
Report: Chinese phone comes preloaded with spyware - chip
http://finance.yahoo.com/news/report-chinese-phone-comes-preloaded-spyware-153543708--finance.html
======
Holbein
Of course, if you buy an iPhone in Europe, and you want to use it any
significant manner, you're getting spied on by US agencies as well:

\- GPS: the wifi and celltower db queries that optimize the service are
transferred into a foreign country.

\- use Siri: uploads your whole address book to US servers before use

\- use iCloud tabs: every URL you visit it uploaded to Apple's US servers

\- turn on the only cloud backup solution available on the device, and all
your data, including every SMS, every call and all your most private notes and
photos are also transferred into the foreign country of the US, with a chance
of it being analyzed by certain agencies.

In other words, this might qualify as getting spied on as well.

~~~
johansch
\- use Safari: everything you type in the address field gets sent to a US
company.

~~~
bilbo0s
Same with Chrome.

------
CountSessine
I wouldn't try to minimize this issue - it's terrible that the Chinese are
trying to fit spyware into unbranded phones like this. Perhaps the bright side
here is that when the Chinese do try to commit electronic espionage, they're
pretty clumsy about it.

BUT...

Given the way smartphones everywhere are made - China and elsewhere - it's
impossible for even technical users to know that their phones aren't spying on
them. While most of the software running on your smartphone's application
processor is now open-source (if you're in the Android majority), the software
running on the baseband processor is 100% closed source and secret. We don't
know anything about the horrible agreements that have been made between shady
government agencies and the baseband manufacturers like Qualcom.

~~~
gress
False. The software running on your Android phone's application processor is
not open source.

A significant fraction of it is based on a closed source fork of AOSP. The
rest (both the Google Mobile Services layer, and the manufacturers
customizations) are all closed source and have never been open.

~~~
fpgeek
> False. The software running on your Android phone's application processor is
> not open source.

You're skipping over an important practical distinction: The precise software
running on the application processor may not be open source, but it is closely
related to usable software that is. Given that, it's possible to learn quite a
bit by comparing the behavior of the closed-source fork and the open-source
base.

Is that as good as "open source all the way down"? Of course not. But it is a
hell of a lot better than the "opaque binary blobs all the way down" offered
by most of the alternatives.

~~~
coldtea
> _Is that as good as "open source all the way down"? Of course not. But it is
> a hell of a lot better than the "opaque binary blobs all the way down"
> offered by most of the alternatives._

I fail to see how. It's not like a partial binary blob is better than a full
on binary blob. The opaque part might do anything too...

~~~
fpgeek
Well, consider the example of Carrier IQ.

The Carrier IQ software was installed on some Android phones, some iPhones and
some Blackberry devices:
[http://www.computerworld.com/s/article/print/9222319/AT_T_Sp...](http://www.computerworld.com/s/article/print/9222319/AT_T_Sprint_confirm_use_of_Carrier_IQ_software_on_handsets)

Where was Carrier IQ found first? Why?

~~~
coldtea
> _Where was Carrier IQ found first? Why?_

The link doesn't say. And if anything it was not because there was an open-
source part of the phone OS.

For one, on active, sold, phones, the device code is compiled anyway.

------
gbin
Am I the only one to find this article really thin ? Where is the disassembled
code ? To whom the public key that signed the software belongs too ? Which
server it sends the info to exactly ?

If you start to get as paranoid as the entire forum is at the moment accusing
blindly Apple, Google, Qualcomm etc. Why nobody asks for a simple piece of
evidence for _anything_ ? This could really be a cheap manipulation ...

Edit: grammar

------
bsder
Um, why is there a running assumption that this is the Chinese _government_?

A Chinese manufacturer has even _more_ incentive to steal information and sell
it given the razor thin margins on making these phones.

------
userbinator
More info here, this has been known for some time already:

[http://forum.xda-developers.com/showthread.php?p=53391745](http://forum.xda-
developers.com/showthread.php?p=53391745)

[http://forum.xda-developers.com/showthread.php?t=2395007](http://forum.xda-
developers.com/showthread.php?t=2395007)

Fortunately the solution is pretty simple, as these generic MTK devices are
all easy to root and reflash with new firmware.

------
vampirechicken
The entire american telecom infrastructure is rife with spyware. Why should
chinese telecom be any different?

------
mrbill
There's a ton of these generic MTK-processor-based phones available online; I
bought and played with a few a year or two ago. They range from "really
crappy" to "pretty nice", but in most all cases you're stuck with the version
of Android that they ship with, as there's no ongoing support, no upgrades
from the vendor, etc.

------
airencracken
To the surprise of no one.

------
etiam
How are we doing for FOSS cell phones again?

~~~
nnnnni
I think that there may be ONE option. RMS probably has it...

~~~
slashdotaccount
It really depends on how FLOSS you want to go?

On the software side of things the closest you can get is a phone running
OsmocomBB. That only runs on some dumphones and is not useful from a user
perspective, it is only for research. For smartphone software, the closest you
can get is a phone running Replicant. That still has all the embedded
proprietary software; baseband OS, bootloader, wifi/bluetooth/camera firmware
etc.

On the hardware side of things, we have no ASICs with libre designs. I think
there have been some cases with libre designs but none manufactured in large
quantities. There are myriad patents covering various hardware processes,
instruction sets, CPU stuff etc. See bunnie's talk about layers of openness
and the Novena laptop for more on this.

RMS uses other people's phones, he doesn't have one himself, mainly due to the
network side of things though.

~~~
nnnnni
Wow, I guess that there aren't really any "fully open" phones in that case.

For the truly paranoid (with or without reason), I guess that they would have
to go the RMS route -- or find a payphone that isn't within sight of a
security camera.

------
varkson
I'm currently using an offbrand Chinese Android phone, so this news has made
me very very nervous.

~~~
hucxsz
Why you think this is true?

~~~
varkson
Well, I just don't know. I don't have the same phone this but it's made me
wonder.

------
eevilspock
The NSA deliberately weakened crypto keys/code. How is that any different?

~~~
briandh
Even if it were the same, it would still be news.

~~~
eevilspock
Agreed. But my question is still valid (and not deserving of the down votes)
given that so many Americans do not react to their government's privacy and
anti-democratic intrusions with the same disdain they have toward China's.

------
lyinawake
Read this as "Chinese people come preloaded with spyware". Was disappointed
when my brain debugged it's sensory input.

