At least one smartphone offered at a discounted rate by the U.S. government has now been found to contain malware, putting the user’s privacy at risk. Phones like this are made available as a means to ensure low-income families have access to mobile phones. However, this is not the first time a budget phone has been declared a privacy risk by researchers.
The Lifeline Assistance program was set up by the U.S government to offer those in eligible households the opportunity to get a discounted cell phone and service. The program, also commonly referred to as the “Obama phones” program is designed to make sure everyone can stay in touch when they need to - a lifeline. Virgin Mobile’s Assurance Wireless carrier is one of the carriers that takes part in the program and one of its cheapest Lifeline Assistance phones is the $35 UMX U686CL. The same phone that security researchers have now found to contain multiple forms of malware that are likely to have originated in China.
In a recent announcement, Malwarebytes confirmed that after it had received multiple complaints from users, it tested the device and found two different types of malware present. The first malware was found to be contained within the “Wireless Update” app which is the app used to update the phone’s operating system. Besides its core purpose, the app was not only found to be capable of auto-installing apps without the user’s consent or knowledge, but was actually installing apps without informing the user. The second app was the phone’s main “Settings” app. While this one was not found to be doing anything untoward at the time, the researchers likened it to a “dropper.” In other words, the app has the potential to act as a doorway for malware to be added - or dropped - into the operating system at a later time. Considering these are the apps to update the phone and access the settings, neither are technically removable without greatly impacting on the phone’s usability and performance. In spite of the issues that might arise from uninstalling the updater, the researchers still advised this is the lesser of two evils.
Malware Targeting Cheaper Phones Is Not New
Considering this smartphone is part of a government-funded program to help financially struggling customers, and the fact this is the cheapest phone available through Assurance Wireless under the program, it is likely to be a popular phone. However, as Malwarebytes points out, this is unlikely to be the only phone which is affected in this way. It is simply the only phone they have tested under the program so far.
To be clear, this is not an issue that just affects phones in a program like this. Smartphones aimed at price-conscious customers have routinely come under fire for their approach to privacy. One of the most notable cases of this in recent years was BLU. This company was once a top-selling smartphone brand in the U.S. thanks to its low prices, but following results of a similar investigation, some of its phones were found to be sending user’s personal data to China. In 2018, BLU settled a case with the Federal Trade Commission (FTC) which subjects the company to security checks for the next twenty years. The case was an example of how seriously consumers and the FTC take privacy issues like this.
More: Is TikTok Secretly Sending Your Private Data to China?
Source: Malwarebytes