Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Low-Cost Android Phones Come at a Price -- Your Privacy (cnet.com)

Posted by msmash on from the privacy-woes dept.

Cheap phones are coming at the price of your privacy, security analysts discovered. From a report: At $60, the BLU R1 HD is the top-selling phone on Amazon. Last November, researchers caught it secretly sending private data to China. Shanghai Adups Technology, the group behind the spying software on the BLU R1 HD, called it a mistake. But analysts at Kryptowire found the software provider is still making the same "mistake" on other phones. At the Black Hat security conference in Las Vegas on Wednesday, researchers from Kryptowire, a security firm, revealed that Adups' software is still sending a device's data to the company's server in Shanghai without alerting people. But now, it's being more secretive about it. "They replaced them with nicer versions," Ryan Johnson, a research engineer and co-founder at Kryptowire, said. "I have captured the network traffic of them using the Command and Control channel when they did it." An Adups spokeswoman said that it had resolved the issues in 2016 and that the issues "are not existing anymore." Kryptowire said it has observed the company sending data without telling users on at least three different phones.

5 of 89 comments (clear)

  1. Not surprising... by ctilsie242 · · Score: 3, Interesting

    There have been processes for behavioral tracking for years now. The trick is to root the device, yank the Chinese certificates out of your root CA store [1], add outgoing blocks on the iptables level to ensure that it doesn't phone home, add some ad blocking, and you will have a decent phone for a cheap price. Ideally, install an OS like LineageOS (if available.)

    [1]: It is interesting to see what both Apple and Android device makers stick in the root CA store. It is wise to reduce that number.

    1. Re:Not surprising... by 93+Escort+Wagon · · Score: 4, Funny

      There have been processes for behavioral tracking for years now. The trick is to root the device, yank the Chinese certificates out of your root CA store [1], add outgoing blocks on the iptables level to ensure that it doesn't phone home, add some ad blocking, and you will have a decent phone for a cheap price. Ideally, install an OS like LineageOS (if available.)

      It's so easy, anyone can do it!

      --
      #DeleteChrome
  2. They act like the 800 dollar phones... by Anonymous Coward · · Score: 3, Insightful

    Don't come with spyware.

    The real purchasing decision should be which phones allow rooting without blowing an efuse or disabled marketed functionality.

    If you can unlock the phone via usb and adb and maybe a password and it doesn't do anything funny, it is a good phone. Everything else should be treated as suspect.

    1. Re:They act like the 800 dollar phones... by hairyfeet · · Score: 3, Informative

      Then buy an Alcatel phone as they have built in rooting capability with no external software required. For those that want to know how this is how you do it and I've tested in on my own phone (Alcatel Flint) and it works and takes less than 2 minutes...

      Alcatel has its own "system updates" app. If you tap the three dots in the right hand corner and then hit "Help", then hit the "Auto -Check Intervals" button a bunch, it will unlock "Advanced Mode." Go back and tap the three dots again and it will be under "help." When you go into this advanced mode, it will ask you for a "tester password". The pass is fotaapp*#1221#.

      And that is it, in under 2 minutes you will have a rooted phone you can do with what you will.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  3. Re:Ha! by chipschap · · Score: 4, Insightful

    Free: you just got what you paid for.

    Unfortunately you can't necessarily trust non-free products either. Not even expensive ones.