By Gillian Wong
HONG KONG--Silicon Valley online security firm Palo Alto
Networks Inc. said some mobile phones made by Chinese smartphone
maker Coolpad Group Ltd. contain software that allows the handset
vendor to install applications onto users' phones without their
knowledge, raising privacy and security concerns.
Palo Alto Networks released a research paper Wednesday detailing
the "backdoor" software that allows for this access, which it
called CoolReaper.
The firm's researchers analyzed Coolpad's Android-based phones
and found that 24 models carried CoolReaper, which also enables
Coolpad pop-up notifications with advertisements that their users
couldn't get rid of. The problem is limited to users in China and
Taiwan, Palo Alto Networks said.
Coolpad acknowledged that some of its phones were downloading
applications onto the devices whenever they were connected to
wireless Internet networks, but said the function worked only when
users activated an option in the phones' main settings to enable
the automatic downloads. It said the function was designed to
improve user experience by making it more convenient for those
users who wanted such automatic updates or downloads. The company
said that it received notice about Palo Alto Networks' analysis
from Google Inc. and that it has taken steps to issue a software
upgrade to address other Android compatibility issues raised by
Google. Google declined to comment.
The report raises fresh concerns about data privacy with some
Chinese smartphones at a time when the U.S. and China have
exchanged accusations over cyberspying. Hong Kong-listed Coolpad is
among the leading smartphone vendors in China, the world's biggest
smartphone market. In the third quarter, it ranked fifth in terms
of shipments in China, with an 8.4% share of the market, according
to research firm IDC. Coolpad has sought to expand sales overseas,
focusing on Southeast Asia, Europe and the U.S.
Last month, Apple blocked apps downloaded from a Chinese app
store carrying software that could steal data from iPhones after
Palo Alto Networks discovered the hacking tool.
CoolReaper has the ability to download, install and activate any
Android app without telling the user or seeking their permission,
said Ryan Olson, director of threat intelligence at Palo Alto
Networks. It can clear user data, disable systems applications,
dial numbers, and carry out other tasks that could put users' data
at risk, Palo Alto Networks said.
Olson said the firm conducted research after noticing complaints
from Chinese users posted on Internet forums.
Coolpad "can pretty much install anything they want to on the
phone, all without letting the user know," said Mr. Olson in a
phone interview. "Generally this isn't something we'd see a
manufacturer do."
Access Investor Kit for Coolpad Group Ltd.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=KYG2418K1004
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069
Subscribe to WSJ: http://online.wsj.com?mod=djnwires