Adups
Adups firmware update component spied on users.
Firmware-Over-The-Air (FOTA) update software from Shanghai Adups Technology Co., pre-installed by various OEMs on millions of Android devices (including budget US models like BLU), covertly collected and transmitted extensive PII (texts, call logs, contacts, location, app usage) to servers in China without user consent. Adups claimed this was designed for Chinese manufacturers and mistakenly included on international devices.
- Date
- 2016-07-12 to 2016-11-16
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- dependency
- Impact
- Spyware
- Cause
- Vendor deliberate inclusion
What Was Affected
Package
Adups
ComponentFirmware
Artifact typehardware
Domain typeproject download host
Domain
Various Android OEMs
Compromised Versions
- Adups FOTA client versions ~5.0.x - 5.3.x on various Android devices (e.g., BLU R1 HD, others)
Incident Context
- Motive
- Data collection
- Attribution
- Commercial company
- Transitive
- No
- User Impact
- 700000000
- Observed Duration
- 127 days
Evidence
Compromised Artifacts
- adups.com/download/fota-client-5.0.1.apk
- files.adups.com/fota-client-5.3.0.apk
- pkg://android/com.adups.fota
- pkg://android/com.adups.fota.sysoper
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:beca89b7a9a52d39cc2c342e8886ce7asha256:c7ee90a0531637778796a53d6c259ac10f0375f150b13d995ac92064517a5a7b
External References
Source Data
Source record: proprietary/adups/meta.yaml