Slashdot Mirror
Chinese Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities (globalvoices.org)
Oiwan Lam, reporting for Global Voices: It has been widely reported that software and web applications made in China are often built with a "backdoor" feature, allowing the manufacturer or the government to monitor and collect data from the user's device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some light on the question.
Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication.
[...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.
Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication.
[...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.
...with practically any cheap Chinese crapdroid phone/tablet, as well as Android TV boxes, aimed at the western markets - pretty much all of them run customized (often half-assed) Android builds bundled with various sets of malware/spyware. This even goes for the somewhat larger brands that have an office presence on the European continent trying to profile themselves in the west with TV/magazine/sports advertisements, like f.e. Doogee and Oukitel.
Over the past 5-6 years I've purchased close to two dozen Chines phones/tablets (as development toys) in both the low and mid price tiers, and I've yet to find a single one that actually comes with a clean and honest Android build. Spending time on the various Android phone/tablet hacking forums on the Internet you'll find droves of new reports about this every month, and all popular Chinese brands are mentioned.