Published in News

Chinese handset maker flogs phone with backdoor

by on18 December 2014

google android logo apple

Beware of Android it kills kittens

In a move to spice up the security of Apple phones, the Tame Apple Press is running a story about an evil Android phone which apparently ships with a backdoor.

According to the yarn, the popular evil phone allows the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent.

This would never happen with the iOS which is so secure you can place your naked pics on the icloud and have them distributed by a friendly 4Chan hacker in minutes. What is interesting about the story is that it is being used to bludgeon Android rather than a nasty Chinese phone maker.

At the moment the Coolpad is only available in China and Taiwan and chances are that if it shipped outside that market with that backdoor in it, every regulator in the world would be after a piece of it.

Ryan Olson, intelligence director at Palo Alto, said the CoolPad has made some modifications to the Android code to keep the backdoor hidden from users and security software that could be installed on the phone. Coolpad has disabled the long-press system that allows a user to find out what application generated an pop-up advertisement or notification.

With the changes built so deep into the operating system, it can do lots of things, not just display pop-ups. They can install anything they want without user consent, and push data onto the phone, he said.

Coolpad is the third largest smartphone builder in China, and ranks sixth worldwide with 3.7 percent global market share. It trails only Lenovo and Xiaomi in China and is the leader of China’s 4G market with 16 percent market share.

Coolpad outsells Samsung and Apple in China, and has said it plans to expand globally with a goal of 60 million phones worldwide. For now, its high-end Halo Dazen phones are the only ones containing the backdoor, Palo Alto said.

What appears to have worried everyone is that Coolpad are planning to distribute in the United States, Europe and Southeast Asia, the disclosure of CoolReaper.

A technology publication in China quoting Coolpad public relations said the backdoor is used only for internal testing. However in the next upgrade from version 2.x to 3.0, the backdoor’s APK name was merely changed from CP_DMP.apk to GoogleGmsFramework.apk to hide it from users who had already found it.

 

 

Last modified on 18 December 2014
Rate this item
(0 votes)