The U.S. government offers cheap smartphones and cell service to low-income households through its Lifeline Assistance program, operated by the FCC. It’s a nice initiative considering the importance of smartphones in today’s world. But the phones are predictably cheap, clunky Android devices, and it's now been found that they’re infested with malware.
Safety is reserved for the rich — The internet security firm Malwarebytes published those findings in a blog post today, singling out the Unimax U686CL, a Chinese-built smartphone offered through the Lifeline Assistance program by a partner carrier, Assurance Wireless. It costs $35 for eligible citizens, but also probably some of your safety: Two apps pre-installed on the device automatically download software without your consent.
Worse yet is that the two apps doing this are Wireless Update, the only way through which to download OS updates for the phone, and Settings — yes, the device’s Settings app. Malwarebytes says that the Settings app installs a trojan called Hidden Ads which, as you might expect, litters the phone with obnoxious advertisements! That alone is more annoying than anything, but these wide openings could be dangerous should someone decide to push genuinely bad software through them.
Because both apps with these backdoors are fundamental to the OS functioning properly, there's no way to remove them without destroying the phone.
An unreasonable compromise — Those who qualify for Lifeline Assistance have to make a choice: take the phone and compromise their safety, or go without — an impossible ask when smartphones today are how we do everything, from looking up directions to communicating with loved ones, and even applying for jobs or completing homework.
Facebook CEO Mark Zuckerberg argues that an advertising model is crucial because it allows the most people to get on his platform and connect with friends. But this Unimax phone is being subsidized by the U.S. government with taxpayer money, which then asks eligible citizens to pay $35 on top of that. Advertisements are like an ongoing payment to Unimax, and shouldn’t be allowed onto the devices, to say nothing of the huge security vulnerability.
Not so assuring — Assurance Wireless has declined requests for comment by Malwarebytes and Forbes. Also its website seems to have crashed, or was just pulled down following the deluge of interest. The FCC hasn’t commented either.