It turns out that an application that can check the battery status of the car was sending location information to China, the application has been downloaded more than 100,000 times and is also used in Japan



Many smartphone applications collect personal information such as contact information and location information. It became clear that a new `` application that can manage the state of the battery installed in the car '' was sending location information to China. The app in question has been downloaded more than 100,000 times on Android alone, and it seems that there were users in Japan as well.

Part 1 - Discovering that your Bluetooth car battery monitor is siphoning up your location data - doubleagent.net

https://doubleagent.net/2023/05/21/a-car-battery-monitor-tracking-your-location

The app in question is an app named ' BM2 ' that is used in combination with Quicklynks' battery status checker ' Battery Monitor BM2 '. BM2 has an iOS version and an Android version , and the Android version has been downloaded more than 100,000 times at the time of article creation.



In addition, several reviews of the battery monitor BM2 have been posted on the automobile-related information sharing site 'Minkara', and it can be confirmed that there were users in Japan as well.



HaxRob, a self-proclaimed hacker, analyzed the contents of BM2's communication and found that BM2 collects user's location information and sends it to the Chinese map service '

Amap' . The destination of the data is the Beijing and Hong Kong servers managed by Alibaba, the provider of Amap, and the location information includes 'GPS coordinates', 'Wi-Fi', and 'mobile phone base station' information. .

According to HaxRob, at the time of discovery, the distribution page of the Android version of BM2 displayed a statement that ``do not share data with third parties'' and ``do not collect any information''.



At the time of writing the article, it was added to the Android version distribution page that it would collect 'location information', 'photos and videos', and 'device or other IDs', but it said that 'data will not be shared with third parties'. is still displayed.



Quicklynks, the manufacturer of BM2, states in BM2's privacy policy that it will send smartphone location information and battery monitor BM2 body location information to Hong Kong, but does not include information about Amap.



In addition, Mr. HaxRob explains in detail the details of BM2's communication content analysis and reverse engineering method in the following article.

Part 1 - Discovering that your Bluetooth car battery monitor is siphoning up your location data - doubleagent.net
https://doubleagent.net/2023/05/21/a-car-battery-monitor-tracking-your-location



in Mobile,   Software,   Hardware,   Ride,   Security, Posted by log1o_hf