20+ Chinese Android Smartphones Models Come With Pre-Installed Malware

An anonymous reader writes: Security researchers from G DATA have published research (PDF) into Android phones produced in China, which found that a large number of devices ship with pre-installed malware and spyware. Affected models include the Xiaomi MI3, Huawei G510, Lenovo S860, Alps A24, Alps 809T, Alps H9001, Alps 2206, Alps PrimuxZeta, Alps N3, Alps ZP100, Alps 709, Alps GQ2002, Alps N9389, Android P8, ConCorde SmartPhone6500, DJC touchtalk, ITOUCH, NoName S806i, SESONN N9500, SESONN P8, Xido X1111, Star N9500, Star N8000 and IceFox Razor. The researchers do not believe the manufacturers are responsible for the malware; rather, they suspect middlemen within distribution channels. "According to G DATA, the contamination of these smartphones is done by hiding malware as add-on code in legitimate apps. Since users don't usually interact with the malware and the add-on runs in the app's background, unless using a mobile antivirus solution, these infections are rarely discovered."

A Lenovo with malware?!?

That's unpossible!!!1!

Google spyware

It's finally considered malware as I've been saying for years..

What a winning combnation on the front page...

[wardrich86]

Posted earlier today [Source]:

Cheap Smartphones Quietly Becoming Popular In the US
Bloomberg reports that ZTE and its cheap Android smartphones have been grabbing more and more of the market in the U.S. It's not that the phones are particularly good â" it's that they're "good enough" for the $60 price tag. The company has moved up to fourth among smartphone makers, behind Apple, Samsung and LG. That puts them ahead of a lot of companies making premium devices: HTC, Motorola, and BlackBerry, to name a few. ZTE, a Chinese manufacturer, seems to be better at playing the U.S. markets than competitors like Xiaomi and Huawei, and they're getting access to big carriers and big retailers. "Its phone sales are all the more surprising because it's been frozen out of the more lucrative telecom networking market since 2012. That year, the House Intelligence Committee issued a report warning that China's intelligence services could potentially use ZTE's equipment, and those of rival Huawei Technologies, for spying. Huawei then dismissed the allegations as 'little more than an exercise in China bashing.'" I wonder how long it will be before these ones are also found to be full of malware?

Re: What a winning combnation on the front page...

The ZTE which TFA focused on doesn't have malware , while some high priced name brand ones do, so I'm not seeing the irony here.

Re: What a winning combnation on the front page...

[tmjva]

The middlemen software adds to the price, so yes I actually do see the irony. (Unless you were sarcastic, then we are in agreement.)

Are we sure this isn't just another

"exercise in China bashing?"

So bascailly they include an app

[future+assassin]

that does the same stuff and takes your info like all the other free or paid for apps.

Re:So bascailly they include an app

+1000. Very few apps on Play do NOT qualify as malware.

Unlock the bootloaders

[Karmashock]

and then who cares...

Re:Unlock the bootloaders

Except Microsoft and Apple teamed up to make it illegal to sell unlocked bootloaders in California ...

Re:Unlock the bootloaders

[ColdWetDog]

The vast majority of cell phone users who don't know the difference between a bootloader and an Army boot.

Re:Unlock the bootloaders

[Karmashock]

And I care because?

Look... the average person isn't going to know the difference between a poisoned mushroom and an edible one.

Does that mean we can't eat mushrooms?

No.

It means first the public needs to suffer a certain amount to care about the problem... aka eat the poison mushroom and die.

And THEN they might ask someone "hey which of these mushrooms are toxic?"... and if that's too much work they can acquire their mushrooms from a reputable dealer that will perforce know the difference.

Everyone runs on this fucking idiotic notion of "well that's how things worked last year so they'll have to work that way in the future!"

First, the whole buying a cell phone through the cellphone company thing is going to go away.

I bought my cellphone from the manufacterer and then I bought a sim card from the cellphone company... and then I set it up using the company's internet chat service to get the phone registered.

Doing something like that is already quite common in Europe and Asia. Its not rocket science.

And the more it works that way the more the industry is going to make that more and more simple. I had to copy and key a lot of numbers from my phone into the carrier's website. That's dumb. I shouldn't have to do that. The simcard should contain all relevant authentications. It shouldn't care what my cellphone is or what its id numbers are... that shouldn't matter.

