Blu Products, more commonly recognized as a company that offers budget Android smartphones, has been suspended by Amazon from selling its products on the store over privacy and spyware concerns.
The largest online retailer in the world has now removed Blu devices from its listings until the company "resolves the issue." Amazon's pullout comes less than a week after Kryptowire reported Blue devices were still sending sensitive data to China.
Blu had previously run into wide media coverage over privacy concerns. Back in November, the company admitted that a third-party app installed on Blu devices collected info from users via text messages, call logs, and contacts on a limited number of devices. Blu confessed at the time that the spyware, an OTA tool called Adups, affected 120,000 Blu phones. Blu also said it would replace Adups with Google's OTA tool instead for forthcoming smartphones.
Now, Blu has come out and refuted the latest spyware allegations. The company calls the reports "inaccurate" and "false," saying that it's already reaching out to news outlets to make them correct their articles and issue apologies. Blu says it has started receiving them.
"[T]here is absolutely no spyware or malware or secret software on BLU devices, these are inaccurate and false reports," says Blu, adding that its current data collection practices is simply a part of the standard requirements for OTA functionality and "does not affect any user's privacy or security."
Blu says Amazon and other companies have been aware of Adups since November 2016, and that these same companies don't see any security or privacy risk associated with the software. Its devices, Blu claims, still behave the same way and haven't performed anything to trigger privacy concerns. Blu says it hopes Amazon could put back Blu devices on its site.
Blu And Spyware Allegations
Kryptowire published a report this past July suggesting Shanghai Adups Technology, the company behind the data collection apps, was funneling data servers to China. Kryptowire observed over 20 pieces of firmware for Blu devices, and all contained exploits. The apps used privilege escalation, which granted access to certain permissions more than what apps can typically have.
There are other forms of data collections allegedly occurring on these entry-level Android smartphones, but Ryan Johnson, a Kryptowire research engineer, gives a sense of what it essentially all means:
"[It's] generally [enough to] locate a person, presuming they're in an urban area," Johnson said. "It seems pretty widespread around lower-end phones."
Amazon has yet to comment on Blu's response regarding the allegations. Expect due coverage when it comments or when Blu smartphones go back up its store.