TCL and Alcatel direct links to massive spyware operation

TCL

TCL, partially Chinese state-owned and licensee of the Alcatel smartphone brand, has been exposed as the sole owner of massive a spyware ring developer Shenzhen Hawk Internet Co. It had released 24 popular apps with more than 382 million installs before Google removed them from the Play Store.

What is worse is that some Shenzhen Hawk apps were installed on TCL licensed Alcatel smartphones as early as 2005 (and ongoing) under the official guise of mie-Alcatel.support. These include File Manager, Sound Recorder, Joy Launcher, Turbo Browser, Weather Forecast and Calendar Lite.

We have asked TCL/Alcatel Australia for an update on this. According to reader comments, the factory-installed mie-Alcatel apps cannot be uninstalled.

VPNpro broke the news a couple of months ago, but it has taken time to untangle the ties that lead back to partially Chinese state-owned TCL – and its involvement with the Alcatel brand that sells well in the Australian pre-paid market.

TCL company ownership map

Spyware or rogueware?

The Shenzhen Hawk apps request app permissions well beyond what is apparently necessary to do the job. Of the 24 initially found (and there may be more in the pipeline) some unnecessarily:

  • Access the camera/mic
  • Place calls or sends SMS to premium paid-for services
  • Access call history, contacts and SMS/MMS
  • Access a user’s GPS location
  • Read and exfiltrate data from internal or external connected storage
  • Collect and exfiltrate details of a user’s phone, network and contacts
  • Record any audio on the device or its servers
  • Download and install further malware
TCL
Looks innocent enough but if the product is free, the product is you!

Data collected by the apps are sent to Shenzhen Hawk’s Chinese servers. TCL denies that it has sold such data to any third-party. Well, we have to ask then, why collect the data in the first place?

The full list of 24 apps is below, and many are still on third-party app stores meaning Shenzhen Hawk is still operating them. Oddly, its public website http://en.ehawk.com/ is now ‘offline’.

Tap Sky

  1. World Zoo
  2. Puzzle Box
  3. Word Crossy!
  4. Soccer Pinball
  5. Dig it
  6. Laser Break
  7. Word Crush
  8. Music Roam

Mie-Alcatel.Support

  1. File Manager
  2. Sound Recorder
  3. Joy Launcher
  4. Turbo Browser
  5. Weather Forecast
  6. Calendar Lite

ViewYeah Studio

  1. Candy Selfie Camera
  2. Private Browser

Hawk App

  1. Super Cleaner
  2. Super Battery

Hi Security

  1. Virus Cleaner 2019
  2. HiSecurity 2019
  3. HiVPN, Free VPN
  4. HiVPN Pro
  5. Net Master

Alcatel Innovative Lab

  1. Candy Gallery

What is TCL?

According to Wikipedia, TCL is mostly state-owned by the Guangdong provincial government with strong ties to a Chinese military-owned company which produces communication devices and navigation systems for the Chinese army.

Information Security News summed it up in an article titled,’ ‘The most dangerous & spying television award goes to TCL’.

Behind Shenzhen HAWK, there is an even larger company, specialising in the development of electronic devices present in homes and businesses around the world.” 

TCL Corporation has at least 52 subsidiaries worldwide and owns the licensing rights of Alcatel, Palm, Ffalcon TV, Palm, RCA and Thomson among other brands. The main controversy is its close ties to the Chinese government, whose support was essential for the establishment of TCL as a large transnational corporation.

You can read more about TCL and its Chinese Government-aided quest to dominate our living rooms here.

GadgetGuy’s take:

That TCL allowed these apps to be developed, let alone placed on a trusted brand like Alcatel is, at the very least, inexcusable.

GadgetGuy recently profiled TCL here and is willing to publish any valid company response.

[UPDATED] TCL Response 23 June 2020

“The data security and privacy of our customers is something we take very seriously, which is why we adhere to all local laws regarding user data and privacy. While it is true in the past that there was some unauthorized use of our application APIs by outside third-parties, we removed that access as soon as we became aware of that issue. Our company continues to work very closely with Google on all our device software to ensure those experiences are properly developed, audited and monitored to offer the peace of mind and trust our customers expect from us.”