Blu
YouTube

The US smartphone brand Blu, which is well known for making cheap and cheery mobile phones, has temporarily been blocked from selling their products on Amazon following claims that Blu products carry spyware.

Amazon told CNET that they have banned Blu from selling its handsets on their site due to a "potential security issue".

Last year in November, security firm Kryptowire had published a detailed report that said that Blu devices contain a firmware-over-the-air update software from Chinese vendor Shanghai Adups Technology, which transmits SMS messages and other private data from the device to a server in China

A while after this report, Blu announced that they have apparently requested Adups to disable the functionality on all Blu devices and also flagged that they would switch to Google's own update software. Adups had also said that they have fixed the issue.

However, at the Black Hat security conference last week, Kryptowire, again, demonstrated that Adups has not stopped, rather it is still transmitting users' private data and it also features a command-and-control server that is capable of installing apps, taking screen shots, recording the screen, making calls, and wiping devices without the user's permission.

Kryptowire singled out the Blu R1 HD device, which cost $60 and was very much available on Amazon, for harboring the treacherous Adups software.

According to Kryptowire co-founder Ryan Johnson, Adups replaced its firmware with "nicer versions" but said further analysis in May of another Blu model found Adups was still making the same mistakes, describing it as a "huge invasion of privacy".

It was actually transmitting a host of apps installed, apps used, unique device identifiers, including the MAC address and IMEI number, the phone number, and cell phone tower ID from the device.

"Because security and privacy of our customers are of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved," Amazon said in a statement to CNET.

Blu has issued a statement, which says that only some old devices of the company carry Adups software and that the new devices would use Google's OTA software.

"Blu decided to switch the Adups OTA application on future devices with Google's GOTA. Even though it is Blu's policy to only use GOTA moving forward, some older devices still use Adups OTA," the statement read, which was published on PR Newswire.

"The issue is exactly what kind of data is actually being collected by this Adups application, and whether it presents a security or privacy risk," it added.