A firmware code created by a Chinese company called Adups has been found to be collecting vasts amount of user information and sending it to servers located in China according to US cyber-security firm Kryptowire.
Kryptowire says that the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones. The backdoor code was hidden in a built-in and unremovable app, which was the component responsible for the firmware-over-the-air update (FOTA) system.
It was reported in Bleeping Computer experts said Adups shipped the backdoor component to other phone vendors and the component eventually made it into over 700 million devices, most of which were low budget android phones. After it was found to be in so many different mobile devices, providers stopped selling phones that were vulnerable or likely to contain the component.
However, according to a recent investigation by Malwarebytes, "the new [com.adups.fota component] version was clean of wrongdoing."
Malwarebytes also says it found another Adups component doing bad things, this app is also unremovable but unlike the previous app, it only has the ability to install and/or update apps without a user's knowledge or consent, not collect data like the other app.