On Wed, Nov 16, 2016 at 5:15 PM, Andrew McGlashan via luv-talk <luv-talk@luv.asn.au> wrote:
What's more, you need to be able to fully trust your hardware and that is nigh on impossible these days.
http://www.kryptowire.com/adups_security_analysis.html "Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices." http://www.heise.de/newsticker/meldung/Adups-China-Billighandys-spionieren-i... According to Adups the software is installed on more than 700 Mio devices world-wide ("Die Software ist laut Adups auf über 700 Millionen Geräten weltweit installiert.") Regards Peter