Smartphones from leading smartphone makers have been found to be pre-installed with spyware according to security company G Data's Mobile Malware Report for the second quarter of 2015.
"Over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi have pre-installed espionage functions in the firmware," says G Data. "Over the past year we have been observing a significant increase in devices that are equipped with firmware-level spyware and malware out of the box."
Along with the rapid increase in smartphone use around the world the number of malware apps has also sharply increased in the past three years. Security analysts identify a new malware sample every 14 seconds.
Experts suspect middlemen to be behind this, who change the firmware to be able to steal user data and make money through advertising. Some of the malware apps disguise themselves as part of other popular apps such as Google Drive and Facebook.
In a statement to IBNLive, a Xiaomi spokesperson said, "the security report clearly states that middlemen are installing such malware and that manufacturers like Xiaomi are not at fault. Unauthorised retailers can inject malware into any device bought from an unofficial channel. This is why we strongly recommend buying Mi phones only through authorised channels such as Mi.com, Flipkart, Amazon or Snapdeal."
Lenovo in an official response to the report said, "The report states that the malware was pre-installed in the firmware of the device and can’t be removed. This is incorrect information. The malware was found on a single Lenovo phone that was bought through a third party marketplace and was contained in an app that was likely added by a middleman and could easily be removed from the device."
The spyware apps can access phone content and also listen to conversations and access IM messages.
The smartphone models found infected by the researchers include Xiaomi MI3, Huawei G510 and Lenovo S860.
(This story has been updated to include Xiaomi and Lenovo's view on the matter)