Some Smartphones Come Preinstalled with Chinese Spyware

This week seems to be all about smartphones. Unfortunately, we have to report on more bad news. This time it’s about spyware that comes preinstalled on a number of Android smartphones, including SONY and HTC.

The Hacker News reported today that some users noticed a suspicious folder on their phone named Baidu (for those not aware, Baidu is sort of a Chinese Google). Users are unable to delete or otherwise modify the folder directly from the device, because it instantly recreates itself. While the folder is suspicious, what really concerned everyone were the pings made to a Chinese server in Beijing.

According to the Hacker News, with the help of that Baidu folder, the Chinese Government can do the following:

  • Read status and identity of your device
  • Make pictures and videos without your knowledge
  • Get your exact location
  • Read the contents of your USB memory
  • Read or edit accounts
  • Change security settings
  • Completely manage your network access
  • Couple with bluetooth devices
  • Know what apps you are using
  • Prevent your device from entering sleep mode
  • Change audio settings
  • Change system settings

This spyware was found mostly on Sony Xperia Z3 and Z3 Compact devices, as well as a few other Sony models. Some users of HTC are reporting that they also have the Baidu folder on their phones.

To prevent this service from connecting to the Chinese servers, you can take the following steps (credit: Xperia Blog):

  1. Go ahead and backup anything you need and factory reset.
  2. Remove your SIM card before powering back up.
  3. Skip through the initial setup options without connecting to a network.
  4. Open up Settings > Apps > Running and Force Close the two myXperia apps.
  5. Use the File Commander app and delete the Baidu folder from the internal storage.
  6. Open up Settings > About Phone > Tap the Build Number 7 times to enable developer mode.
  7. Enable USB debugging in the Developer Settings.
  8. Plug the Z3/Z3c into your PC and open up a command window with adb.
  9. Enter the following lines into the command window:

adb shell
pm block com.sonymobile.mx.android
exit
reboot