Unfortunately for Android smartphone users coming from developing countries with usually low privacy protections, a cheap smartphone could come with a hidden cost: Low-end Android smartphone devices mostly sold at developing markets such as Egypt, Brazil, South Africa, Myanmar, etc., contain pre-installed malware.
The malware to blame is com.rock.gota, but it masks itself quite ingeniously by impersonating as “Software Update” or “Mobile Care“. It’s locked and can’t be uninstalled even after a hard factory reset. The malware can be traced back to Gmobi, a Chinese analytics company with digital ad services, which is responsible for connecting the Android smartphones to Singapore-based servers.
This malware is discovered to be collecting and sending sensitive information such as the user’s emails, GPS-recorded locations, even their phones’ IMEI number along with their unique codes called MAC addresses that are assigned to each piece of hardware that connects to the web. It is also reported that a part of their mobile internet data is stolen and used to generate false hits on ads. This meant advertising revenue for the malware’s author.
So far, 8 countries with developing mobile markets are affected, all of which lack enough regulations when it comes to data privacy and phone carriers’ ethical policies. Moreover, consumers of such devices rarely have the technical knowledge and luxury to even investigate if their smartphone is attempting fraudulent transactions and charges on them.
As far as Gmobi is concerned, it seems what they’re doing will no stop anytime soon: “If end users want a free internet service, he or she needs to suffer a little for better targeting ads,” said their spokeswoman.
This is something people should be thinking about in a global level, since its methods and business model could be replicated to other countries as well. Gmobi themselves provide these “services” to more than 100 smartphone makers, with more than 150 million victims around the world. Just think about any similar company and how it’s possible this incident is actually wider than what we’ve imagined.