The spyware has been discovered on all of Samsung’s modern smartphones and tablets. Samsung branded software regularly communicates with servers located in the PRC.
The firmware “gap” in Samsung gadgets was discovered by a user named Kchaxcer from Reddit. His topic gained about 3,000 comments in just a day. Kchaxcer reported that Samsung firmware included a Chinese software named Qihoo 360 built into Device Care, Samsung’s proprietary utility attached to the One UI shell. The application includes functions for optimizing the device, removing temporary and junk files as well as scanning for viruses and other malware.
Qihoo 360 is involved in information security but has repeatedly been involved in scandals around privacy and confidentiality. Among other things, Qihoo 360 was accused of unauthorized collection of information from users’ devices.
Samsung almost instantaneously reacted
Samsung reacted very quickly to the post and the representatives have confirmed the availability of Qihoo 360 software as part of Device Care. At the same time, Samsung did not comment on the fact that due to the presence of a code belonging to Qihoo 360 in Device Care, the application regularly communicates with Chinese servers.
At the time of publication of the material, it was not known to whom exactly the Qihoo 360 software can send information from user devices. However, in 2014, the company’s top manager stated that Qihoo 360 may transfer any data to the Chinese government at the very first request. In 2017, the company announced its plans for even closer cooperation with the PRC authorities in terms of sending information.
The history of Samsung and user tracking
Samsung’s spyware history is not clean for quite some time. For example, in March 2017, the antivirus company CheckPoint detected in almost four dozen smartphones of various manufacturers, including Samsung. malicious components were preinstalled. They identified applications demonstrating unwanted advertising, and in at least one case – a mobile encryptor. All analyzed devices were used by employees of the two large IT corporations. Among 38 mysteriously infected devices there were ten Samsung smartphone models.
Last minute announcement
Samsung made a comment two days after the original post was published in Reddit. It seems the truth is less scary than it seems. Samsung says, only data sent back by Qihoo is generic info about optimizing storage, including OS version, phone model and storage capacity. According to the company, Qihoo never receives data that would allow them to identify a specific file on users’ devices.
A company representative said “Samsung takes the protection of our users’ data very seriously, and we design our products with privacy and security top-of-mind. The storage optimization process, including the scanning and removal of junk files, is fully managed by Samsung’s device care solution.”
How can you uninstall Qihoo 360 from Samsung devices?
If you own a Samsung phone and still are not comfortable with the explanation the company made, you can stop Qihoo 360 from communicating with Chinese servers and sending data to them.
Kchaxcer noted that it is not possible to remove Device Care from a Samsung smartphone or tablet using the basic tools – the application is part of the system because it is part of the firmware. He also warned that giving this app access permissions to the whole device is very risky.
However, it is possible to protect personal information from a potential transfer to Chinese servers. To do this, you need to deny Device Care access to the Internet by installing a firewall that works without root access. Such applications, which have proven their effectiveness, are freely available in the Google Play app market and they allow you to block programs, including system tools from accessing the network via Wi-Fi or via cellular networks.