More data-stealing bloatware found on cheap Android phones

Android-malware

  • Apps pre-installed on phones sold in developing countries said to secretly collect user data.
  • The apps have reportedly collected IMEI numbers, MAC addresses, and location data.
  • The CEO of the company at the center of the report says his company hasn’t broken any data-collection laws.

Some cheap phones sold in developing countries contain pre-installed apps that secretly collect user data, according to The Wall Street Journal ^(https://www.wsj.com/articles/app-traps-how-cheap-smartphones-help-themselves-to-user-data-1530788404).

The main offender mentioned in the article is an app that sends data to a Taipei-based advertising company called GMobi. The company collects this data in order to target users with ads. The app was reportedly found on smartphones sold by Singapore-based OEM Singtech in Myanmar, Cambodia. The app was also spotted on devices sold in Brazil, India and China.

Upstream Systems, a mobile advertising and marketing firm cited by The Wall Street Journal, said that, in its testing, the GMobi app sent IMEI numbers, MAC addresses, and in some cases location data to servers in Singapore.

According to its website, GMobi serves over 100 OEMs and supports 2,000 Android devices with more than 150 million users. GMobi’s CEO Paul Wu told The Wall Street Journal that OEMs let GMobi install its app on phones so that it can send free software updates to users. He denied that his company violates any data collection laws.

GMobi lists dozens of smartphone makers as partners on its website, including Huawei, Xiaomi, and BLU. All three companies denied ever working with GMobi.

Editor’s Pick
^(https://www.appmarsh.com/best-indian-smartphone-brands-823988/)

related article

These are the 5 best Indian smartphone brands

Indian smartphone brands are losing ground to Chinese manufacturers in their home market — not a single one made the list of the five biggest players in Q3. Samsung is tied with Xiaomi for first …

China-based Adups and India-based MoMagic supply similar firmware update services. The CEO of MoMagic said to The Wall Street Journal that all data collection by his company is legal. He admitted that private data collection regulations in India and Bangladesh are weak. Adups was previously found to surreptitiously collect data from BLU devices ^(https://www.appmarsh.com/blu-phones-send-private-data-790470/) sold in the U.S.

How companies collect and use user data has been a big issue in recent months, ^(https://www.appmarsh.com/facebook-android-smartphone-data-collection-848843/) with Facebook’s practices investigated ^(https://www.appmarsh.com/ftc-facebook-federal-investigation-848961/) in the U.S., U.K. and the EU. Just earlier this week, controversy erupted around Google’s practice of giving some third-parties access to email content ^(https://www.appmarsh.com/gmail-snooping-882270/).

While users in the Western world, and the EU in particular ^(https://www.appmarsh.com/google-privacy-policy-update-864687/), enjoy a modicum of legal protection, people in developing countries are prime targets for data harvesters due to weak privacy protection in many of the countries.

Next up: Delete everything Google knows about you ^(https://www.appmarsh.com/delete-google-history-692726/)

from Android Authority https://ift.tt/2ugV2nV
via IFTTT ^(https://ifttt.com/?ref=da&site=appmarsh)

Author: Marshmallow

Marshmallow Android is BT Ireland’s Head of Sales for Republic of Ireland domestic multi-site companies, indigenous MNCs and public sector accounts. He is responsible for the direction and control of all sales activity in the region. He has over 10 years management experience from high growth start-ups to more established businesses. He’s led teams in Ireland, India and China across various industries (ICT, On-Line Recruitment, Corporate Training and International Education).

Leave a Reply