Back in November 2016, news broke cover that some of BLU’s affordable smartphones were apparently sending sensitive user information to China.
Following the discovery, BLU was forced to remove some of its spyware-infected products off Amazon’s virtual shelves. But a month later, the products were once again available, this time no prying software onboard.
However, despite BLU’s claims that it has taken care of the issue, researchers from Kryptowire present at the Black Hat security conference in Las Vegas last week revealed that some BLU products are still sending data to the company’s server located in Shangai without users’ knowledge.
The culprit is a third-party app called AdUps which apparently is still alive and well on some BLU devices, although the Chinese company who build the software allegedly disabled the spying functionality on the two devices it was originally discovered on.
In the aftermath of the announcement, Amazon issued a statement saying it has suspended sales of BLU phones on its website. BLU’s R1 HD was part of Amazon’s Prime Exclusive Phones program, but now the device is listed as “Currently Unavailable”. Amazon isn’t taking any chances and says customers should contact BLU’s customer support.
“Because security and privacy of our customers is of the utmost importance, all BLU phone models have been made unavailable for purchase on Amazon.com until the issue is resolved.”
Amazon statement to CNET
BLU denied any wrongdoings, explaining it stopped including AdUps in its product software package since 2016, although some older devices still use it.
Yet, it seems not all BLU models are listed as “Currently Unavailable” on Amazon. For example, I can still place an order for the BLU Studio X8 HD or the BLU Grand 5.5 HD. So maybe Amazon only stopped selling the BLU phone models that have been found to be infected like the BLU R1 HD? Even though the BLU R1 HD is not an “older” device.
Update: BLU has sent a statement regarding Amazon, which you can read below:
“Since Nov 2016 when the initial privacy concern was reported by Kryptowire, which BLU quickly remedied, Amazon has been aware of the Adups and other applications on our BLU devices which were deemed at the time by BLU, Amazon, and Kryptowire to pose no further security or privacy risk”
“Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale.”