Malware Found Preinstalled On Some Alcatel Smartphones (zdnet.com) 35
An anonymous reader quotes a report from ZDNet: A weather app that comes preinstalled on Alcatel smartphones contained malware that surreptitiously subscribed device owners to premium phone numbers behind their backs. The app, named "Weather Forecast-World Weather Accurate Radar," was developed by TCL Corporation, a Chinese electronics company that among other things owns the Alcatel, BlackBerry, and Palm brands. The app is one of the default apps that TCL installs on Alcatel smartphones, but it was also made available on the Play Store for all Android users --where it had been downloaded and installed more than ten million times. But at one point last year, both the app included on some Alcatel devices and the one that was available on the Play Store were compromised with malware. How the malware was added to the app is unclear. TCL has not responded to phone calls requesting comment made by ZDNet this week. The app reportedly harvested users' data and sent it to China. It collected geographic locations, email addresses, and IMEI codes, which it sent back to TCL.
Upstream, a UK-based mobile security firm, also found that "the malicious code hidden inside the app would also attempt to subscribe users to premium phone numbers that incurred large charges on users' phone bills," reports ZDNet. "All in all, the company says it detected and blocked over 27 million transaction attempts across seven markets, which would have created losses of around $1.5 million to phone owners if they hadn't been blocked."
Upstream notes that most of the behavior they've seen originated only from two types of smartphones: Pixi 4 and A3 Max models.
Upstream, a UK-based mobile security firm, also found that "the malicious code hidden inside the app would also attempt to subscribe users to premium phone numbers that incurred large charges on users' phone bills," reports ZDNet. "All in all, the company says it detected and blocked over 27 million transaction attempts across seven markets, which would have created losses of around $1.5 million to phone owners if they hadn't been blocked."
Upstream notes that most of the behavior they've seen originated only from two types of smartphones: Pixi 4 and A3 Max models.
Re: (Score:2)
American Network Solutions phones (which are ironically made in China) are also pretty malware laden from the factory as well.
Unfortunately you just can't trust tech from China (Score:4, Insightful)
- The government is authoritarian enough that it will meddle.
- There are no consumer protections for this kind of stuff in China
- You have no recourse if a Chinese company steals your data
Whereas in the west we have consumer protections for it, and a judicial system for recourse. That said, western governments can meddle too, however it's much harder for them to keep it secret.
Re: (Score:3)
For the same reasons as above, I'm much more afraid of China doing it, because they can use the information for any purpose. And they do.
Here in the USA, the government can only do certain, narrowly defined things. And when it comes to my data, it is really hard for them to use it in a way that harms me. They can't give it out, and they can't use it against me without a bunch of processes where I have substantial rights.
In China you don't even have the right to a lawyer, or to see evidence against you. Ther
Re: (Score:2)
As an individual, there's little that China can do to me - I've been to China once and I'm not inclined to repeat that. But as a corporate user, a Chinese company having access to all of my work-related emails and access to any work-related files on my device could have a significant impact on my employer's ability to remain competitive (production is much cheaper than R&D), which would impact their ability to pay me.
British companies used to be warned not to discuss work on Air France flights because
Re: (Score:2)
Re: (Score:1)
Or Korea I guess. I was prompted to download the same software for my Samsung S8 Active. It brought up so many advertisements that I quickly deleted it.
"owned" brands - Blackberry (Score:1)
Haiku (Score:1)
Dupe... (Score:2, Informative)
Popular App Weather Forecast Collects Too Much User Data and is Attempting To Subscribe Some Users To Paid Services Without Permission [slashdot.org]