We’ve reached out to Alcatel for a statement, but either way, this is bad news for the company.
There are a lot of contenders in the budget Android space, and one of them is Alcatel. I’ve used and recommended Alcatel phones over the years, and while I’ve mostly been happy using gadgets from the company, a new light’s been shed on a security issue that’ll likely prevent me from doing so going forward.
Like a lot of phones from companies that aren’t Google, Alcatel devices come with their own default gallery app that isn’t Google Photos. Alcatel uploaded its gallery app to Google Play to allow for faster updates, but an update that came in around mid-November replaced this with something pretty nasty.
As Android Police notes, the real app from Alcatel is simply titled as "Gallery" and was uploaded by mie.alcatel.support. However, after that mid-November update, it was replaced by an app called "Candy Gallery -Photo Edit,Video Editor,Pic Collage" from developer Hi Art Studio. Unlike the real gallery app from Alcatel that only asks for file access permissions, this one from Hi Art Studio has access to Device ID, SMS messages, Wi-Fi connection info, your location, phone call history, and plenty more.
I reviewed the Alcatel Idol 5 back in October, and sure enough, the Candy Gallery app is installed on it.
We’ve reached out to Alcatel for more information about what in the heck is going on, and if you own an Alcatel phone with this installed, make sure you go to the app, hold down on it, drag it to app info, and tap on the button labeled "Disable."
It’s impossible to say at this time how or why this happened, but either way, this is not a good look for Alcatel and has the potential for serious repercussions going down the road.
January 29, 2018 at 11:44AM