Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities (globalvoices.org)

Posted by msmash on from the closer-look dept.

Oiwan Lam, reporting for Global Voices: It has been widely reported that software and web applications made in China are often built with a "backdoor" feature, allowing the manufacturer or the government to monitor and collect data from the user's device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some light on the question.

Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication.

[...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.

15 of 91 comments (clear)

  1. Re:Orwell that ends well by Anonymous Coward · · Score: 3, Insightful

    If China were the only one moving that way, it would possibly limit their economic growth. The problem is the entire WORLD seems to be moving that way, some at a faster rate than others. But it's not like I can honestly look at my United States and say we aren't doing the exact same thing, and whenever one of us plebes mention it in a public forum all that has to happen is somebody whines about how it's for our own protection and then it ceases to be an issue of importance.

  2. And that includes America. by Anonymous Coward · · Score: 2, Insightful

    Our phones spy on us. They send that data to everyone who is interested. It goes to google and apple, it goes to your carrier, it goes to whoever wrote any app at all that you installed on your phone, and it goes to the government. This is not paranoia. This has all been demonstrated.

    And dumbphones aren't off the hook. Your location data is sent back to your carrier at all times, and the government can remotely and covertly activate your mic and camera at any time to spy on you (presumably, with a warrant, of course).

    Your only way to prevent this is to remove the battery. So long as the phone has power, you must assume that it is spying on you.

    1. Re:And that includes America. by Anonymous Coward · · Score: 2, Insightful

      What Orwell failed to predict is that we'd buy the cameras ourselves, and that our biggest fear would be that nobody was watching. -- Keith Lowell Jensen

  3. This is the default situation... by carlhaagen · · Score: 5, Interesting

    ...with practically any cheap Chinese crapdroid phone/tablet, as well as Android TV boxes, aimed at the western markets - pretty much all of them run customized (often half-assed) Android builds bundled with various sets of malware/spyware. This even goes for the somewhat larger brands that have an office presence on the European continent trying to profile themselves in the west with TV/magazine/sports advertisements, like f.e. Doogee and Oukitel.

    Over the past 5-6 years I've purchased close to two dozen Chines phones/tablets (as development toys) in both the low and mid price tiers, and I've yet to find a single one that actually comes with a clean and honest Android build. Spending time on the various Android phone/tablet hacking forums on the Internet you'll find droves of new reports about this every month, and all popular Chinese brands are mentioned.

    1. Re:This is the default situation... by drinkypoo · · Score: 2

      Fixed that for you. Phone/tablet makers choose Android so they can lock down (to prevent competitors from cloning!) their product and install spyware. I don't see why "Chinese" needs thrown in except for clickbait.

      Because the American makers do not do this, nor do the Japanese ones. Carriers do, but the makers of the phones themselves don't. That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:This is the default situation... by schnell · · Score: 2

      I don't see why "Chinese" needs thrown in except for clickbait.

      Because the American makers do not do this, nor do the Japanese ones ... That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

      Uh-oh. You may want to check on the nationality of Motorola's ownership. Hint: not in Schaumburg, Illinois anymore.

      --
      "95% of all Slashdot .sig quotes are incorrect or completely fabricated." -Benjamin Franklin
    3. Re:This is the default situation... by drinkypoo · · Score: 2

      Because the American makers do not do this, nor do the Japanese ones ... That's why you can buy e.g. a Motorola phone and then unlock it with help from their website, and load AOSP if you like.

      Uh-oh. You may want to check on the nationality of Motorola's ownership. Hint: not in Schaumburg, Illinois anymore.

      Yeah, I remembered that just after hitting submit. However, I bought my Moto G before they sold out, and it's not running their software anyway. And AFAIK, you can still unlock the bootloader.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:Would the same be possible with Apple iOS? by carlhaagen · · Score: 3, Informative

    While the level of scrutiny and inspection procedures performed by Apple before publishing an iOS application is on a completely different level than that of Google and their Play Store, it's technically possible. But the case with these Chinese Android phones isn't really about this or that rogue app possibly showing up on the Play Store, but rather that they all come with a customized Android build prepared from start with a selection of malware/spyware. It's a complete ready-to-go, ready-to-spy package.

