Privacy concerns are a matter of growing importance after the Cambridge Analytica scandal that broke last year. While many commentators have been raising these concerns for a long time, only now is action being taken. However, that doesn't prevent people from trying, as is obvious in this latest report. Alcatel reportedly has some of its phones pre-installed with malware on a system app, which is said to be subscribing some users to premium numbers without their knowledge.
These accusations are particularly bothersome, since it isn't just a matter of data privacy but is also charging real money to users behind their backs, according to a report by ZDNet. An app named ‘Weather Forecast - World Weather Accurate Radar' which comes pre-installed on some Alcatel phones (such as the Alcatel Pixi 4 and Alcatel A3 Max) and was also made available on Google Play, is said to be loaded with the malware. The app has been developed by TCL, the Alcatel brand licensee.
The findings were published in a report by Upstream's Secure-D, which was commissioned to investigate the issue. The report initially found that the app was collecting data on locations, IMEI codes, and email addresses and sending this back to TCL, but subsequently, attempts to subscribe users to premium numbers were also detected.
The app, which at some point was infected with the malware, would attempt to subscribe users to premium number services, which would then be billed to the users if the attempt was successful. The violation largely affected users in Brazil, Kuwait, and some countries in Africa. Apart from this, the app was also said to be sending user data to a server in China surreptitiously. Upstream, the company behind the report, also worked with the Wall Street Journal to bring the issues to the attention of both TCL and Google, and says that following the publication of the WSJ report, the app was pulled from Google Play.
For now, it appears that other apps developed by TCL for its range of Alcatel-branded phones appear to be fine, with no malware or data privacy violations being reported. There is no clear indication as to how this specific app was infected, and TCL has not responded to requests for information or statements.