Security firm Kryptowire discovered that at least hundreds of thousands of Android phones in the US are configured to automatically send all text messages, call logs, location information, contact lists and more to servers in China every 72 hours. This is all invisible to the end user.
In the US, the dangerous software, made by Adups, is known to be on 120,000 phones made by BLU Products. The software appears to have been designed primarily for the Chinese market and impacts in the US may have been unintentional. Adups provides the software to ZTE and Huawei, two of the largest phone makers in the world.
This is not a bug but an intentional feature of the software. It is not yet clear whether this is abusive data collection for marketing or usage data, or whether this is part of a major surveillance activity by the Chinese government. An attorney for Adups says that the software helped identify junk texts and calls and that the information (at least for BLU customers) was deleted.