Re:Unlock the bootloaders

[Karmashock]

cite it please. I have never had a problem buying unlocked bootloader phones in california. Of "iphones"... that's a walled garden platform so if you're complaining about that cry me a fucking river.

But on the android and windows phones it isn't so much a problem. Honestly, in so far as I am concerned there is only one phone OS at this point. Its android or nothing. The others are a waste of time.

Is there a POTS that can do OTA?

[k6mfw]

or is something like that be ancient like IMTS that operated on VHF freq. </factious>

Malware here, spyware there, all I want is a phone but now I have to worry about this.

Re:Is there a POTS that can do OTA?

[omtinez]

I don't know if there's a POTS that does OTA, but there's plenty of ACRONS in your POST that IDK what they mean.

Re:Is there a POTS that can do OTA?

[RavenLrD20k]

IMTS in this case means Improved Mobile Telephone Service. It was a precursor to cellular service that ran on VHF and UHF bands. VHF (Very High Frequency) ran 30MHz to 300MHz. UHF(Some movie by Weird Al...er...no. I mean Ultra High Frequency) ran 300MHZ up to 3GHz.

Re:Is there a POTS that can do OTA?

Well done, those are the definitions of VHF and UHF, but I guarantee no phone service ever ran on the entire VHF or UHF band.

Re:Is there a POTS that can do OTA?

[snakeplissken]

Well done, those are the definitions of VHF and UHF, but I guarantee no phone service ever ran on the entire VHF or UHF band.

for what it's worth, from wikipedia:
"The Improved Mobile Telephone Service (IMTS) is a pre-cellular VHF/UHF radio system that links to the PSTN. IMTS was the radiotelephone equivalent of land dial phone service."

snake

Re:Is there a POTS that can do OTA?

[k6mfw]

I guarantee no phone service ever ran on the entire VHF or UHF band.

It didn't. There were specific frequencies allocated to IMTS mobile telephone service. These are in same 150-162 MHz 9and 450-470) band along with police, fire, business, etc. These channels used same bandwidth as a typical 2-way frequency (and 2-way radio has superior audio quality over cellphone). But the IMTS was full duplex (used both xmit and rec freq at same time) and there was not many frequencies available so only the stinking rich got phones in their cars (and many of them had to wait on a very long list to get subscription). See the old TV series Banachek (sp?) where George Peppard sports a car phone in his limo (motivated many techies to get their ham license and build their own car phone, usually a repeater that is phone patched). However doing full duplex with 1960s/70s electronics and industrial quality, these IMTS phones were big, heavy, and scary. Main radio is in trunk, control head was pretty good size as it had regular Model 500 handset and dial (I have one of these control heads, it has a real bell inside). Here we see a briefcase model, if you had one of these babies, then you were The Man. https://en.wikipedia.org/wiki/...

One thing certain there is no way to plant malware in one of these things.

Where are the phone sold that have malware?

[mlts]

The TFA was light on details, but where phones are sold makes a big difference.

In Asia and South America, there are a lot of small shops selling phones, and oftentimes, they add "value added" stuff like pirated apps and other items. Usually the lesser known makers wind up here.

In the US, the phones go either directly from the maker to the phone provider to be sold, or from the manufacturer to a store like Best Buy or S-Mart.

I would be surprised if malware (other than the usual vendor bloatware) was an issue in the US or Europe.

Re:Where are the phone sold that have malware?

[AmiMoJo]

I seem to recall phones in the US and Europe being pre-loaded with spyware too. Carrier IQ, Apple's location data collection back in the day...

Re:Where are the phone sold that have malware?

[ShanghaiBill]

I would be surprised if malware was an issue in the US or Europe.

This research was done by an American company. I doubt if they flew to South America to get their test samples.

Re:Where are the phone sold that have malware?

[ColdWetDog]

I would be surprised if malware was an issue in the US or Europe.

This research was done by an American company. I doubt if they flew to South America to get their test samples.

Reporter: "C'mon boss - send me to Rio. I really need to research the cell phone market. Really."
Boss: "You're going to Cleveland."

So do US phones

If you count the Carrier IQ crap that a lot of them install.

your speech borders treason

Of course it's China bashing. The government always need enemies to keep the populace in line.

"the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country."

