AYANEO in the Spotlight for the Wrong Reasons After AYAWindow Discovery

Another day, more potential controversy has arrived for AYANEO. However, this time around, it has nothing to do with pre-orders, shipping dates, or any of the other issues that we’ve covered and/or endured. As first noted by Mr. Sujano, AYANEO’s built-in AYAWindow app may not only be taking screenshots without your knowledge, but also sending those screenshots to servers somewhere.

According to the “issue” raised on Mr. Sujano’s GitHub sources, the attached image shows the folder location as data > data > com.ayaneo.gamewindow > cache > snapshot. The post provides the following additional information:

There’s over 1200 screenshots in there of me performing various actions/playing different games, and it updates in real time (for example: if I open an old screenshot, a screenshot of that screenshot becomes the newest screenshot) which I find really troubling.

In addition, the AYAWindow app has transmitted 12.5GB of data off of my devices since November 17th. I encourage everyone with a rooted Ayaneo device to go poking around in that directory and check how much data your AYAWindow app has transmitted.

After learning about this, I began rooting my various AYANEO handhelds in an effort to see if I could find the same folder. Here’s what I’ve found so far:

Admittedly, I can’t speak to the amount of data that was transferred, as I haven’t used my Pocket DS nearly as much as the original poster. However, after digging a bit deeper, I installed the PCAPdroid app so I could try to see whether the screenshots (or data in general) were being sent abroad.

It didn’t take long, but a few minutes after getting everything set up, I noticed the first domain that I didn’t recognize: android.bugly.qq.com. A quick Google search later, and this is described as being “Tencent’s Bugly service, a tool designed for Android developers to track app crashes, exceptions, and operational data.”

When opening the connection in the list to view more information, it does show that data is being transferred to servers abroad.

Even if you want to make the argument that it’s a common and (mostly) trusted application, there are a couple of questions that are still valid:

1. Why is it present on the Pocket DS, but not handhelds?
2. Is v1.5.99 a unique build specific to the Pocket DS, or will it eventually arrive for other AYANEO handhelds?
3. If the purpose of capturing screenshots is to help with debugging and troubleshooting, where’s the disclaimer?
4. Why is the folder being constantly updated with new screenshots?
5. Where and who is the data being sent to?

I’ll be leaving the PDACdroid app installed and running on my Pocket DS, in order to see if anything else peculiar appears. In the meantime, we’re also reaching out to AYANEO for comment and continuing to investigate the situation until a conclusion is reached.