So, EE. Who IS this app on your HTC M9s sneakily texting, hmm?

HTC, EE and infosec bod all agree: We have no idea


EE has assured a customer that a pre-installed app found on new HTC M9 from the mobile operator is simply anti-fraud software.

However, both customer Barney Scott and an independent security expert remain unconvinced by this explanation, arguing that even if the app isn't malicious, it's at best badly designed and unwanted.

Scott came across the issue after noticing that pre-installed software on his new EE HTC M9 was calling home via text message.

"This is the second phone displaying this behaviour that I've received from EE after I sent the first back," Scott told El Reg. After failing to get a prompt response after raising the issue on Twitter, Scott contacted El Reg.

Scott is far from the only person to raise the problem, which has become the topic of a discussion thread on Reddit.

Some Reddit commenters said the handset phoned home to a Chinese number, although the area code is American.

"Why would a UK company be texting abroad for an internal service? Also they own the network & SIM, surely that would be part of the activation process rather than the rather more crude version of having the phone text them presumably with some unique hardware ID & other identifiable information," Scott told El Reg.

Keep calm, everything's excellent

Asked to comment on these concerns, an EE spokesman said that the software was a fraud prevention measure that helps to disable a handset in cases where phones are either lost or stolen.

Reddit commenters had expressed concerns that the phone number being contacted was in China, a concern EE dismissed as erroneous.

"We work with an American company as part of the anti-fraud software – in two of the Reddit threads someone points out that it’s a US number, rather than Chinese," a spokesman told El Reg.

Luis Corrons, technical director of PandaLabs and an expert in mobile malware, is disinclined to take the official line at face value.

"They say this is from a pre-installed anti-fraud software… if this is the case they have installed a really crappy app, whatever it is," Corrons told El Reg. "There are tons of anti-fraud tools, and sending a SMS to send out information is really odd. We are talking about smartphones that have Internet connection, why would anyone create an app that sends information to a foreign country via SMS?"

"It’s much easier to send it using the internet, and there you do not have any limit, so you can send more information if needed," he added.

Similar topics


Other stories you might like

  • NASA installs a new and improved algorithm to better track near-Earth asteroids

    Nearly 20 year-old software used to protect humanity gets an upgrade

    NASA has upgraded its near-Earth asteroid monitoring algorithm to model hazardous space rocks more accurately after nearly two decades, it announced on Tuesday.

    The new system, dubbed Sentry-II, is more powerful than its predecessor, Sentry. Astronomers working at the space agency's Center for Near Earth Object Studies can now automatically calculate thermal influences that nudge an asteroid’s orbit, potentially sending it hurtling towards our home planet.

    The so-called Yarkovsky effect describes the subtle and gradual change of motion when asteroids are heated by the Sun’s light. When asteroids spin, one side of its surface exposed to the star gets heated. As it continues to rotate, the hot region enters shade and cools down. Infrared energy is radiated outwards; the photons carry momentum and impart a tiny thrust on the asteroid. Over long periods of time, these small kicks can change their paths and knock them out of their original orbit.

    Continue reading
  • Facebook slapped with an eyepopping $150B lawsuit for spreading hate speech against Rohingya refugees

    Lawsuit claims social media giant's algos helped Myanmar military crackdown on the Rohingya

    Meta was sued on Tuesday for a whopping $150 billion in a class-action lawsuit for allegedly amplifying hate speech and aiding the Myanmar military in the genocide of the Rohingya people.

    The case, led by an anonymous Rohingya refugee living in the US, accuses the entity formerly known as Facebook of inciting hatred and inflicting real harm on the predominantly Muslim group for years. Not only did the social media platform ignore hate speech posts, it's alleged that the service's algorithms actively promoted anti-Rohingya propaganda as hundreds of thousands of people fled from Myanmar to escape persecution.

    Facebook has already acknowledged its role in the campaign, which saw an estimated 25,000 people perish and 700,000 forced from the country. The lawsuit also comes after ex-employee and whistleblower Frances Haugen leaked internal documents demonstrating how its algorithms prioritized engagement over safety.

    Continue reading
  • Power management IC shortage holding cars, laptops, hostage

    Couple of cents-worth of kit causing big problems for the year to come

    The shortage of power management chips is worsening and holding back companies from building cars, PCs and items with batteries or an on-off switch, Trendforce said in a study this week.

    Power management ICs cost just a few cents, and are among cheap chips that include display driver and USB-C components that are in short supply. These chips are as important to PCs and other electronics as CPUs or memory.

    The demand for PMICs has gone through the roof with the emergence of electric cars and growing demand for PCs and consumer electronics during the past 20 plus months. Trendforce expects the prices will go up by 10 per cent to a six-year high of $0.23.

    Continue reading

Biting the hand that feeds IT © 1998–2021