English

Adups Backdoor affected?

Hi everybody!

As my old Galaxy S2 has been working unexpectedly long, I finally got my own Fairphone 2 a few weeks ago and am pretty happy with it. Just one thing I want to change: it’s too much Google-related. But this is another story.

Recently I got an information of my employer that my phone is affected by “Adups Backdoor” and I should contact the manufacturer. As I didn’t get a response yet from Fairphone, I wanted to ask if anybody else heared this before? (Update Feb 13th 2017: They either don’t have any information on this)

First I had to find out what this actually means. A quick research on the internet scared me pretty much: my phone is secretly sending some really personal data to a server in Asia, without telling me anything. As it was said, this “thing” is pretty deep inside the OS and can’t be removed easily.

I’m not very experienced about software, OS and all that stuff, but I think with some good inputs I’ll be able (and really interested in) solving this issue.

Can anybody help me out?
Can I somehow block this data traffic, or at least find out what exactly it’s sending?
Does updating the OS, or change to Sailfish, Cyanogen etc. fix this?

Every input is much appreciated, thank you guys!

Stefan

You can easily write a Google-free version of that story! Check out:

and #software:alternative-oses (or this wiki for the full list of possible plots).

Did your employer do tests on your phone or is that a general assumption about android phones?

The first article I found states that about 100.000 smartphones from “BLU Products” in the US and 7 mio cheap chinese phones are infected.

Oh I haven’t seen this post about Fairphone Open OS yet. Thank you very much! I will for sure do it, but first I want to take care of my main issue. Maybe it also is a help to other users if we find a solution.

It is my private phone, so they never did any tests on it. He got a message of our provider saying there are some affected devices in our network. A short logfile attached saying it was sending data to “mayitek.com”, which is related to this backdoor issue. Via IP and Mac-adress he could identify my phone when it was connected to our wifi.

So you think maybe it was just a false alarm that my phone is affected?
To check this I now installed Netguard Firewall out of Google Playstore (ironic that I got it from there ^^) on my phone to track and block some internet activity. Let’s see what happens there. I found an info that an affected phone is sending data every 24 to 72h (http://community.flash3c.com/t/fp2-secretly-phoning-home-to-china-server/13708/6)
Sidenote: a few minutes after installing I already got some notifications about Google Apps wanting to connect to the internet in the background.

Not anymore. That really sounds like your FP is affected. :frowning:

I moved the topic to software and tagged it #security as that is where all security threats are discussed.

If this

is the article I am thinking of, where the backdoor was implemented deep into Android (so not in an app or something you catch as virus), then every Fairphone would be affected. Before panicking I am installing NetGuard from F-Droid.
Could some expert comment on this?

@Douwe could you please have a look here?

I found this tool online to test if the Chinese backdoor is installed. I checked myself the code (it’s safe), built the apk and run the app on my Fairphone2’s Android Open OS.

The result from the app is: no backdoor.

This doesn’t guarantee too much indeed, as the app just checks that no package named “com.adups.fota.sysoper” or “com.adups.fota” is present in the system, but looking on the web it seems those are the 2 recognized adup backdoors around.

Hey, @Teemu_Hukkanen looked into it and he says that the Fairphone is not affected by this.

3 Likes

Thank you so much for your effort guys!

I installed it, and it says my phone is clean as well.

This is good news!
My firewall didn’t detect any supsicious activity so far. I let it run a few more days to make sure, but in this case I think (or hope) it was just a false alarm. I’ll update in a few days if something new happened or not. Thank you again!

Thanks for looking into it. I searched the web (even used Guhgel) and there was no hint at all. I will run a search on the phone for “fota” files when I have access to it later-on, but I do not expect to find anything.
So thanks again, and sorry for the noise.

Hey guys!
It now has been more than a week since I installed the firewall on my phone to track internet traffic. I didn’t find any suspicious activities. According to the link I posted before it should have tried to contact the spy-servers at least 2 times, but it didn’t.
In the meantime I asked my employer for the log-file he received from our provider. The entry he got the information (about my infected phone) from couldn’t be me, as I wasn’t even at the office on that day. (I didn’t get a response on that comment so far).

So I’d say it was just a false alarm and this Adups-Backdoor-thing nothing to worry about for Fairphone-owners. Thank you again everybody who gave some inputs and helped me out with this!

2 Likes

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.