ZTE, Lenovo, Archos dragged into BLU’s AdUps scandal [UPDATE]

JC Torres - Dec 19, 2016, 8:20pm CST
ZTE, Lenovo, Archos dragged into BLU’s AdUps scandal [UPDATE]

Warranted or not, Chinese companies have had the misfortune of being associated with shady business practices and espionage. That has recently come to a rather sour turn when that situation directly reached US shores via Florida-based mobile device maker BLU Products. It seems, however, that the extent of the AdUps spyware is more far-reaching than initially thought. According to a report from mobile security outfit Trustlook, AdUps’ list of customers also includes some rather known brands like ZTE, Lenovo, MediaTek, and even France-based Archos.

Several of the names listed by Trustlook might not sound familiar and are China-based companies. AdUps did admit that its software, which secretly transmitted private user data to a remote server in China, was developed at the behest of a still unnamed Chinese manufacturer. It wasn’t, however, supposed to go outside that company, especially not outside China. But the 43 mobile device makers might beg to disagree.

One could argue that the likes of ZTE and Lenovo might not be surprising, as both operate in China. Mobile chip maker MediaTek, however, is based in Taiwan. Archos’ base of operations, on the other hand, is in France but, like BLU Products, most likely sources its devices from Chinese white box companies and rebranded as their own.

AdUps software is utilized by Android device makers to check for and serve firmware updates for devices. At least that’s its publicly advertised function. Behind the scenes, it phones home with private data for the purposes of advertisement or market analysis. Or so AdUps said. The US government is reportedly investigating whether that activity was, in fact, government sanctioned.

Since the news broke out, BLU Products has acted swiftly to replace the piece of software with Google’s own official firmware updater. BLU is able to do so now that it is officially a certified Android device maker. Neither ZTE nor Lenovo have admitted to being involved in the matter, though it would be surprising considering how both have been undergoing Google’s certification process long before BLU.

UPDATE: A representative from ZTE USA reached out to us with this statement:

“We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”

SOURCE: Trustlook (1), (2), (Infographic)

Must Read Bits & Bytes