Researchers at Kryptowire recently discovered that some some disposable and prepaid Android phones house software that transmits sensitive user data, like text messages back to China. What makes this particular discovery unique is that the offending software isn’t a piece of third-party malware but rather ships with the phone itself. In addition to text message data, researchers found that the software also transmits user location data, contact lists, call logs and more.
As it stands now, it remains unclear how many existing phones are affected by what effectively amounts to spyware masquerading as firmware. The code itself was created by a Chinese company called Shanghai Adups Technology Company whose software is said to run on more than “700 million phones, cars and other smart devices” according to a report from The New York Times.