Re:your speech borders treason

[fustakrakich]

Nice try, but that doesn't apply here. China is bashing us with defective, harmful products. We need to enforce better consumer protections.

Re:your speech borders treason

[Archangel+Michael]

We have great consumer protections on US made goods. Everything else imported not so much. China doesn't care if there is malware on phones, or poison in the pet food or anything else. The only fix for this is to hold the IMPORTERS and DISTRIBUTORS here in the US fully responsible, and put them out of business. The problem is, there is too much money involved in the politics of killing off corporations.

Re:your speech borders treason

[fustakrakich]

The problem is, there is too much money involved in the politics of killing off corporations.

That sounds more like your typical libertarian poutrage than any kind of truth. Nobody's trying to *kill off corporations*. We only want them to abide by the same rules the rest of us are under. The real problem is that we allow them too much authority over our governments.

Re:your speech borders treason

[Archangel+Michael]

Oh, but I am willing to kill off corporations. Since corporations are the creation of the state, and are sanctioned by said state, the state has every right to dissolve the corporation for gross violation of public trust, trust the corporation is entrusted with by the state upon creation.

We do allow them too much authority over government, which is why I oppose corporations (and unions) from contributing to political causes, either directly or indirectly. We call these subversions of public servants "lobbyists".

I am not your envisioned version of Libertarian. I believe that corporations can and should be killed off. It is the only way to hold them accountable for their actions.

Re:your speech borders treason

[fustakrakich]

Actually you are wagging the dog. The state is set up by the corporation to serve its interests. It takes a lot of money to put it all together, and politician who doesn't comply will lose all financial support, or worse. Napoleon's power didn't come from the wretched.

I oppose corporations (and unions) from contributing to political causes, either directly or indirectly.

You shouldn't. It's interfering. Just don't vote for people who take their money, and the problem is solved.

Re:your speech borders treason

[robi5]

It's not just about 'consumer' protection. China operates massive spy operations. The boatloads of Chinese phones that arrive to the US translates to a national security concern.

Re:your speech borders treason

[fustakrakich]

China operates massive spy operations.

Yeah, they probably do...

Silver Lining

[Tablizer]

We should thank them for saving our bandwidth costs by including them up front. Some of that malware is large, and you know you'd get infected anyhow.

Ban the phones

[AndyKron]

All phones from China should be banned.

Re:Ban the phones

LOL, there wouldn't be any phones at all. Some or all of a cellphones parts are from China.

Re:Ban the phones

[sims+2]

Then we go back to smoke signals?
I'm not sure that you can buy a phone that isn't at least partly from china.

Re:Ban the phones

ha ha no smartphone for you?

Re:Ban the phones

[ColdWetDog]

LOL, there wouldn't be any phones at all. Some or all of a cellphones parts are from China.

Perhaps he has a point.

Re:Ban the phones

[transporter_ii]

Oddly, I'm much more comfortable with Chinese spyware than the American spyware that is installed here. I have used two THL phones, and was mostly really happy with one of them, and one of them was a piece of junk. What does China care where my location is or that I read Slashdot?

Re:Ban the phones

[k6mfw]

This model highly unlikely to have malware, though highly unlikely to connect to any towers. It is only $80 with buy-it-now. "These phones both have Very low used air time minutes on there life time counters." http://www.ebay.com/itm/2-Old-...

Re: Ban the phones

iPhone as well?

Re: Ban the phones

[WindBourne]

China does not care about you. They care about the IP of the company that you work for; your SSN and credit info so that they can steal your ID and basically your credit; your SSN to get access to your medicaid, medicare, and ssi; and if you or your family or friends work in jobs that require clearances, they want that information. But you? Nope

Re:Gapps and other malware is for COWS

I'm sorry, but the princess is in another castle, bro.

so called researchers

[frovingslosh]

The researchers do not believe the manufacturers are responsible for the malware

Perhaps these "researchers" could get their act together and be more sure about their conclusion. If the "apps" in question are installed after manufacturing then they are easy to spot and can be uninstalled, and in such a case they likely (but not certainly) were added in the distribution channel. If, on the other hand, they are in the ROM itself then they can only be "disabled" and not uninstalled and it is extremely likely that the manufacturers put them there (most likely knowingly but there is a slim chance it was out of ignorance). Simply saying that they do not believe the manufacturers were not responsible with explaining why they say that is completely bogus.

