US-government issued phones run 'Chinese malware'

  • Published
Man with mobileImage source, Getty Images
Image caption,

Many budget phones come pre-installed with malware, according to the security company

Mobile phones offered to low-income families via a US government scheme come preloaded with Chinese malware, according to a security company.

Malwarebytes said it had received several complaints that pre-installed apps on the phone were malicious.

It had bought one to verify the claims and informed the company selling them, Assurance Wireless, of its findings but had not received a response, it said.

The Android-based phone - UMX U686CL - is made by a Chinese company.

Prompted investigations

BBC News has contacted Virgin Mobile - which owns Assurance Wireless - for comment but has not yet received a response.

One of the pre-installed apps, which looks and operates as a wireless update program, automatically installs more apps without user consent, according to Malwarebytes.

And it appears to be a variant of Adups, malware previously traced to China, which transmits text, call-location and app data to a Chinese server every 72 hours.

In 2016, researcher Ryan Johnson, of security company Kryptowire, found more than 700 million Android smartphones, including some in the US, had Adups installed. His report prompted investigations from Google and the Department of Homeland Security.

'Bad behaviour'

A second app containing malware, on the UMX U686CL phone, used code containing Chinese characters, Malwarebytes said.

And neither of the apps were removable.

"That there's a mobile device available for purchase through a US government-funded programme raises the bar on bad behaviour by app-development companies," said Malwarebytes security consultant Nathan Collier in a blogpost., external

"It's important to realise that UMX isn't alone.

"There are many reports of budget phones coming pre-installed with malware and these reports are increasing in number.

"Although I don't have the answer to this widespread issue, I can say that US citizens using the Lifeline Assistance Program and many others on a tight budget deserve more."

The lifeline programme has been offered to low-income Americans since 1985.

Typically, users pay about $10 (£8) a month for a 3G phone with between 500MB and 1GB of data.

The scheme is run by the Federal Communications Commission, which has not responded to requests from BBC News for comment.