Certain low-cost Android phones in the U.S. equipped with a certain Firmware Over The Air (FOTA) update software system were found to be sending data to a server in China without the owners’ consent, according to The New York Times.
The discovery of the backdoor is credited to Kryptowire, a start-up based in Virginia that provides mobile application security analysis tools, anti-piracy technologies, mobile app marketplace security analytics, and Enterprise Mobility Management (EMM) solutions.
Kryptowire said the firmware that shipped with the mobile devices and subsequent updates “allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information.”
http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?smid=tw-share&_r=0