Adups Spy Software

plus_user · Post time 2016-11-18 23:32:57

Edited by plus_user at 2016-11-18 23:52

Hi,

i have a short question. Does UMI use the Adups software in the Firmware?

I've found a Folder called "com.adups.fota"

Path: Android/data/com.adups.fota

http://www.nytimes.com/2016/11/1 ... -security.html?_r=0
Here is the Link to the detailed report:
http://www.kryptowire.com/adups_security_analysis.html

Moreover, some transmitted the body of the user's text messages and call logs to a server in located in Shanghai. All of the data collection and transmission capabilities we identified were supported by two system applications that cannot be disabled by the end user. These system applications have the following package names:

com.adups.fota.sysoper
com.adups.fota

bencebacsi · Post time 2016-11-20 21:21:40

Dear Users,

Only versions between 5.0.x and 5.3.x of the AdupsFota.apk file are affected but UMi uses the 4.3.0.0 version on its Android 6.0 smartphones. Any UMi models are currently not in the list of the affected devices and not mentioned in researches. In our Android 7.0 final releases we will use the 5.4.x or later versions. If you are an Android 7.0 beta user (only UMi Plus at this moment), your phone is currently affected by this issue as a possible vulnerability (version 5.2.x is installed) but your personal data won't be shared with third parties. The AdupsFota.apk (Wireless update) app itself is needed to process OTA updates.
Once a UMi model will be reported as a vulnerable/infected device, we will take action to release an update as soon as possible.

Ru77 · Post time 2016-11-19 03:50:35

Edited by Ru77 at 2016-11-19 05:08 \n\n
Hope we receive a reply also, but doubt we will tbh.

From what the OP has said it certainly does look as if adups are baked into the firmware.

Luckily, it can be removed (see link below)

http://android.wonderhowto.com/h ... ne-disable-0175034/

plus_user · Post time 2016-11-19 03:04:18

I hope we get an answer!

xernobyl · Post time 2016-11-19 08:22:27

Ouch. This needs more visibility!

serrucho · Post time 2016-11-19 21:22:02

I'm very very angry!!!
I feel cheated.

plus_user · Post time 2016-11-19 23:26:43

I'll send my UMI Plus back. No informations or statement from UMI. This is really a bad support. Huawei immediately responded to the accusations.

I don't want that anyone makes money with my data. The Adups Software can tranfer complete SMS-messages, call-logs, logs locations and many more. But really disturbing is, that the Adups Software can use command injection.

A Full List is here:
http://www.kryptowire.com/adups_security_analysis.html

And after the update from 2016-11-17, the folder is still there!!! Do you really want to sell your products with this support in Europe?

Good luck

xernobyl · Post time 2016-11-21 04:12:36

I can't send it back now, but after my screen problem, and this I would to.

YaKillaCJ · Post time 2016-11-21 16:22:14

Hmm. So as of right now we are safe but only because Umi using an obsolete version of the app.
Either way, I froze both of them in Titanium Backup for now. Since my bootloader unlocked, using twrp and rooted, I can't use OTA anyways

Adups Spy Software

Adups Spy Software

Comments

Viewed forums

UMIDIGI Hero

Most Active UMIDIGIer

Warmest Heart UMIDIGIer

Best UMIDIGI Technician

Administrator

UMIDIGIer

Best UMIDIGI Contributor

Moderator

Best UMIDIGI Product Team Member

Die-Hard UMIDIGI Fans