Good morning, ladies and gentlemen. Do you know where your data is right now? Maybe you should.
Security firm Kryptowire recently made a troubling discovery about a large number of prepaid ZTE and Huawei phones. Turns out, these devices contained an unwelcome addition – a security backdoor that sent its users data, including text messages, to servers in China every 72 hours. Yikes, right?
“Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages,” reads a piece in the New York Times. “The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.”
“International customers and users of disposable or prepaid phones are the people most affected by the software, but the scope is unclear,” the piece continues. “The Chinese company that wrote the software says its code runs on more than 700 million phones, cars, and other smart devices…the Adups software [transmits] the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users.”
The software, designed to help a Chinese phone manufacturer monitor user behavior, was not supposed to be distributed outside of China, according to a representative of Adups. A lawyer speaking for the company called the whole scenario a “mistake,” and says they have deleted the data they gathered. They are also unaffiliated with the Chinese government.
The whole snafu with Adups may have been an honest mistake, but it does raise several rather troubling questions in regards to mobile privacy. With all the data-bleeding free apps, obtrusive mobile advertisements, and preinstalled bloatware, are we really in control of our data anymore?
And if we aren’t, what does that mean for enterprise security?
Data mining apps don’t discriminate. They don’t know the difference between corporate secrets and juicy advertising data. What that means is that if you aren’t doing everything in your power to protect your data and separate work and personal use where mobility’s concerned, you may as well just hand your intellectual property to a third party.
The incident with Adups sounds scary – like a foreign government angling to steal our private information. Thing is, Adups isn’t doing anything advertisers aren’t doing already. The next time you use your smartphone or tablet, take a close look at the apps you use – and the permissions they require.
You may be unpleasantly surprised at what you find.