— Updated with statements from ZTE and Huawei 11/18

We live in a day and age where mobile security is an important yet often overlooked issue and to emphasize that, today we just got word that some BLU smartphones (among others, all made by Chinese manufacturers) are shipped with Adups on board. Adups are basically software tools which are used to gather user data, obviously without the victim ever getting wise about it.

The aforementioned spyware is the brain child of Shanghai Adups Technology and it was allegedly found on Chinese made smartphones like the BLU R1 HD, together with others (the Energy X Plus 2, the Studio Touch, the Advance 4.0 L2, the Neo XL, and the Energy Diamond, ZTE and Huawei devices) available internationally, including in the United States via Best Buy and Amazon. The report about Adups arrived to us courtesy of Kryptowire, a security research company.

If the report proves to be one hundred percent true, it will make for a pretty damning accusation against Chinese tech companies, which made headlines in the past with regard to installing spyware on their devices. According to Kryptowire, the Adups software is capable of collecting basically all user data and send it back “home”, i.e. to 3rd party servers in mainland China, the likes of call logs, IMEI data, SMS logs/SMS content, IP addresses, contact names without notifying and/or requiring permission from the smartphone’s owner.

What’s even worse is the fact that this spyware is perfectly capable of remotely install new apps, having system level permissions on the respective device by default. The Chinese company behind the spyware bundle markets itself as a service supplier for software delivery for smartphones, wearables, connected cars and home monitoring equipment, claiming over 700 million active customers from all over the world.

As I am writing this article, we don’t have a full list of “plagued” smartphones/devices and also we don’t have confirmation from another security research firm other than Kryptowire. If  you want, you can check out your own droid for spyware as the APK files which are used by Adups are com.adups.fota and com.adups.fota.sysoper.

Source: Kryptowire

Update – ZTE and Huawei have both reached out with statements on the matter. Here’s what Huawei had to say…

Huawei takes our customers’ privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them.

and ZTE…

“We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not.  ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”