It’s been a little over half a year since security researchers at Kryptowire discovered software running on some budget smartphones that sends sensitive data to a server in China without notifying the the user of the phone. One of the phones in question was the popular (and dirt cheap) BLU R1 HD.
BLU released a software update to address the issue, but Kryptowire researchers told CNET recently that some BLU phones still are still running the offending software… and Amazon has responded by suspending sales of all BLU phone models until the issue is resolved. Sort of.
A quick scan of some of the BLU phones sold on Amazon.com shows that some models like the BLU R1 HD and BLU LIfe One X2 are listed as “currently unavailable.” But others, including the BLU Studio X8 HD and BLU Tank Xtreme 4.0 are still available for purchase.
As far as I can tell, the difference is that the phones you can still buy aren’t actually sold by Amazon. They’re fulfilled by Amazon, which means you’re actually buying the phone from a third-party store, but Amazon handles the transaction.
For its part, BLU claims that “there is absolutely no spyware or malware or secret software” on its devices, and that the company moved to disable the portion of the Adups OTA software that had been collecting contact details and text messages and to use Google’s OTA application on newer devices (although some older devices still have Adups… which BLU insists does not intrinsically constitute a privacy threat as long as the option to collect sensitive data is disabled).
Apparently Amazon wants more assurance before fully reinstating sales of BLU’s phones.
via Android Police