There is no doubt Infinix mobile phone's are rocking in the market because of their cheap rate's but when it come's to security and privacy these's chinese phones are less secured as compared to other mobile phones. This analysis has been performed on non-rooted infinix hot 4 bought from daraz.pk . Multiple report's and allegations on Infinix urged me to perform analysis on infinix smartphone's.
Recently we have seen number of report's on Infinix claiming that their smart phones are secretly sending private information to some Chinese servers. Some said its rumor, a false flag propaganda to defame the brand and some said it's true. Today we have configured out that it is actually true.
I accept that some of app's do collect information regarding the device but they do in a secured way i.e in encrypted form under some terms and conditions. However one of the worst thing i have noticed is Infinix was sending data in un-encrypted state to a vulnerable server. In case if that server is compromised because of some vulnerabilities it will lead to a major hack in which private information of millions of smartphones could be breached.
A newly bought Infinix smartphone contain's some pre-installed app's also known as bloatware. Infinix allow's you to uninstall some of the pre-installed app's but not few of the app's. That's how infinix came into the radar and urged us to perform analysis. One of the suspected app is mentioned below.
1- BabelFont
- Fonts Manager ( SYSTEM APPLICATION )
Both of the apps are related to Font's. One is Babel Fonts which is available on playstore indeed and the other one is FontManager which is a default system application. Babel Font could not be removed or uninstalled due to restriction.
What is the purpose of Babel Font ?
This app is developed by a Chinese firm " Shanghai iekie information technology Co,Ltd " which could be used to change font's on your smartphone.
Why it is pre-installed ?
There could be a possible reason like application marketing between both of them
How it is vulnerable ?
As per android if you are a developer you might be aware that if your application need's to perform certain tasks you need to define permissions and user need's to grant that permission in order to use that app. Lets have a look on the permissions of Babel Font.
Lets have a look on packet's analysis of BabelFonts > FontsManager
I turned on the listening while keeping my phone idle. Once the phone was gone idle Fonts Manager was sending some suspicious requests to a Chinese server. After 5 minute's of network packets listening i was able to configure out the behavior of this app. Lets have a look on the sniffed packets from our device.
Now look at the given picture's while your smartphone is idle Font Manager is sending your mobile information to some suspected Chinese server's. Information which Font Manager was caught sending is given below.
GET /rest/api3.do?t=1480159338&data={"c1":"Infinix HOT 4","c2":"umeng","c0":"Infinix","device_global_id":"utdid_error","app_version":"10.5.2.2.0","c6":"3c10ae4918f05567","c4":"02:00:00:00:00:00","sdk_version":20160215,"new_device":"true","c5":"0177810690204116","package_name":"com.mephone.fonts","c3":"umeng"}&v=4.0&sign=30dd562cfb907706b583dcca5f546971&imei=*****&appKey=umeng:56e28e8be0f*********&api=mtop.push.device.createAndRegister&imsi=umeng&ttid=android@umeng
HTTP/1.1 Host: api.m.taobao.com Connection: Keep-Alive User-Agent: Agoo-sdk-2.0 Accept-Encoding: gzip
Now Just have a look at the information which is being sent from Infinix Smart Phone. This information could be used for identifying any Infinix user and once a specific user is identified there is a possibility of malware infection because app servers transferring information are vulnerable and have less security which increases the chance's of smartphone security breach.
Its not about just sending information to the server , the worst part is a vulnerable server which leaves millions of infinix devices vulnerable to attack using different techniques. If the server is compromised attacker can gain access to your smartphone too by manipulating the requests.
There are many questions , such as why That Babel Font application is a bloatware ? Why a user is not given rights to uninstall it ? if it was for the purpose of marketing an app why infinix allowed such a third party app without auditing its security.
Indeed , it is the very first step in cyber attack's to define a victim and this information is enough to traceout the user and that application / bloatware have full permission over your Infinix smartphone in which it is also able to install any application without your permission anonymously. Moreover can also send your sms , call logs and other information as per permission of the application.
Visitors must follow the terms and conditions. content provided on this page is the authority of Security Fuse and is only for peaceful and educational purpose based on research and publication. Security Fuse is not responsible for any of the act caused by viewers after reading the content from *.securityfuse.com. Republication or fabrication without our permission or giving credit is not allowed.
This is very true..... And as an infinix user.... It's scary to know this.. ..
ReplyDeleteA storage apparatus may either stock information, process information or even both. There are many different devices where you can store data, and one is, data storage tapes.Self Storage
ReplyDeleteCan you make a post on how to uninstall it? I have it on my itel phone too and I've long suspected it. Recently my phone started autorestarting once I try making a call and I suspect this app
ReplyDeleteHow do we uninstall it?
ReplyDeleteWhy this app is consuming too much power?
ReplyDeleteHow can I uninstall, any idea friends?
Some of cheap phones from China send our information to Chinese online shop name Taobao to check our behaviours concerning consuming.Taobao is working close with Lazada and active in Asia. The more expensive phones sending our information mostly to USA. So in both cases the same. We use already that American spying us all the time. 'Big brother is watching you' in long reality. Best not to use Smartphone, but old fashion phone, is safer.
ReplyDeleteI come across this post because the app has been misbehaving on my Infinix zero4 plus. Its been popping up ads. How can I uninstall this app?
ReplyDeleteYes, you are absolutely correct. Please be aware of Infinix's Products. Infinix shipped adware and virus in their product.
ReplyDeleteThey might said it wasn't true, but please do check:
http://www.infinixmobility.com/fileadmin/user_upload/download/st_42016.zip
Can we sue them?
Very true, k noted this on my cheap itel smart phone, very annoying.
ReplyDeleteSo true
ReplyDeleteThe app usually allows ads to appear covering the whole screen leaving the phone absolutely useless
I usually have to switch the phone off before these ads disappear and it also installs other apps without notification
I disabled it and now some of the apps I installed ain't working, even play store isn't opening
If u can help me please do