Its code runs on over 700 million Android phones, cars and other smart devices.
Kryptowire came across the issue after a researcher bought an inexpensive BLU R1 HD phone for an overseas trip.
During the phones setup process, the researcher noted unusual web connection activity.
It was obviously something that we were not aware of.
We moved very quickly to correct it, said Samuel Ohev-Zion, CEO of BLU Products.
The firmware allowed remote installation of applications without the users consent.
Also, it could identify specific users and text messages matching remotely defined keywords.
This is a private company that made a mistake, said Lily Lim, a lawyer representing Adups.
The software was reportedly created at the request of an unspecified Chinese manufacturer.
According to Adups the Chinese firm used the data for customer support.
Lim added that the software was intended to help the Chinese firm identify junk text messages and calls.
Adups was just there to provide functionality that the phone distributor asked for, she said.
Source:The New York Times
Read More
source: www.techworm.net
