A phone that is being subsidized for those deemed to be on low income is reportedly preinstalled with malware. These low-end Android devices are manufactured in China and are supplied by Virgin Mobile’s Assurance Wireless program.
The UMX U686CL is available for a price of $35 for those that qualify under the scheme. This program stemmed from the Lifeline Assistance program. This is a Federal Communications Commissions plan that helps millions of United States residents receive free or subsidized devices.
However, despite the well-intended efforts, Ars Technica reports that researchers at Malwarebytes found unwelcome additions to the phones. Primarily, robust malware was found in the devices. The software can install adware and other potentially harmful apps without users even knowing.
The researchers reported that a hidden library in the phone installs software dubbed Android/Trojan.HiddenAds when loaded into the phone’s memory. Effectively, the malware has the potential to install HiddenAds.
The malware is hidden in the settings app of the device, meaning that it’s practically impossible to uninstall. This is because the phone can’t run without the settings tool.
Additionally, the phone also arrives with a feature called Wireless Update. This is supposed to provide a tool for downloading and installing updates on the phone. However, it also installs a range of unapproved apps.
Malwarebytes researcher Nathan Collier shared that once these devices are set up, the phone automatically installs new apps without permission.
“From the moment you log into the mobile device, Wireless Update starts auto-installing apps,” Collier said, as reported by Ars Technic.
“To repeat: there is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own.”
This app is a spin-off from another app from a China-based firm called Adups. Researchers also found Adups on hundreds of thousands of BLU low-cost phones.
Time for a change
Despite these reports, Sprint, the owner of Virgin Mobile in the US, believes that that the apps installed on the UMX U686CL devices are not malicious. Nonetheless, there seems to be a trend of unwanted software being ridden on low-end devices.
There has been well-publicized tension between China and the US. Moreover, trade deals have been at the center of the hostility between the two countries. In addition, Huawei has been under fire by the US government over allegations of espionage.
Altogether, it may be time for the US government to find another source of supply for its mobile devices. Receivers of these products should not be at risk due to compromises made by the institutions behind them.
Have you had any experiences with these devices? Let us know what you think of these reports in the comment.