r\nhttp://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534\r\nPage 1 of 3\n\nwhich has frequently sparred with the U.S. over cyber espionage.\r\nBLU Products has now updated its phones to remove the spying code, which most likely would have never been\r\ndetected by regular users. The code never informed phone users that it was collecting that data, a behavior\r\nuniformly viewed by many as a serious security concern.\r\nThe developer of the code, Shanghai Adups Technology Co., has apologized, contending that the code was\r\nintended for another one of its clients who requested better blocking of junk text messages and marketing calls.\r\nVulnerabilities Reported\r\nBLU Products, founded in 2009, makes lower-end Android-powered smartphones that sell for as little as $50 on\r\nAmazon. Like many original equipment manufacturers, it uses software components from other developers.\r\nThe company uses a type of software from Adups that's nicknamed FOTA, short for firmware over-the-air. The\r\nsoftware manages the delivery of firmware updates over-the-air, the term used for transmission via a mobile\r\nnetwork. Firmware is low-level code deep in an operating system that often has high access privileges, so it's\r\ncritical that it's verified and contains no software vulnerabilities.\r\nLong before Kryptowire's announcement, Tim Strazzere, a mobile security researcher with RedNaga Security,\r\ncontacted BLU Products in March 2015 after he found two vulnerabilities that could be traced to Adup's code.\r\nThose vulnerabilities could have enabled someone to gain broad access to an Android device.\r\nStrazzere's colleague, Jon Sawyer, suggested on Twitter that the vulnerabilities might have not been there by\r\nmistake, but rather included as intentionally coded backdoors. He posted a tweet to The New York Times report,\r\nsarcastically writing, \"If only two people had called this company out for their backdoors several times over the\r\nlast few years.\"\r\nStrazzere's experience in trying to contact both vendors last year is typical of the frustrations frequently faced by\r\nsecurity researchers.\r\n\"I tried reaching out to Adups and never heard back,\" Strazzere tells Information Security Media Group. \"BLU\r\nsaid they had no security department when I emailed them.\"\r\nStrazzere says he also failed to reach MediaTek, a Taiwanese fabless semiconductor manufacturer whose chipsets\r\nthat powered BLU phones also contained Adups software. To their credit, both Google and Amazon appear to\r\nhave put pressure on device manufacturers to fix their devices when flaws are found, Strazzere says.\r\nFor Google, Android security issues - even if not in the core operating code - are a reputation threat, and for\r\nAmazon, a product quality issue. But devices sold outside of Amazon \"might not have ever seen fixes,\" he says.\r\nOfficials at BLU couldn't be immediately reached for comment.\r\nAttitude Change\r\nThe disinterest in the issues appears to have changed with The New York Times report, which lit a fire underneath\r\nAdups and BLU.\r\nhttp://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534\r\nPage 2 of 3\n\nAdups addressed the issue in a Nov. 16 news release, writing that some products made by BLU were updated in\r\nJune with a version of its FOTA that had actually been intended for other clients who had requested an ability to\r\nstop text spam.\r\nThat version flags messages \"containing certain language associated with junk texts and flags numbers associated\r\nwith junk calls and not in a user's contacts,\" the company says.\r\nManufacturers should be keeping close tabs on what software ends up on their devices. But it would appear that\r\nBLU only took action after Kryptowire notified it along with Google, Adups and Amazon.\r\n\"When BLU raised objections, Adups took immediate measures to disable that functionality on BLU phones,\"\r\nAdups says.\r\nThe greater worry is that these situations may sometimes not be simple mistakes. Security experts have long\r\nwarned of the ability of advanced adversaries to subvert hardware and software supply chains. Also, the software\r\nvulnerabilities pointed out in the FOTA software by Strazzere in 2015 could have been taken advantage of by\r\ncybercriminals looking to steal bank account details or execute other frauds.\r\nStrazzere advises that consumers should look at the pedigree of mobile manufacturers and take a close look at\r\ntheir security track record before making a decision on what device to buy.\r\n\"In the end, the consumer needs to vote with their wallet,\" he says.\r\nSource: http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534\r\nhttp://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534"
	],
	"report_names": [
		"did-chinese-spyware-linger-in-us-phones-a-9534"
	],
	"threat_actors": [],
	"ts_created_at": 1775434176,
	"ts_updated_at": 1775791277,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/87ae23dbb3e65db43e64968ddbc716f7e661e66a.pdf",
		"text": "https://archive.orkl.eu/87ae23dbb3e65db43e64968ddbc716f7e661e66a.txt",
		"img": "https://archive.orkl.eu/87ae23dbb3e65db43e64968ddbc716f7e661e66a.jpg"
	}
}