Barnes & Noble’s new $50 NOOK Tablet is infected with the same malware BLU battled last month [Update]
When Android hardware is cheap, people usually assume there’s at least one catch. That was the case with the $50 NOOK Tablet from Barnes & Noble which on paper and in practice just seemed too good to be true. Well, that might just be the case…
According to a report from Linux Journal, the NOOK Tablet 7″ is using the same ADUPS software that the BLU R1 HD was. However, in this case, there’s no way to disable it like there was on BLU devices before they were updated to remove the software.
What can ADUPS do? When installed, the software can essentially read and transmit all of the data on that device including text messages, phone calls, location info, private data, and more. In the case of BLU and seemingly in this case as well, that data is being transmitted to China. Even though following the fiasco from BLU, ADUPS likely won’t transmit that data, it can be enabled at any time and without user knowledge.
The latest tablet from Barnes & Noble, the newly-released $49 BNTV450, has been found to include ADUPS. In the aftermath of the BLU data theft, ADUPS hostile data collection and control over Android may (or may not) be temporarily quelled, but harmful capability remains with the ADUPS agent. Devices running ADUPS should be considered under malicious control, and they should not be used with sensitive data of any kind.
A portion of the reason why ADUPS is installed on the device and why Google can’t block it is because of the MediaTek chipset. The report further details that MediaTek tends to protect malware apps like this from Google’s security scans.
As a quick recap, the NOOK Tablet 7″ is a $50 Android tablet running on top of near-stock Android Marshmallow with low-end specs, preloaded NOOK software, and access to Google Play. There’s literally nothing special about it, except that it’s cheap and halfway decent.
However, with this new development, it’s a bit harder to recommend the tablet, even at that price. We’ve reached out to Barnes & Noble to find out if the company is aware of the situation and if it plans to update the tablet to remove the malware. For now, though, we’d recommend not buying the NOOK. If you’ve done so already, considering returning or resetting it.
Update: Since publishing, Barnes & Noble has responded to us to confirm that a software update has been pushed to all NOOK devices prior to sales with a newer version of ADUPS (5.5) which does not break Google’s security requirements. ADUPS further confirmed that no user data was transmitted from any NOOK 7 units. Barnes & Noble is also working on an update that will completely remove ADUPS from the tablet.
NOOK Tablet 7” went on sale on November 26. By that time, the device automatically updated to a newer version of ADUPS (5.5), which has been certified as complying with Google’s security requirements, when first connected to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable information or location data from NOOK Tablet 7” devices, nor will it do so in the future.
Finally, we are working on a software update to remove ADUPS completely from the NOOK Tablet 7”. That update will be made available to download within the next few weeks, but in the meantime customers can rest assured that the device is safe to use.” – Fred Argir, Chief Digital Officer
FTC: We use income earning auto affiliate links. More.