MediaTek said it resolved the issue in November, but researchers at Kryptowire found out last week that the Blu Advance 5.0 still ships with a vulnerable version of the app. The phone, which is the third best-selling phone on Amazon, does not have a firmware update available to stop a potential exploit, Johnson said. It works through something called privilege escalation, which gives advanced permissions to certain apps far beyond what you would like it to have. Kryptowire has not found any cases yet in which the MTKLogger has been hijacked, but the vulnerability still exists.
Kryptowire originally t rex iphone case discovered Adups' spying nature last October, After it had been revealed, Adups removed its data tracking on devices like the Blu R1 HD and the Blu Life One X2, two phones that are popular on Amazon for their cheap prices, For those two devices, Adups stopped sending text message and call logs to China since, Johnson only found Adups' secret data funneling to China because it was the top-selling phone on Amazon -- but the issue remains prevalent on low-profile devices, he said, In May, he purchased a Blu Grand M from Best Buy, which goes for between $60 and $75..
Six months after Adups said it made a mistake with its data tracking, Johnson discovered that it was still happening on the Blu Grand M. In May, he found the phone was sending data to China containing a list of apps installed, the apps used, unique phone identifiers like the MAC address and IMEI, the phone number, and cell phone tower ID. It doesn't track your phone's GPS, but cell phone tower data is close enough to be admissible as evidence in murder trials and has raised massive debates on digital privacy.
"It can generally locate a person, presuming they're in an urban area," Johnson said, Adups' spying intensity varies based on the phone, but it comes preinstalled on up to 700 million devices, including cars and other connected t rex iphone case devices, Some of the more aggressive spying would send a person's browsing history and bookmarks, Johnson said he hasn't found the spyware on any phones that cost more than $300, as Adups is mostly installed on cheaper devices, It's not only on Blu devices, as Johnson in May found data exfiltration on the Cubot X16S as well..
The Chinese phone, which sells for between $90 and $110, was sending call logs, browser history and location data behind users' backs. Cubot did not respond to requests for comment. "It seems pretty widespread around lower-end phones," Johnson said. Johnson tested the Cubot X16S's software again on Monday, and found that Adups had quietly removed the backdoor app on the device -- shortly after CNET reached out to the company. It's still unclear what happens with the data once it's on servers in China. When Johnson contacted Adups, the company said it would just delete the data. Kryptowire was able to track the data to where it ended up, but not what was done with it.