Blu, a Miami-based budget Android phone company, has been suspended from selling on Amazon after cybersecurity experts detailed how software preloaded onto its devices collects sensitive user data and sends it overseas, according to CNET. Kryptowire, a Virginia-based security firm, said last week during the BlackHat security conference in Las Vegas that spying software from Chinese company Shanghai Adups Technology was still present on certain Blu handsets. The software leaves users vulnerable to remote takeovers and having their text messages and call logs recorded, as well as other forms of discrete data collection.
“Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved,” Amazon said in a statement to CNET. Last week, Blu denied any wrongdoing and said in a statement of its own that it “has several policies in place which take customer privacy and security seriously.” The matter is particularly sensitive for Amazon because Blu was an early partner for the retailer’s Prime Exclusive Phones program. That program promotes Amazon and third-party products and services via lockscreen advertisements in exchange for Prime member discounts on budget devices. Blu no longer shows up on the list of supported devices.
This is not the first time Blu has gotten into trouble for skirting both US privacy regulations and Amazon’s marketplace rules. Blu was suspended back in October after Kryptowire first discovered Adups’ spyware on the the Blu R1 HD, the best-selling phone on Amazon and the company’s most popular model. Adups called the implementation of tracking software a “mistake” at the time and removed it from the R1 HD and the Life One X2 models. However, this time around, Kryptowire discovered similar software, which was collecting device identification data and even location data from cell tower IDs, loaded onto slightly more expensive Blu phones.