Barnes & Noble’s Nook Tablet 7 Apparently Laden With Spyware That Was Blacklisted By Google [Updated]

You might want to think twice before adding Barnes & Noble’s latest tablet to your virtual or physical cart. It has been reported that the Nook Tablet 7 has been found to include ADUPS, which is known for specializing in collecting data from Android users and installing hostile apps.

Barnes & Noble departed from its  OMAP/Snapdragon designs and instead contracted Shenzhen Jingwah Information Technology Co., Ltd. The tablet runs MediaTek’s MT8163 ARM Cortex-A53 processor. MediaTek, a low-cost chipmaker, is known for protecting malware from Google security and has actively worked with ADUPS in the past.
NOOK Tablet 7
ADUPS is capable of SMS recording, SMS transmission, IMEI exfiltration, IMSI transmission, call log transmission, call Contact Information Transmission, along with location collection and transmission. It can also inject its own commands, remotely access application updates and installation as well as execution and privilege escalation, and transmit lists of installed applications and order of application execution. Long story short, ADUPS is nasty.

ADUPS recently compromised many BLU-phone models. It was found to be transmitting call logs, SMS, contacts, and location info from the United States to Chinese servers using DES encryption. A class-action lawsuit investigation has been filed against BLU by the Rosen Law Firm of New York. The law firm is currently collecting is collecting class members and information for a damages assessment. 

Affected BLU devices also included a "Wireless Update" entry in the Application menu, which could disable ADUPS. The Nook Tablet 7 does not have any way to get rid or disable ADUPS. Users will need to utilize a format of the eMMC and install a third-party ROM in order to use the Nook Tablet 7 safely.

ADUPS has been blacklisted by Google in its CTS and many believe that any device that runs ADUPS should be considered permanently compromised.

Updated 12/22/2016 @ 12:34 PM

Barnes & Noble reached out to inform us that while its Nook Tablet 7 does indeed ship with ADUPS, that its included version in no way puts customer data at risk. The company also indicated that it will be shifting away from ADUPS completely in the future. The full statement from Barnes & Noble Chief Technology Officer Fred Argir can be read below:

NOOK Tablet 7” went on sale on November 26. By that time, the device automatically updated to a newer version of ADUPS (5.5), which has been certified as complying with Google’s security requirements, when first connected to Wi-Fi. ADUPS has confirmed to Barnes & Noble that it never collected any personally identifiable information or location data from NOOK Tablet 7” devices, nor will it do so in the future.

Finally, we are working on a software update to remove ADUPS completely from the NOOK Tablet 7”. That update will be made available to download within the next few weeks, but in the meantime customers can rest assured that the device is safe to use.