Social The Obama Phone Comes Pre-loaded with Malware the User Can't Uninstall

Madmick

Zugzwang
Staff member
Senior Moderator
Joined
Jun 13, 2005
Messages
61,392
Reaction score
25,192
US Government-funded Android phones come preinstalled with unremovable malware
Ars Technica said:
An Android phone subsidized by the US government for low-income users comes preinstalled with malware that can't be removed without making the device cease to work, researchers reported on Thursday.

The UMX U686CL is provided by Virgin Mobile's Assurance Wireless program. Assurance Wireless is an offshoot of the Lifeline Assistance program, a Federal Communications Commissions plan that makes free or government-subsidized phones service available to millions of low-income families. The program is often referred to as the Obama Phone because it expanded in 2008, when President Barack Obama took office. The UMX U686CL runs Android and is available for $35 to qualifying users.

Researchers at Malwarebytes said on Thursday that the device comes with some nasty surprises. Representatives of Sprint, the owner of Virgin Mobile, meanwhile said it didn't believe the apps were malicious.

The first is heavily obfuscated malware that can install adware and other unwanted apps without the knowledge or permission of the user. Android/Trojan.Dropper.Agent.UMX contains striking similarities to two other trojan droppers. For one, it uses identical text strings and almost identical code. And for another, it contains an encoded string that, when decoded, contains a hidden library named com.android.google.bridge.Liblmp.

Once the library is loaded into memory, it installs software Malwarebytes calls Android/Trojan.HiddenAds. It aggressively displays ads. Malwarebytes researcher Nathan Collier said company users have reported that the hidden library installs a variant of HiddenAds, but the researchers were unable to reproduce that installation, possibly because the library waits some amount of time before doing so.

The malware that installs these programs is hidden in the phone's settings app. That makes it virtually impossible to uninstall, since the phone can't operate properly without it. "Uninstall the Settings app, and you just made yourself a pricey paper weight," Collier wrote.

The second unpleasant surprise delivered by the UMX U686CL is something called Wireless Update. While it provides a mechanism for downloading and installing phone updates, it also loads a barrage of unwanted apps without permission. The app is a variant of Adups, an app from a China-based company by the same name. In 2016, researchers caught Adups surreptitiously collecting user data on hundreds of thousands of low-cost phones from BLU.


"From the moment you log into the mobile device, Wireless Update starts auto-installing apps," Collier said. "To repeat: there is no user consent collected to do so, no buttons to click to accept the installs, it just installs apps on its own."

While all of the installed apps Malwarebytes examined were clean and free of malware, the presence of a feature that automatically installs apps poses an unacceptable risk, particularly since removing the feature prevents the phone from receiving updates. The two apps analyzed by Malwarebytes make the UMX U686CL a bad choice. The fact that it's made available to low-income users only worsens the insult.

Malwarebytes said it notified Assurance Wireless of its findings and asked why the phone it sells comes with preinstalled malware. So far, no one has responded. In an email, Sprint officials told me: "We are aware of this issue and are in touch with the device manufacturer Unimax to understand the root cause, however, after our initial testing we do not believe the applications described in the media are malware."

It's not hard to find online discussions like this one complaining of annoying displayed ads and apps automatically installing on the device without user permission. A similar thread discusses ads that display on the homescreen even when a browser isn't running.
Just another example of a road paved to hell with the best intentions.

Your tax dollars hard at work infesting the population with corporate adware and major security hazards. This is why the best government is the most limited government.
 
I'm 50/50 on either our government negotiated with China to sell them everyone's data or China just snuck that in and our government was too stupid to check for it
 
Can't have unremovable malware if I never buy that phone.
K0KPgis.jpg
 
Thanks Obama.
 
I'm 50/50 on either our government negotiated with China to sell them everyone's data or China just snuck that in and our government was too stupid to check for it
Why is China being brought up when the phone is manufactured by an American company?
 
Why is China being brought up when the phone is manufactured by an American company?

My guess is many of the chips are manufactured in China. I didn't read the article but that's my guess.
 
That man been out of office for 3 years now and y'all still on his nut sack.
 
I thought the welfare phones were just like a flip phone or something. I didn't realize they were smart phones. That's pretty sweet for those in need I guess.
 
Subsidization of phones began under President Clinton, and has continued under Presidents Bush and Obama.
 
So the taxpayer is subsidizing Chinese trash with spyware in it. The government gave the contract to Virgin Mobile, who then turned to a Chinese manufacturer (Unimax) to make the phones. Unimax was dishonest (presumably) and put shit in the phones in secret. Or possibly Virgin Mobile knew what Unimax was doing but didn't care because their contract with the government didn't specify anything about that.
Either way the gov. should drop Virgin Mobile.
 
This is why the best government is the most limited government.

Even when government forbids private companies from sharing technology with China?
 
Yes, the best way to keep persons from being exposed to corporate adware meant to target consumers, monetize their consumer profiles, and gain profits off of them is to....give corporate power greater control over the economy and society and neuter the ability for the people to reign it in or keep it from acting against the public interest.

I guess the "if poor people didn't have phones they wouldn't be susceptible to smart-phone malware" argument is at least more airtight.
 
I thought the welfare phones were just like a flip phone or something. I didn't realize they were smart phones. That's pretty sweet for those in need I guess.
A smart phone is a universal human right bigot. Get used to it.
 
so it comes with google?

<45>
Lol I quit caring last month as of this moment Popeyes, kfc and Taco Bell know exactly where I am. I also keep my location on my phone have fun with all my information lol.
 
We are still dealing with the damage he has done.
The actual policy started under Clinton, but there have been numerous acts/laws since the early 20th century regarding telecommunications. Obama just expanded it. He didn't sign the initial law into act.
 
Back
Top