Blu, a Miami-based budget Android phone company, has been suspended from selling on Amazon after cybersecurity experts detailed how software preloaded onto its devices collects sensitive user data and sends it overseas, according to CNET. Kryptowire, a Virginia-based security firm, said last week during the BlackHat security conference in Las Vegas that spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.
Blu denies any change in the preloaded programs and claims it is not spyware
"Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved," Amazon said in a statement to CNET. Last week, Blu denied any wrongdoing and said in a statement of its own that it "has several policies in place which take customer privacy and security seriously.” The matter is particularly sensitive for Amazon because Blu was an early partner for the retailer’s Prime Exclusive Phones program. That program promotes Amazon and third-party products and services via lockscreen advertisements in exchange for Prime member discounts on budget devices. Blu no longer shows up on the list of supported devices.
This is not the first time Blu has gotten into trouble for skirting both US privacy regulations and Amazon’s marketplace rules. Blu was suspended back in October after Kryptowire first discovered Adups’ spyware on the the Blu R1 HD, the best-selling phone on Amazon and the company’s most popular model. Adups called the implementation of tracking software a “mistake” at the time and removed it from the R1 HD and the Life One X2 models. However, this time around, Kryptowire discovered similar software, which was collecting device identification data and even location data from cell tower IDs, loaded onto slightly more expensive Blu phones.
Blu issued a new statement to The Verge following Amazon’s suspension. "Since Nov 2016 when the initial privacy concern was reported by Kryptowire, which Blu quickly remedied, Amazon has been aware of the Adups and other applications on our Blu devices which were deemed at the time by Blu, Amazon, and Kryptowire to pose no further security or privacy risk,” the company said. “Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale.”
Update at 2:40PM ET, 8/1: Added new statement from Blu regarding Amazon’s suspension.