Amazon Abruptly Suspends Blu Phone Sales Over Potential Security Concerns

A company called Blu Products is seeing red after Amazon, the world's largest online retailer, decided to halt sales of Blu brand smartphones over concerns that the company's handsets might contain spyware. Blu, which is based in Miami, denies that anything nefarious is going on and says that previous data collection capabilities through a third-party OTA application have been disabled.

While Blu does not enjoy the same brand recognition as Samsung or Apple, it was able to carve out a following by selling lower cost Android devices. However, concerns over privacy started to mount after cybersecurity firm Kryptowire showed that Blu brand phones were collecting data and sending the information to servers in China without letting users know. This prompted Amazon to stop selling Blu phones.

Blu Phone

"Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on until the issue is resolved," Amazon said in a statement.

What's at dispute is the OTA firmware update software that Blu phones use. The software is provided by Shanghai Adups Technology in China. The software is said to send text messages and other private information to a server in China, though according to Blu, it had no idea this was going on.

"The original report by Kryptowire issued on November 2016 regarding the Adups OTA application, stated a small fraction of Blu phones had a version of the application which was collecting phonebook contacts and text messages. Since Blu was unaware of this collection, they hadn't notified customers, thus it was deemed as a potential privacy issue. Blu moved quickly and resolved the problem by having Adups turn off this functionality," Blu said in response to Amazon pulling its phones.

Blu said it took the additional step of switching from the Adups OTA app on future devices to Google's GOTA. Even so, Blu defended Adups as a "well-known application," stating that its OTA software is "not an issue here." Blu did concede that the data being collected is both a security and privacy risk to consumers.

"Blu hired Kryptowire in November of 2016 since their first report to regularly monitor the Adups application in their devices, and they have since been doing that... Regarding that some information may be stored in China servers, their privacy policy clearly states that some of the data collected can be stored in servers outside the US, there is absolutely nothing wrong with having a server in China," Blu added.

You can read Blu's somewhat lengthy statement here. It seems that Blu is trying to playing both sides of the field rather than just saying, "Hey, we screwed up. We're sorry and it won't happen again."