By Gillian Wong 

HONG KONG--Silicon Valley online security firm Palo Alto Networks Inc. said some mobile phones made by Chinese smartphone maker Coolpad Group Ltd. contain software that allows the handset vendor to install applications onto users' phones without their knowledge, raising privacy and security concerns.

Palo Alto Networks released a research paper Wednesday detailing the "backdoor" software that allows for this access, which it called CoolReaper.

The firm's researchers analyzed Coolpad's Android-based phones and found that 24 models carried CoolReaper, which also enables Coolpad pop-up notifications with advertisements that their users couldn't get rid of. The problem is limited to users in China and Taiwan, Palo Alto Networks said.

Coolpad acknowledged that some of its phones were downloading applications onto the devices whenever they were connected to wireless Internet networks, but said the function worked only when users activated an option in the phones' main settings to enable the automatic downloads. It said the function was designed to improve user experience by making it more convenient for those users who wanted such automatic updates or downloads. The company said that it received notice about Palo Alto Networks' analysis from Google Inc. and that it has taken steps to issue a software upgrade to address other Android compatibility issues raised by Google. Google declined to comment.

The report raises fresh concerns about data privacy with some Chinese smartphones at a time when the U.S. and China have exchanged accusations over cyberspying. Hong Kong-listed Coolpad is among the leading smartphone vendors in China, the world's biggest smartphone market. In the third quarter, it ranked fifth in terms of shipments in China, with an 8.4% share of the market, according to research firm IDC. Coolpad has sought to expand sales overseas, focusing on Southeast Asia, Europe and the U.S.

Last month, Apple blocked apps downloaded from a Chinese app store carrying software that could steal data from iPhones after Palo Alto Networks discovered the hacking tool.

CoolReaper has the ability to download, install and activate any Android app without telling the user or seeking their permission, said Ryan Olson, director of threat intelligence at Palo Alto Networks. It can clear user data, disable systems applications, dial numbers, and carry out other tasks that could put users' data at risk, Palo Alto Networks said.

Olson said the firm conducted research after noticing complaints from Chinese users posted on Internet forums.

Coolpad "can pretty much install anything they want to on the phone, all without letting the user know," said Mr. Olson in a phone interview. "Generally this isn't something we'd see a manufacturer do."

Access Investor Kit for Coolpad Group Ltd.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=KYG2418K1004

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Alphabet Charts.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Alphabet Charts.