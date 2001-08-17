from the color-me-unimpressed-and-blue dept.
[...] The online retailing giant told CNET that it was suspending sales of phones from Blu, known for making ultra-cheap handsets, due to a "potential security issue."
The move comes after security firm Kryptowire demonstrated last week how software in Blu's phones collected data and sent it to servers in China without alerting people. Blu defended the software, created by a Chinese company called Shanghai Adups Technology, and denied any wrongdoing. A company spokeswoman said at the time it "has several policies in place which take customer privacy and security seriously." She added there had been no breaches.
[...] "Because security and privacy of our customers is of the utmost importance, all BLU phone models have been made unavailable for purchase on Amazon.com until the issue is resolved," Amazon said in a statement.
[...] Blu was one of the key participants in Amazon's "Prime Exclusive Phones" program, which offered steep discounts on phones to its members in exchange for ads on their lockscreen. Blu is no longer listed on the page.
Blu cited Krytopwire executive Tom Karygiannis as saying the company didn't do anything wrong, although Karygiannis later told CNET that he didn't authorize Blu to make a public statement on his behalf. He confirmed that he spoke to Amazon to give the retailer data on his findings.
BLU Phones Secretly Sent Personal Data to China
-- submitted from IRC
Security firm Kryptowire discovered that an app in some BLU Android smartphones was transmitting personal user data to a Chinese server every three days.
The unlocked smartphone company BLU has now admitted that several of its handsets have been secretly sending out personal data collected from their owners. The data was transmitted via a third-party app that was installed on six of its phones.
According to The New York Times (paywalled article), the security firm Kryptowire first discovered that an app in some of BLU's phones was transmitting data to a Chinese server every 72 hours. It's not yet clear if the data was being mined for advertising purposes or to collect intelligence for the Chinese government. However, the story adds that the company that wrote the software, Shanghai Adups Technology Company, claims the app was made for a Chinese phone manufacturer to monitor users. It also claims it was not meant to be installed on handsets sold to a U.S. audience.
BLU has since admitted that about 120,000 of its phones "had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers" via the "Wireless Update" app. The six phone models that were affected are the R1 HD, the Energy X Plus 2, the Studio Touch, the Advance 4.0 L2, the Neo XL, and the Energy Diamond.
Well, maybe that explains why BLU smartphones are so cheap...
(Score: 4, Insightful) by MrGuy on Tuesday August 01, @03:11PM (2 children)
When are they going to suspend sales of every other smartphone manufactured today?
Today's smartphones are mobile surveillance platforms. And if you think it makes a dime's bit of difference if the one who's stealing all your personal data is AT&T instead of the PRC, then I have some bad news for you.
(Score: 2) by RamiK on Tuesday August 01, @03:56PM (1 child)
Sure there's a difference. The PRC has very little opportunity to exploit your personal information since you live outside their jurisdiction. They also won't sell your information on the open market since they don't want foreign agencies to know the extent of their data gathering capabilities.
On the other hand, AT&T will gladly sell all your personal data to the highest bidder regardless if it's governments, advertising companies, credit companies or criminal organizations.
(Score: 2) by nobu_the_bard on Tuesday August 01, @04:04PM
You're right, I'm sure the PRC will do nothing with your data at all. They'll just vacuum it up and put it in a data center somewhere forever and never look at it or show it to anyone ever for any reason. Yep.
(Score: 2) by kaszz on Tuesday August 01, @03:27PM (1 child)
Are BLU phones bootloader locked?
(Score: 1, Informative) by Anonymous Coward on Tuesday August 01, @03:36PM
I think they are not. I remember looking into it a while back, and I believe Blu was one of the companies that DID have some sort of root provisioning (I think it was just an adb or fastboot unlock command without requiring an authorization password, unless you set one.)
I had seriously considered them except that the models with an open source friendly GPU were the models with low RAM and not so great pricing, and the models with good pricing or sufficient RAM were the ones with non-OS friendly GPUs (later MALI cores, or possibly SGX. I forget.)
