Malware that is hidden in seemingly irrelevant mobile apps, running in the background and sending user data to obscure servers is not something new. Having them pre-installed on your brand new phone, however, is something that goes beyond any logic, indicating a manufacturer-side security quality check inadequacy. According to a report by Upstream Systems, a UK-based mobile security researching firm, Alcatel smartphones that come with an app named “Weather Forecast – World Weather Accurate Radar” are placing their users in data theft risk.
Upstream has tested the particular app which is developed by the manufacturer of the phone itself and discovered that it behaves like a typical malware app, sending user data like personal information, email, device IMEI, and location to Chinese servers. The app also serves intrusive ads to the users, loading ad pages and clicking on them arbitrarily. The most frightening of all was that in many cases, the weather app even triggered user subscriptions to premium services, often without the user even realizing it. The total amount of data spent on this background activity accounts for about 250 MB per day, adding another potential cost burden for the users.
Developed by the phone manufacturer, the particular weather app was ranked among the top 5 weather apps in 30 countries, with its polished interface and powerful functionality being praised by users. Besides those who got the app with their Alcatel smartphones, there is another 10 million users who downloaded it via the Play Store (it has now been removed) for non-Alcatel devices. In total, it is estimated that the malicious code in this weather app has already cost users millions through premium subscriptions and data charges. Upstream has detected and blocked millions of transaction attempts across seven markets through their mobile security solution, saving their customers approximately $1.5 million.
Considering that both the pre-installed and the Google Play version of the app contained the same malicious code, the source of trouble is in TCL’s developers' system which may have been compromised. Suggesting that TCL did this on purpose will be too far fetched, but even this scenario cannot be excluded with certainty at this point. TCL is a Chinese consumer electronics manufacturer who has the license to sell products with the Alcatel, Thomson, RCA, and BlackBerry brand names. While the Alcatel-Lucent trademark was sold to Nokia in 2016, TCL’s license expires at the end of 2024, a comfortable time period to allow incidents like this one to completely destroy Alcatel’s market reputation, or whatever is left of it already.
Would you trust a TCL-made phone in the future? Let us know of your comments in the section below, and don’t forget to check our socials on Facebook and Twitter, staying up to date with the latest developments in the tech world.