On January 6, 2020, a post on Reddit managed to get the attention of the users of Samsung Galaxy devices. The post claimed that the Chinese spyware is pre-installed on all Samsung phones. This person said, “I know the title is rather sensational, however it couldn’t get any closer to the truth.” The problem was with a utility in Samsung’s device care application.
It is a built-in feature that comes as preinstalled as a part of Samsung’s implementation of Android OS that means it cannot be removed. Using packet analysis tools on a Galaxy S10, the author discovered some unauthorized traffic coming out of the device care’s storage scanner. This utility is supposed to look for junk files that can be deleted to free up some space. That scanner was sending data back to Chinese domains. Due to its functionality, the storage scanners generally need access to all of the files on your device that could include anything.
The author went further to explain the threat but it wasn’t entirely reassuring. The scanner app was made in collaboration with Qihoo 360, a Chinese security company that has occasionally made headlines for complying with national censorship directives. But it wasn’t clear why the data is being sent to Qihoo and is it safe to use this app. And since the app was built-into the Samsung’s core OS, there is a way to remove this app.
Samsung didn’t refuse from the claim and stated that the truth is less alarming than it appears. The company stays the data sent back to Qihoo is comprised of generic information and needed to optimize storage, specifically naming OS version, phone model, and storage capacity among other data. Qihoo’s main contribution is a reference library to identify junk files, but that library exists locally in the utility. That means Qihoo never receives the data that would allow it to identify a particular file on a user’s device.