Researchers at mobile security firm Kryptowire have discovered software running on some smartphones that sends sensitive data to a server in China without clearly making that clear to users.
One of the phone makers with affected models is Florida-based Blu Products, maker of the popular BLU R1 HD smartphone that Amazon sold for as little as $50… until recently (the phone is no longer available from the Amazon Prime Exclusive Phones page).
After BLU was notified, the company pushed out a software update to phones including the BLU R1 HD. But if you’re wondering how this came to happen in the first place, the New York Times did some digging.
In a nutshell, a Chinese company called Adups creates software that allows phone makers to update firmware on a smartphone remotely. One of the company’s clients wanted the ability to see call logs, text message content, and location information, and contact lists, allegedly in order to identify junk messages.
The software was not suppose to be installed on phones sold in the United States, and according to the New York Times, Google has told Adups that phones which ship with the Play Store and other Google apps should not include that monitoring feature. That should include most Android phones sold in the US, Europe, and most other parts of the globe… but not Android phones shipped in China, where Google apps are not available.
While it’s good to know that BLU has addressed a problem that it says affected about 120,000 smartphones, it’s unclear how many phones from other manufacturers also include the spyware feature. I suspect folks who’ve been using affected devices for the past few months may also be less than pleased by the assertion that their text messages aren’t being sent to a Chinese server anymore.
Update: BLU CEO Sammy Ohev-Zion tells PC Magazine that the company is pulling the plug on Adups and only shipping phones using Google’s own firmware-updating system from now on.