Phone News

Kryptowire, a security firm, recently identified several models of Android mobile devices that have preinstalled permanent software that serves as backdoor collecting sensitive personal data, including text messages, geolocations, contact lists, call logs, and transmits them to a server in Shanghai, China.

Without users' consent, the code can bypass Android's permission model. This could allow anyone interested in a mobile user's data -- from government officials to malicious hackers -- to execute remote commands with system privileges and even reprogram the devices.

The firmware was developed by Chinese company Shanghai ADUPS Technology Company. ADUPS confirmed the report with a bollox statement claiming that it was somehow to do with identifying junk texts.

Kryptowire's research reveals that the collected information was protected with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai. The data transmission occurred every 72 hours for text messages and call log information, and every 24 hours for other personally identifiable information.

ADUPS also explained that the "accustomed" firmware was 'accidentally' built into 120,000 mobile products of one American phone manufacturer, BLU Products. After BLU raised the issue, ADUPS explained that the software was not designed for American phones and deactivated the program on Blu phones.

The news has been widely reported in foreign media as ADUPS is among the largest FOTA (firmware over the air) providers in the world. The company provides a cloud platform for mobile device management to over 700 million active users in 200 countries, which is equivalent to 70% of the global market share as it works closely with the world largest cheap mobile phone manufacturers ZTE and Huawei, both of which are based in China. In 2015 alone, Huawei sold more than 100 million smartphones.

Chinese netizens have not been surprised by the news. Reports about spyware preinstalled in Chinese mobile brands have circulated for many years among mainland and overseas Chinese speaking-communities. In 2014, Hong Kong Android Magazine reported that Xiaomi's smartphones designed for overseas markets were automatically connecting to an IP in Beijing and that all documents, SMS and phone logs, and video files downloaded were being transmitted to a Beijing server.

In 2015, Germany-based security company G-Data also found out that at least 26 Android mobile brands had preinstalled spyware in their smartphones. The three biggest Chinese smartphone manufacturers, Xiaomi, Huawei and Lenovo were all listed.

China's newly passed Cybersecurity Law has provided legal ground for the smartphone's backdoor operation. The law requires "critical information infrastructure operators" to store users' "personal information and other important business data" in China.

In response to the news, many Chinese netizens are pointing out the abusive use of personal data and government surveillance has become the norm.

The UK's premium rate services regulator, PhonepayPlus , is changing its name to the Phone-paid Services Authority , and adopting a new statement of purpose:

The UK regulator for content, goods and services charged to a phone bill.

The name change will be implemented in autumn 2016.

Also PhonepayPlus' new 14th Code of Practice for premium rate services comes into force, providing increased transparency and fairness and streamlining of our investigations, adjudications and appeals procedures.

David Edmonds CBE, Chairman of PhonepayPlus, said:

As we introduce the latest edition of our Code of Practice, I'm pleased to announce PhonepayPlus' new name: the Phone-paid Services Authority.

We've worked closely with industry stakeholders, consumers and our staff on this project, listening to them on how we can explain our role clearly for consumers while reflecting and supporting competition, innovation and investment in the market that we regulate.

As the Phone-paid Services Authority, we will continue to put consumers and the industry at the heart of our work as UK's regulator for content, goods and services charged to a phone bill.

After blocking more than 400,000 websites for supposedly objectionable material, now Pakistan Telecommunication Authority (PTA) is considering to restrict porn sites on mobile handsets also.

Censors said that the authority has received complaints that porn sites are accessible on internet. Whether you access internet through personal computer or mobile phone the law is same; objectionable sites are banned in country, a censor said. He said authority has received complaints that adult content is accessible on almost all the major telecom networks:

We are investigating why it is available on mobile phones, but I think mobile service providers are using VPN.

According to sources in industry, telecom service providers are not blocking porn content due to business considerations. Browsing websites may only consume some megabytes but if you download or watch some movie the data consumption is in gigabytes, a source said.

According to experts, PTA will direct all the telecom operators to establish Internet Exchange Point (IXP) to facilitate the local internet traffic to remain local and block the supposedly objectionable sites.

The NSPCC has demanded that the makers of Pokemon GO introduce child safety features before the game is released in the UK. Peter Wanless, the chief executive of the children's campaign company, whinged:

Given Pokemon's already massive popularity with children, the NSPCC is concerned that basic safety standards appear to have been overlooked.

I urge you to urgently reassess your app and its security and safety features.

We all have a responsibility to ensure that children are protected and as creators of a game with substantive reach, you have a weighty responsibility to protect your young users.

The game lets players capture virtual cartoon animal-like creatures on their phones, as they wander around the real world.

There have been scare stories, though, of criminals using the game to lure players to remote locations and to rob them. In another instance, players following digital trails were directed to a sex shop.

The Chinese government is taking up new censorship measures to root out what it claims as undesirable content in mobile games.

Under the new set of procedures released by China's State Administration of Press, Publication, Radio, Film and Television (SAPPRFT), all mobile games released in China going forward must comply to an extensive set of rules and be submitted for review 20 days in advance of the game's release date. The country already has tight regulations on PC-based games and console games, so the new regulation extends that stronghold farther.

As for the numerous games already released in the Chinese market, they too are subject to the new guidelines, and the agency intends to retroactively approve these games with a submission deadline set for October 2016. If a game has not applied for approval by October 1st , it will be shut down.

Poised to take effect on July 1, 2016, the new restrictions are applicable to all downloadable or Internet-connected games on smartphones and other devices. But they are not necessarily limited to the gaming segment alone.

China has released a new set of oppressive rules that require all mobile app users as well as the App Store to have a real name registration and to maintain activity logs from users for a period of 60 days.

According to Reuters , the Cyberspace Administration of China (CAC) wants to get a full censorship grip on the rapidly expanding app market.

According to the South China Morning Post, the new rules cover information services through mobile Internet apps as well as app store services on the Chinese mainland.

Based on the new rules, users are required to register their real names with the app provider before they will be allowed a public alias or username.

The app provider then verifies all the information collected by mobile numbers or any other means. They are also required to regulate accounts or user profiles that violate the rules on the publishing anything that the state does not like.

A anonymous app operator commented to the South China Morning Post:

Many users like to comment on social and political news on live-streaming and news apps. Now they will need to think twice before making any comment that authorities could claim spurred public scares or rumors.

Messaging app WhatsApp has announced that it has added encryption for all voice calls and file transfers for all users.

It renders messages generally unreadable if they are intercepted, for example by criminals or law enforcement. No doubt if the security services throw all their computing might at a message then they may be able to decrypt it by brute force.

The Facebook-owned company said protecting private communication of its one billion users worldwide was one of its core beliefs . Whatsapp said:

The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us.

Users with the latest version of the app were notified about the change when sending messages on Tuesday. The setting is enabled by default.

Users should be aware that snoopers can still see a whole host of non-content data about the communication, such as who was using the app, who was being called, and for how long.

Amnesty International called the move a huge victory for free speech:

Whatsapp's roll out of the Signal Protocol, providing end to end encryption for its one billion users worldwide, is a major boost for people's ability to express themselves and communicate without fear.

This is a huge victory for privacy and free speech, especially for activists and journalists who depend on strong and trustworthy communications to carry out their work without putting their lives at greater risk.