I found that the company I work for is putting backdoor into mobile phones

Delete the backdoor code, with a commit message saying you have removed a security vulnerability. Watch them try to defend leaving the backdoor in the system (favorite excuse I've heard is 'we need it for troubleshooting!') - they can rollback the commit if they really want the backdoor in. Send out resume.

Doesn't surprise me. In that circumstance, I'd quit via a letter to the shareholders.<p>That's what I did when I worked for a large nefarious killing machine provider when I had a tony stark moment, grew some balls and worked out what they were doing was utterly wrong.<p>I informed them that I was bound by British law as well which supercedes any corporate rules and contracts.

<a href="http://news.ycombinator.com/item?id=3989800" rel="nofollow">http://news.ycombinator.com/item?id=3989800</a>

Devil's advocate: assuming the company already quietly install updates, and the backdoor is not secured worse than the auto-update mechanism, this does not really give them additional capabilities. (Also, the phone likely already has more serious vulnerabilities.)<p>Of course, this exchange does suggest bad things about the company's ethics and competence.

&#62; I have found out recently that the remote assistant software that we put in smartphone we sell can be activated by us without user approval.<p>Maybe I'm missing something, but it says nothing about what might possibly happen in case their remote assistant is remotely activated. Also it's unclear how large is their user base. Everyone kind of assumes serious implications, though.<p>IMO if this whole thing is true, it indicates that the company probably doesn't have good QA and development process in place. Otherwise either such a bug would not exist (most likely it was left for debugging purposes), or it would really be a product of an evil intent (and hidden from uninitiated developers).

Seriously, is there any significant piece of hardware on stores nowadays that doesn't have multiple backdoors from application level down to the very microchips? Like [1].<p>[1] <a href="http://articles.businessinsider.com/2011-06-27/news/30048253_1_microchips-missiles-foreign-chip-makers" rel="nofollow">http://articles.businessinsider.com/2011-06-27/news/30048253...</a>

I wonder if it's this Verizon Remote Diagnostics tool that started getting loaded onto a few phone models a couple months ago.<p><a href="http://www.engadget.com/2012/03/20/verizon-updates-revolution-with-remote-diagnostics-htc-turns-to/" rel="nofollow">http://www.engadget.com/2012/03/20/verizon-updates-revolutio...</a>

contact EFF ? quit your job ?

<i>We are not using this option, and it is probably there by mistake.</i><p>Aww, sweet innocence.

Ask for partnership for not publicizing it :)

please speak up. you should go to anybody and everybody you can and make your concerns known. it's possible that the people above you don't even know, but in the event they do, you should probably inform local news or someone.<p>I'm not saying that you should try and lose your job, but you should make your disagreement known.

I would disclose to a security firm that I felt was trustworthy and let things go from there.

Can't think of a catchy name for it, but maybe the StackExch team needs to start a "Programmer Confessions" forum.

Can we assume this company is not Huawei/ZTE?