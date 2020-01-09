Loading...

An Android phone that has been subsidized by the U.S. government for low-income users comes preinstalled with malware that cannot be removed without the device no longer working, researchers reported on Thursday.

The UMX U686CL is provided by Virgin Mobile’s Assurance Wireless program. Assurance Wireless is an offshoot of the Lifeline Assistance program, a Federal Communications Commissions plan that provides free or state-subsidized phone services to millions of low-income families. The program is often referred to as the Obama Telephone because it was expanded in 2008 when President Barack Obama took office. The UMX U686CL runs on Android and is available for authorized users for $ 35.

Malwarebytes researchers said Thursday that the device comes with some nasty surprises.

The first is heavily veiled malware that can install adware and other unwanted apps without the user’s knowledge or permission. Android / Trojan.Dropper.Agent.UMX contains striking similarities to two other Trojans. On the one hand, identical text strings and almost identical code are used. On the other hand, it contains an encoded character string that contains a hidden library called com.android.google.bridge.Liblmp when decoding.

As soon as the library has been loaded into memory, it installs the software Malwarebytes, which calls Android / Trojan.HiddenAds. Ads are showing aggressively. Nathan Collier, a researcher at Malwarebytes, said users of the company reported that the hidden library installed a variant of HiddenAds, but the researchers were unable to reproduce this installation, possibly because the library was waiting for some time.

The malware that installs these programs is hidden in the phone’s Settings app. This makes uninstallation practically impossible since the phone will not work properly without it. “Uninstall the Settings app and you’ve just created an expensive paper weight,” Collier wrote.

The second unpleasant surprise that the UMX U686CL offers is called Wireless Update. While it provides a mechanism for downloading and installing phone updates, it also loads an abundance of unwanted apps without permission. The app is a variant of Adups, an app from a company based in China with the same name. In 2016, researchers caught Adups secretly collecting user data on hundreds of thousands of BLU low-cost phones.

“From the moment you log in to the mobile device, Wireless Update starts installing apps automatically,” said Collier. “To repeat it: no user consent has been collected and there are no buttons to accept the installations. Only apps themselves are installed.”

While all installed apps examined by Malwarebytes were clean and malware-free, the presence of a feature that installs apps automatically poses an unacceptable risk, especially since removing the feature prevents updates from being received for the phone. In the Collier release, Wireless Update was classified as malware, but Jérôme Segura, head of Malwarebytes’ threat database, told me that the classification was a PUP or a potentially unwanted program, as there is no evidence that the installed apps are malicious.

In any case, the two apps analyzed by Malwarebytes make the UMX U686CL a bad choice. The fact that it is made available to low-income users only makes the insult worse. Malwarebytes said it had informed Assurance Wireless of its results and asked why the phone sold had pre-installed malware. No one has answered yet. I asked representatives from Sprint, the owner of Virgin Mobile, to comment on this post, but I did not receive an immediate response.

It is not difficult to find online discussions like this. They complain about annoying advertisements and apps that are automatically installed on the device without user permission. A similar thread deals with ads that appear on the homescreen even when a browser is not running.

Over the years, pre-installed malware has been found on a number of inexpensive Android phones from various vendors and manufacturers. An incomplete list includes a back door for hundreds of thousands of BLU devices, a powerful back door and a rootkit for BLU devices, and undercover downloaders for 26 different phone models from different manufacturers.

It seems that the price people often pay for low-cost phones compromises security and privacy. Although many users may not be able to afford them, buying phones from established and well-known providers outside of China is probably the better choice.