Your user data is secretly sent to China through a backdoor on some U.S. Android phones

boing
43

Why would you trust CM Security? Their domain is cmcm.com. Here’s an except from the WHOIS for that domain:

Domain Name: cmcm.com
Registry Domain ID: 809820_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ename.com

Registrant Name: zhao yi ding
Registrant Organization: bei jing lie bao wang luo ke ji you xian gong si
Registrant Street: No.8,Courtyard 1,Yaojiayuan South Rd
Registrant City: bei jing
Registrant State/Province: bei jing
Registrant Postal Code: 100000
Registrant Country: CN

Why would you trust a Chinese software supplier to provide you with software to remove Chinese spyware?

2 Likes
44

I imagine that, if you account is in some way compromised, the bank won’t pay because you covertly rooted the phone.

45

Huh. I was going more by good reviews for the product online. I didn’t research the company. (Insert “oh :poop:” gif here.) Though-- I’ve also connected my phone to my laptop computer and let ESET scan it. The phone came up clean every time.

46

Why would you trust any third party software supplier (other than perhaps BlackBerry) to provide you with software to remove spyware? I know that possibly comes over as a bit paranoid, but the history of AV vendors is not exactly fault-free; then there was the famous Sony rootkit incident, W10 data mining, and doubtless others. So much Android software itself includes spyware that it seems to be the dominant business model.

2 Likes
47

They know where the bodies are buried.

48

Torrent not required, malicious links will get you there. It’s standard behavior for Chrome to download apks if you click on a link without asking you to confirm. Plus the Play Store isn’t free of malware, either.

49

Yes, mentioned above by folks. I’ve attended entire talks on that subject. I don’t know why Google doesn’t do a better job there.

1 Like
50

This is one of the big benefits of being a member of Five Eyes. You spy on my citizens, because I’m not allowed to. I’ll spy on your citizens, because you’re not allowed to. Then we’ll share data according to long standing agreements. Technically no laws broken, but holy shit has the spirit of the thing been raped.

5 Likes
51

While there may be some exceptions I am unaware of, you imagine incorrectly, unless you have a specific ToS that says otherwise. Nor is “you imagine” particularly compelling.

Most bank apps, point of fact, don’t even bother checking for root.

52

This topic was automatically closed after 5 days. New replies are no longer allowed.