When I spotted an article in Forbes by Thomas Brewster, I was immediately intrigued. The headline is U.S. Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware. It surely must strike anyone reading it as a giving with one hand and taking away with the other gesture. So, I had to check out what it was about.
As I live outside the USA, I was not aware that low income households in the States have been able to get cheap cell service and even free smartphones via the U.S. government-funded Lifeline Assistance program. And there is one provider of this service called Assurance Wireless that offers a free Android device along with free data, texts and minutes. It sounds good on the face of it.
But according to security researchers at Malware Bytes there is a significant drawback to the distribution of this largesse. The Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers the users’ private data. And, the researchers say that one of the types of malware is impossible to remove.
Malware Bytes informed Assurance Wireless about the issue. Assurance is a Virgin Mobile company, just as a matter of interest. So far Malware Bytes have not received a response from the service provider. So, users should be aware that their devices are vulnerable. Interestingly, after Forbes published the article a spokesperson for Sprint, which owns Virgin Mobile and Assurance Wireless, said: “We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause. However, after our initial testing we do not believe the applications described in the media are malware.”
The FCC, which runs Lifeline Assistance, confirmed to Forbes that the law requires “its fund not be used by partner carriers for spending on devices.”
As a result questions are being asked. Senator Ron Wyden asked the FCC why these phones are being distributed to low-income citizens: “It is outrageous that taxpayer money may be going to companies providing insecure, malware-ridden phones to low-income families. I’ll be asking the FCC to ensure Americans that depend on Lifeline Assistance aren’t paying the price with their privacy and security.”
According to the Forbes article, the affected device is a UMX phone shipped by Assurance Wireless, and one of the bits of malware is the creation of a Chinese entity known as Adups. It basically auto-installs apps and the user has no way of controlling that. Furthermore Adups tools have been caught siphoning off private data in the past. This included the full-body of text messages, contact lists and call histories with full telephone numbers.
All this begs the question that Thomas Brewster asks – is privacy only for the rich?