Re:so called researchers

They are in the rom itself and require root in order to be uninstalled (they are installed as system apps). Even $150+ phones come with malware preinjected in official rom images.

Re:so called researchers

[frovingslosh]

That was my point. Rather than the "researchers" saying that they don't know if the manufacturers were responsible or not and suggesting that the malware could have been inserted after manufacture somewhere in the distribution channel, looking at the ROMs will tell you that the malware was in there at the manufacturing process (distributors are not going to be developing custom ROMs for every model phone when they could just install the malware, and if anyone want to claim that they did then they should be able to find a malware free version of the ROM). So the manufacturer is indeed responsible for the malware. They might claim that they didn't know some lame undesirable piece of bloatware was indeed malware when they wasted ROM space (and system RAM after booting) on it, but they are still responsible for putting it there.

You explanation was flawed. You don't uninstall malware/bloatware from the ROM even with ROOT privileges. You can normally only "uninstall" it by replacing the ROM image with another one (which does require root access). You can however disable an app that is included in the ROM from running or from getting updates. This will prevent the malware from acting and will prevent updates that further waste flash memory. And, of course, not letting the malware/bloatware run when the system boots should save system RAM. You don't need root privileges to do this.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:selemsepetim

turkish spam?

Propaganda bullshit.

[pigsycyberbully]

All nicely written in proper English, to give it authority but where's the proof? where are the samples? We have proof of HP ROM base spyware and we have proof of iPhones spyware. The dirty business is coming from the U.S. Is the U.S. spreading rumours using German, companies like G data. Only a couple weeks ago they the U.S. were accusing Kaspersky labs boss of being a ex-KGB agent. All the hackers come from China all the attacks on the U.S. come from China all the attacks all around the world on the Internet come from China. No they don't they come from the U.S. the NSA. This report is just bullshit it has no evidence no proof no samples. Propaganda bullshit. AND YOU ALL KNOW THIS. Not one of use are using a U.S. antivirus product I bet. Not one of use trust using a U.S. smart phone or even a landline. and all of you in the U.S. all know your Internet activities are being monitored by your own government..

One benefit of buying a name brand...

[FlyHelicopters]

One benefit of buying a name brand from a trusted source...

Buy an iPhone from an Apple store and your chances of having malware on it are more or less zero...

Buy a Samsung Galaxy from the Samsung store in the mall, likewise, almost no chance of a problem...

The thing is, major brands such as those have a reputation to care about. The cheap off brands don't.

Likewise, I feel comfortable buying a Microsoft Lumia from a known source, update it to the lastest version of Windows, make sure security software is installed, only install apps from the MS app store, you should generally be good to go.

There is value in trusted computing. I know a lot of people like to jailbreak, or side load apps, but there is a risk in doing so.

While my iPhone is locked down... it is worth noting... that it is locked down... I can generally use it with confidence. My desktop Windows PC? Less so, one has to be much more careful with that.

Now I know what some people say, "Apple is tracking you", or "MS is tracking you". Yea, but I don't care, neither company is out to steal my info or crash my computer or hold me hostage. Neither company is going to steal my CC info or hack my passwords. They can track me all they like, in return they give me a lot of free software and updates.

Re:One benefit of buying a name brand...

Buy an iPhone from an Apple store and your chances of having malware on it are more or less zero...

Buy a Samsung Galaxy from the Samsung store in the mall, likewise, almost no chance of a problem...

Well, except for CarrierIQ or whatever has replaced it.

Re:One benefit of buying a name brand...

Now I know what some people say, "Apple is tracking you", or "MS is tracking you". Yea, but I don't care, neither company is out to steal my info or crash my computer or hold me hostage. Neither company is going to steal my CC info or hack my passwords. They can track me all they like, in return they give me a lot of free software and updates.

Pretty naive my little friend.
Apple, MS, Google...= NSA whether you like it or not.
Even if the NSA doesn't get its sticky fingers up your anus, big corporation are not monolithic entities. Thousands of individuals have access to said data, thousands of potential compromises.
There are not infrequent illegal access of data by insiders (police, medical workers...)
Not to mention Ashley Madison type breaches.
I don't trust any repository of private data to be secure if I can help it.
Apple and company can keep their sticky fingers up their own anus.

