Xiaomi and China's third-largest mobile and world's sixth-largest phone manufacturer 'Coolpad', has joined the list. Chinese smartphone manufacturers have been criticized many times for suspected backdoors in its products, the popular Chinese smartphone brands,and Star N9500 smartphones are the top examples. Now, the, has joined the list.





Millions of Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd. may contain an extensive "backdoor" from its manufacturer that is being able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users' phones without their knowledge, alleged a U.S. security firm.





OVER 10 MILLION USERS AT RISK

Researchers from Silicon Valley online security firm Palo Alto Networks discovered the backdoor, dubbed "CoolReaper," pre-installed on two dozens of Coolpad Android handset models, including high-end devices, sold exclusively in China and Taiwan. The backdoor can let attackers completely hijack users' Android device by gaining access to their device information and functions.

impact over 10 million users worldwide. The security firm released a The backdoor presents several privacy and security risk, and is believed to. The security firm released a research paper Wednesday detailing its investigation on the backdoor software, called CoolReaper.





FEATURES OF COOLREAPER BACKDOOR

According to Ryan Olson, intelligence director at Palo Alto, CoolReaper backdoor can perform a wide number of unsolicited tasks. The backdoor has ability to:

Download, install and activate any Android application without the user's consent or notification

Connect to a number of command and control (C&C) servers

Clear user data, uninstall existing applications, or disable system applications

Send fake over-the-air (OTA) software updates to devices that install unwanted applications

Send or insert arbitrary SMS or MMS messages into the phone

Dial arbitrary phone numbers

Upload device information, its location, application usage information, calling and SMS history to Coolpad server

Researchers obtained only one of the Coolpad smartphone models sold in the U.S. and did not find CoolReaper on the device. So, they suspected that the CoolReaper backdoor comes pre-installed only on Coolpad handsets sold in China and Taiwan.





The researchers conducted its investigation after reviewing complaints by the users on message boards about suspicious activities noticed on Coolpad devices. The security firm installed multiple copies of the custom ROMs installed on Coolpad devices in China and found that most included CoolReaper.

"CoolReaper is the first malware we have seen that was built and operated by an Android manufacturer," researchers wrote. "The changes Coolpad made to the Android OS to hide the backdoor from users and antivirus programs are unique and should make people think twice about the integrity of their mobile devices."

CHINA BEING CRITICIZED MANY TIMES

This isn't the first time when Chinese phone manufacturer is criticized for its products. Six months ago, a popular and cheap handset device in China, the This isn't the first time when Chinese phone manufacturer is criticized for its products. Six months ago, a popular and cheap handset device in China, the Star N9500 smartphone came pre-installed with a Trojan that allowed manufacturer to spy onto their users' comprising their personal data and conversations without any restrictions and users' knowledge.





Xiaomi has been suspected of "secretly" stealing users' information from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions. Also, the latest claim against Chinese smartphone manufacturers was the allegation that the popular Chinese smartphone brand,from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions.