Android Logo
A 3D-printed Android logo is seen in front of a cyber code display, March 22, 2016. REUTERS/Dado Ruvic

Update: ZTE USA responded in a statement to the IBTimes on recent reports about spyware in devices.

“We confirm that no ZTE devices in the U.S. have ever had the Adups software cited in recent news reports installed on them, and will not. ZTE always makes security and privacy a top priority for our customers. We will continue to ensure customer privacy and information remain protected.”

Android phones by ZTE, Lenovo and other brands may be running spyware apps, a recent report says.

Last month, security firm Kryptowire said in a report that Adups, a Chinese software, was spying on U.S. Blu R1 HD phones. The devices, which were sold at major American retailers like Amazon and Best Buy, transmitted user and device data including text messages, call logs, contact lists, and location information to China.

The new analysis by mobile security company Trustlook, first reported by Green Bot, says the security flaw has been found in 43 other manufacturers. Trustlook says Adups comes pre-installed on some 700 million Android devices.

“People like to think their brand new phone is clean and free of malware, but that is not always the case,” said Trustlook in a blog post. “Some smartphone manufacturers choose to use a third party FOTA (Firmware Over-The-Air) service instead of Google’s, which can pose serious security risks. This is what happened in the case of Shanghai based ADUPS Technology Co.”

Many of the manufacturers with Adups apps were small Chinese-based companies, but some notable brands were on the list, including Lenovo, ZTE and Archos.

The new report is similar to Kryptowire’s conclusion that Adups is are looking at users’ data.

“The app comes preinstalled on the device,” explains Trustlook. “It collects many types of user information. In addition to specifications such as IMEI, IMSI, MAC address, version number, and operator, this app attempts to collect user’s SMS text messages and call logs. More troubling is that all of these procedures are done without user’s consent and are processed in the background.”

Trustlook did not say which phones are affected, but does have a list of which manufacturers have devices that contain Adups apps.