Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Android Cellphones China Operating Systems Privacy Security Software Hardware

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com) 43

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users.
UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."
This discussion has been archived. No new comments can be posted.

BLU Claims Innocence, Gets Phones Reinstated On Amazon

Comments Filter:
  • I was more concerned with my bluetooth not connecting unless I reset the radio (airplane mode on/off).
  • But Left Undeterred
  • Excuses (Score:2, Funny)

    by Anonymous Coward

    They sound like a teenager:

    "I didn't do it! Not really. Well, technically I guess. But it doesn't matter anyway. Everyone else is doing it!"

  • by duke_cheetah2003 ( 862933 ) on Friday August 04, 2017 @10:00PM (#54944763) Homepage

    I generally treat any smartphone as a very insecure device. They transmit gods knows what to god knows whom, on a regular basis. Pretty much every App is phoning home regularly. Obviously it's transmitting "Personally Identifiable Information", it kinda needs to so it can tell you from a stranger sitting next to you.

    With that in mind, use it accordingly. You really can't expect privacy out of these things, should anyone really want to dig about what you do. Like Law Enforcement. Smartphones are a treasure-trove of evidence for LE.

    I would even considering going as far as to treat these devices as 'foreign' on network infrastructure, walling it off from internal resources that may be less than secure because they're on an intranet, and inaccessible from the outside.

    • by whoever57 ( 658626 ) on Friday August 04, 2017 @10:21PM (#54944831) Journal

      While apps are all phoning home, the type of your personal data that an app can access may be limited.

      This, however, as a firmware install, can presumably access everything on the phone: all actions, all data.

    • by rtb61 ( 674572 )

      I like the idea of all data collected required to remain in the country of origin, so that it can be readily audited for privacy violations, especially with regard to minors, and appropriate fines, custodial sentences and damages awarded to citizens. There is not need to any data to leave the country and it should not. All stored and processed locally within the laws of that country. Other points of emphasis, zero data collection from any medical facility, from doctors practice to major hospitals, this is a

  • Amazon now has this no-questions return policy thing about which people are complaining. We could all order one of these phones, then leave horrible reviews (which, as people who bought them, would be considered more real), and then get refunds. If they popped up under a different account or product name, lather/rinse/repeat. Ah well, guess that's more of a job for reddit these days ;)
    • by gmack ( 197796 )
      I already left a bad review after mine waited until just out of warranty to start spamming me from a non removable app.
  • by Gojira Shipi-Taro ( 465802 ) on Friday August 04, 2017 @11:13PM (#54944967) Homepage

    I won't consider their phones, or let anyone relies on me do so. They might as well not bother.

  • I didn't hear anything about them suspending the sale of RED phones, and BLU and RED are always up to the same shit. It's almost like Spy Vs. Spy or something.

  • The real problem here is, yeah, you can remove ADUPS if you root the Phone. I did this. I also removed MTK Logger. If you root the Device however, and then try and update, the Phone will soft brick due to the way ADUPS updates the device in an inconsistent Manner. So getting a new Stock Rom means a complete Re-Flash and Re-Root, and eradication of the User Partition EVERY update to prevent Soft Bricking.

    Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Ma

    • Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Makes.

      They'd be better off making a Rom for nothing Blu makes, because making a Lineage OS port only rewards them by making their product more salable.

  • This is not BLU's doing, but it is. The firmware maker is causing all these issues, but they choose to collaborate with that company in the first place.
    • The issue is ADUPS and MediaTek. BLU Doesn't want to pay the QualComm Tax, this is why their Phones are GSM only. If BLU had to pay the QualComm Fee, BLU Phones would get alot more expensive. BLU Phones use ADUPS to do updates. ADUPS is Chinese State Spyware. Its intended to be installed on Phones from companies like Oppo. To spy on Domestic Chinese Citizens.

      What BLU is saying here is: We have to have ADUPS in our Roms to be able to update them. People will root our Phones if we don't have ADUPS. You aren't

  • You can root them with NO third party apps and then remove anything you do not care for, easy peasy. If you have an Alcatel or plan to buy one here is how you root it in under 2 minutes..

    Alcatel has its own "system updates" app. If you tap the three dots in the right hand corner and then hit "Help", then hit the "Auto -Check Intervals" button a bunch, it will unlock "Advanced Mode." Go back and tap the three dots again and it will be under "help." When you go into this advanced mode, it will ask you for a "

egrep -n '^[a-z].*\(' $ | sort -t':' +2.0