Kryptowire recently exposed Adups software preinstalled in thousands of phones by Adups. The spyware was collection (PII) personally identifiable information such as the app’s usage data, contents of your text messages, and call logs and sending them to a third party server. This was done without the users’ knowledge.The phones affected by Adups in US were the models manufactured by BLU Products. This company stated saying the problem had been fixed after an update by FOTA provider Adups. The company altered the applications responsible for the spyware so that they can no longer collect and gather any PII.After Kryptowire released more details concerning the report it made, there is a possibility that this fix may just be getting rid of the larger problem under the rug. According to Kryptowire, the spyware isn’t only limited to Adup-related packages. The exfiltration app logic can be transferred to any other package. It can also steal your PII assuming the application has the permissions to get the owner’s personal data.On the handset, the two apps causing the Adups issue can’t be disabled in any way by the users, unless they ‘root’ their handsets and delete them.FOTA provider Adups stated that they used the remote app (un)installation abilities to update com.adups.fota
application with one which doesn’t exfiltrate personal identifiable information. They could also use the remote uninstallation capabilities to get rid of the com.adups.fota.app
and alter a few parameters in the server to start efiltration again. This is the solution till they offer a firmware update which substitutes the com.adups.fota.package
Test your device for Adups’ spyware
How can your test your handset if it is affected? Normally, according to Kryptowire, you’d have to make sure your handset is rooted to locate the affected files and deactivated them. Fortunately, there is another workaround that is more convenient.Android Phones that can be affected by Adups’ Chinese Spyware
You only need to download an application called Debloater which is available on macOS and Windows.
Install the program.
Install Debloater and make sure ‘USB debugging’ on your handset is activated. Connect your smartphone to a computer that has an effective USB cable and hit Read Device packages which is found at the top-left side of the program’s window.The program reads all your phone’s packages and then list them alphabetically. Adups is at the topmost of the list. In case you happen to see the two packages, you handset is affected. If this is not the cause, you are good to go.
Disable the spyware
Select the Adups packages (com.adups.fota.sysoper
) by checking the box at the left side of their names.Tap ‘Apply’
and then let Debloater do the rest for you. If you hit ‘Read Device Packages
’, it should show that the two packages are blocked.