Re:One benefit of buying a name brand...

Apple phones came with spy software, "carrier-iq"

Samsung phones had a back door that was discovered by the Replicant project.

Nearly every phone has a back-door in the form of the independent OS running on the baseband processor (it can be controlled via signals from the towers)-- on most recent phones, this second OS has access to everything on the phone.

So, nope. Unless folks start building phones with HARDWARE security features like the neo900 snooping on the baseband to see if it is up to evil. And, completely open software, you have no idea if you are powned or not, and you probably are.

Re:One benefit of buying a name brand...

[FlyHelicopters]

Apple, MS, Google...= NSA whether you like it or not.

And why does the NSA snooping bother you?

My only complaint is that they aren't being honest about it, frankly I think they should be, I doubt most people care.

I'm not afraid of them either.

I don't trust any repository of private data to be secure if I can help it.

Then you might as well unplug and move to the woods, pay cash for everything, don't use a bank account, don't have e-mail, and for sure don't connect to the web.

Because if you don't, then you're just kidding yourself.

Re:One benefit of buying a name brand...

[amiga3D]

This. There is no way to have privacy in the modern connected world. Anyone who thinks so is deluding themselves. A cell phone is a tracker by design. If you are doing anything you don't want someone to know about and you have a cell phone on you then you are at risk. Spend money with a debit card? Every purchase you make is tracked forever. We have to trust the government and corporations, we have no real choice. If it ever gets to the point we really can't then you can bet it'll take a bloody revolution to fix it because they'll have eyes on everything you do and hear everything you say. It'll make 1984 look like an optimistic prediction of the future.

Re:One benefit of buying a name brand...

The report says
"The malware that comes pre-installed on these devices is not even of acceptable quality, G DATA's staff considering that other attackers could easily take over the pre-installed malware and use it for their own purposes."

There is also the chance of a disgruntled employee in one of these big brand companies accessing your stuff.

And?

[jimbob6]

Sure. So I'm guessing this goes right along side all those American and Korean Android phone models that come with preinstalled malware. In fact I'm pretty sure the term "Android phone" intrinsically implies preinstalled malware and if not there's plenty of it you can install off the play store.

Thank goodness I'm not affected!

[gfxguy]

That's a huge relief - my smartphone is apparently perfectly safe, no malware or anything, nobody trying to track me. Thank goodness for America!

Re:Thank goodness I'm not affected!

[willworkforbeer]

That's a huge relief - my smartphone is apparently perfectly safe, no malware or anything, nobody trying to track me. Thank goodness for America!

Sure, your tin can is safe, but who knows where that string goes once it leaves your window?
Plus, no LTE.

Why am I not surprised?

[sethstorm]

Huawei G510, Lenovo S860

The former has government experience to do it in-house (especially with their targeting of Nortel), the latter has been caught on accident.

Android Value Proposition!

Android, anticipating your malware needs since 2007!

"Best Interest Of Customers" Not Exactly A Concern

[IonOtter]

This should come as no surprise. This is the land of sewer oil, melamine in baby formula and cyanide being stored next to high explosives. Granted, the government *is* working to try and improve things?

But seriously? When your populace believes it's an excellent idea to back up and finish off pedestrians when they hit them? It's going to be a very long time before anyone should trust you with anything at all.

Re:"Best Interest Of Customers" Not Exactly A Conc

Nice try, but that article is from nationalpost.com, it has about as much credibility as an article from The Onion.

Google / Spyware

[SJ]

So how does one tell the difference between Android, and spyware? As for all intents and purposes, they accomplish the same thing.

Re: "Best Interest Of Customers" Not Exactly A Con

[IonOtter]

Nice try, but it originated with Slate.

Re:Business as usual.

[robi5]

Why not cut out the middleman? Integrate vertically and add the malware in the factory.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Brand does not help much

[burbilog]

Buy a Samsung Galaxy from the Samsung store in the mall, likewise, almost no chance of a problem...

Buy Samsung and get uninstallable "Flipboard" application. You can't even disable it on non-rooted phones!

NoName S806i ?

[Smurf]

Affected models include the Xiaomi MI3, [...] ITOUCH, NoName S806i, SESONN N9500, [...]

Wait... there's a cellphone brand in China called NoName? And there's a phone called the ITOUCH?

This is all messed up...