A few weeks ago I bricked the tablet I was given by a good friend. It’s recoverable and not forever lost, but I calculated the amount of time spent restoring through ADB (or moving to Cyanogen) is far more than the value of the tablet. The amount of time to do this also makes it less expensive to just buy a new tablet, one with specs I want.
Since this previous tablet was a gift, I did some homework and because of my day job I had a good idea of what I wanted in a tablet. I also have been recommending Thinkpads for the last 8 years. So why not try a Lenovo tablet? The Yoga 2 covered all my needs, came in a decent 8″ size and boasted great battery life.
What the tablet website, all the reviews, and Lenovo itself failed to mention were two major problems:
1. Lenovo Yoga 2’s have previously been rooted according to Cisco Meraki (or likely any other MDM)
2. Lenovo Yoga 2’s come pre-loaded with junky malware called Security HD
So this isn’t as bad as Superfish, and I don’t want to give the impression that it’s on that level. It is however particularly disheartening to see there are problems with Lenovo’s tablets as well as the laptops.
It took a little searching to figure out that Security 
HD is really just a re-branded and translated version of some existing Lenovo software called SECUREit.
Before someone can even click the I accept button to use Security HD, they are prompted to read the Security User Experience Improvement Program document (click link for a PDF print of this page). This page leads straight to an English generic terms of use for what Security HD/SECUREit can do. (On a side note the server running this page is outdated and vulnerable to several security flaws.)
Reading through the SECUREit page, it’s pretty clear that the only way to obtain the features it touts is to place it’s processes directly between the Internet and other apps on a device.
And it’s fairly likely the only way to place an app like this between other apps and the Internet is to develop the proper hooks into the base Android OS, or to root the OS, modify the system to allow this app to work, and then remove evidence to try and “un-root” the device. This sounds like exactly the sort of hack I would do if I wanted to unscrupulously intercept and monitor the traffic on someone’s tablet. Security HD of course is tagged as a system app and can’t be uninstalled without rooting the tablet.
It’s unfortunate that it came pre-shipped with this problem on it. I thought perhaps I was just the unlucky recipient of a jacked tablet. I called Lenovo tech support and tried to get an answer as to why my new tablet was detected as rooted. They didn’t have much of an answer of course, I never got beyond Level-1 tech support.
I knew I was expecting much considering they don’t even know how to operate their phone system. I was transferred at least three times, but I will have to go back and check the total number of times. After close to two hours I was kindly offered to be transferred to Android premium support for the lost cost of $39 per call. I demanded to not be charged, asked for a manager, all of that good stuff.
After not getting anywhere with that line of calling, and never really getting a straight answer, I called to get the unit replaced stating there is a problem with the software. This was the easiest imaginable transaction I had. With my existing case # I was able to get a new tablet shipped to me without question. Lenovo warranty support seems to have a lot of practice returning products.
This time I recorded my opening of the tablet from the packaging, all the way through until Meraki detected the tablet as rooted. I have to spend some time editing my personal info & login out of the video, so that will be awhile before it is posted. This brand new tablet detected as rooted immediately, and Avast again detects Security HD as malware.
I never trusted the original tablet to continue using it for long, but I used this new one to see what else I could find out before trying to return it as well. Turns out that even disabling Security HD is pointless, as it re-enables itself and runs whenever the tablet is restarted.
I would love to have the time to load Fiddler and see what kinda of insidious activity a Yoga 2 is really doing without the knowledge of its owner. But I don’t have that kind of time. The amount of time I have now spent chasing down Lenovo’s insulting behavior is more than enough to have brought my old tablet back to life.
For what it is worth, I will never again recommend a Lenovo to anyone again. I doubt I have found anything as significant as Superfish, and I know I haven’t investigated this as thoroughly as possible. But between Superfish and Security HD I am reminded that Lenovo is a company at the mercy of the Chinese government, and simply can’t be trusted. This is the same reason I will never purchase or recommend a Huawei or ZTE device either. To all my friends looking to buy a tablet or a new computer, I hear Dell is trying to make a comeback.
One comment