Anorher Chinese firm...
I've been evaluating the budget Q8H_HD Android tablet, and it's actually a lovely piece of kit for under 30 quid.
However, it comes preinstalled with a hobbled browser that hard codes their search engine referral-url (to ask.com .... no surprises there) and home page, and also a utility that regularly phones home with a bunch of details, hardware id, google account details, and receives instructions for new apps to update/install, and those to delete (trend micro anti-virus) is on the list.
Worse, it's been flashed into the firmware to reinstall itself if deleted, requiring a complete reflash to remove (fortunately there are ways to disable it without reflashing)
Relatively benign at the moment, but basically a root-kit, especially as the Linode-hosted C&C servers are accesed over unencrypted http using non-DNSSEC dns entries...
I'm still not sure whether it's the shop, the distributer, or the manufacturer who is responsible for this, but like Sony, and now Lenovo (for the second time) it's yet another company doing stuff that would get an individual doing the same a custodial sentence