  5. Wasn't this expected? by EndlessNameless · · Score: 4, Interesting

    Baidu's voice input system... would activate... whenever the user opened any application... that allows the user to input text

    So, looking at the technical underpinning, it functions like the native keyboard app, which loads on demand for applications which support its input.

    I can't reach the article, so here is the real question: Is there evidence of nefarious activity, particularly the suspicious caching or transmission of data?

    Because a camera/mic activating on its own isn't necessarily doing much of anything. It certainly merits investigation, but the headline is not justified by the content of the summary.

    After all, if it's "not-so-secretly" doing bad things, there should be plentiful, clear evidence of bad things happening. If there are hours of audio/video being recorded or transmitted by some phone, why not mention that?

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  6. Black PVC tape by gweihir · · Score: 2

    The only way to deal with cameras that do not have a hard-wired activation light.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Black PVC tape by JaredOfEuropa · · Score: 2

      Maybe that's how they found out: the phone mentioned in TFA has an all-screen front, with the front facing camera sliding out of the top of the phone when needed. The thing popped up when people opened Telegram, for instance.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
  7. Re:Would the same be possible with Apple iOS? by Solandri · · Score: 4, Informative
    Both iOS and Android already give the device owner control over what functions an app is able to access. For example, Android notified me that an update to one of the games on my tablet was asking for access to the microphone and camera. I of course denied those permissions (the game seems to run just fine without them). Since my tablet is rooted, I also get control over which apps are allowed to use the network. So even with the few programs which need such access (like a photo-to-PDF converter), I'm confident it isn't transmitting info about me back to the app maker.

    There are two reasons for the problem.
    • Certain apps need such permissions. The voice input app mentioned in the summary requires access to the microphone to function. The maker of the app can then abuse that permission to use the microphone to record conversations and transmit them back to the mothership. This is even more insidious with voice recognition apps, which have to record conversations and transmit them back for the recognition stage anyway. At that point the difference between legitimate and illegitimate use becomes whether the company keeps the recordings on file, or deletes them after the recognition is completed (which is why I've long advocated that voice recognition be moved to the device itself now that processors are getting to the point where that's feasible). It's impossible for OS-level restrictions to prevent this type of abuse.
    • China has encouraged forking Android and developing its own version for use in the Chinese market. Ostensibly this is to reduce the amount of control foreign companies (namely Google) have over products used within China. Most people however suspect that it's done so the Chinese government can insert its own monitoring software directly within the OS itself. The kind of stuff the NSA only dreams it could do. The maker of an open-source OS has no control over what happens to forks.
  8. Support Purism products by TheDarkener · · Score: 2

    Purism products offer hardware kill-switches for camera, mic and multiple radios (bluetooth/wifi/...). They are vigilant in defending against shit like what is happening these days, likely not only in China.

    From Wikipedia ( https://en.wikipedia.org/wiki/... ):

    "Librem is a line of computers manufactured by Purism, SPC featuring free (libre) hardware and software.[1][2][3][4][5][6] The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel,[7][8][9][10] avoiding the Intel Active Management Technology,[11] and gradually freeing and securing firmware.[12][13] Librem laptops feature hardware kill switches[14][15][16] for the microphone, webcam, Bluetooth, & Wi-Fi, and can be purchased air gapped."

    If you support these companies the security and privacy bar for all manufacturers will raise.

    --
    It is pitch black. You are likely to be eaten by a grue.
  9. Not limited to China by OYAHHH · · Score: 4, Interesting

    Google,

    On it's Android platform is scanning every single url your phone is accessing and feeding those URLs into it's spider.

    How do I know? I am developing an Android app which has NEVER been released, thus the website URLs used are supposed to be 100% private. Google's spider has been scanning every single one of my private website urls as accessed by my private Android app.

    So, this crap is not limited to China.

    --
    Caution: Contents under pressure
  10. This is China by nospam007 · · Score: 3, Insightful

    It's not a backdoor, it's a frontdoor.