Skip to main content

Blu phones pulled from Amazon over Adups spyware concerns

blu phones
Andy Boxall/Digital Trends
Blu, the Florida-based smartphone maker known for its affordable lineup of Android smartphones, was in hot water earlier this week with Amazon over privacy concerns, but luckily, those issues have now been resolved.

On Tuesday, the online retailer said that it was suspending the sale of Blu phones because of a “potential security issue” on the company’s cheaper models. “Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved,” an Amazon spokesperson said in a statement.

However, on Friday, the unlocked Android devices were back on sale at Amazon after the “false alarm” was cleared up.

Hey BLU fans! After a false alarm, BLU devices are now back up for sale on Amazon. https://t.co/XKqFyEiBI0#BLU #BoldLikeUs #Amazon

— BLU Products (@BLU_Products) August 4, 2017

Blu is a key member of Amazon’s Prime Exclusive Phones program, which offered discounts on unlocked phones in exchange for ads on the lock screen.

“Since Nov 2016 when the initial privacy concern was reported by Kryptowire, which BLU quickly remedied, Amazon has been aware of the Adups and other applications on our BLU devices which were deemed at the time by BLU, Amazon, and Kryptowire to pose no further security or privacy risk,” Blu told Digital Trends. “Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale.”

And it would seem that Blu’s expectations have been met.

Amazon’s initial decision came a month after security firm Kryptowire demonstrated that apps on Blu phones were recording keystrokes, call logs, browser history, and unique phone identifiers like the MAC address and IMEI. In a report published in July, Kryptowire wrote that Shanghai Adups Technology, the company behind the data-collecting apps, was funneling the data to servers in China.

blu phones
Image used with permission by copyright holder

Kryptowire looked at more than 20 pieces of firmware for Blu phones, all of which contained exploits stemming from faulty MediaTek code. They used privilege escalation, a technique that gives certain apps more permissions than they’d normally have, to establish a command an control channel — a communications route with unfettered access to a device’s software. By executing commands as if they were the user, Adups apps could install apps, take screenshots, record the screen, make calls, and wipe devices.

MediaTek said it resolved the issue in November, but a number of Blu phone models, including the Blu Advance 5.0, haven’t received a security patch.

Blu said that is “has several policies in place which take customer privacy and security very seriously,” and Adups called it a “mistake.” But analysts at Kryptowire claims to have detected the spying software on at least three different phones.

Ryan Johnson, a research engineer and co-founder at Kryptowire, said that in May he observed Blu’s R1 HD and Grand M sending data to China containing the phone number, cell phone tower ID, and browser bookmarks.

“[It’s] generally [enough to] locate a person, presuming they’re in an urban area,” Johnson said. “It seems pretty widespread around lower-end phones.”

In a follow-up statement provided to ZDNet, Blu said that Adups software was only on some older devices, and that new phones would use Google’s Over-The-Air software.

“Blu decided to switch the Adups OTA application on future devices with Google’s GOTA,” Blu said. “Even though it is Blu’s policy to only use GOTA moving forward, some older devices still use Adups OTA.” Any data its devices collect, Blu noted, is only “standard for OTA functionality” and “does not affect any user’s privacy or security.”

Update: Blu phones are back on Amazon

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Samsung Galaxy Buds+ vs. Amazon Echo Buds
Amazon Echo Buds on ear

Thinking about buying a new set of earbuds but don't want to break the bank? Instead of dropping hundreds on a premiere pair of Apple AirPods, did you know you can nab a great-sounding pair of buds for almost half the cost? That's where Samsung and Amazon come in. With both the Samsung Galaxy Buds+ and Amazon Echo Buds, we have two powerhouse brands here taking different approaches to an increasingly popular product category, which has, at least until now, been dominated by Apple. Let's see which take on true wireless earbuds comes out on top.
Price

If you watched the video comparison at the top of this article, you may have noticed we said that the Echo Buds sell for $90. That was true when we made the video, but what we didn't realize was that Amazon had simply put the Echo Buds on sale temporarily. Their regular price is $130, and that's probably what you'll find when you hit Amazon's site. Currently, though, you can find them on Amazon for $79.

Read more
How to share your Wi-Fi password from your iPhone to an Android device
Person holding iPhone 11 with a customized home screen layout.

Sharing your home or office network doesn't mean you must hand out the password like a business card. You don't need to text the information, write it down in a folded love note-like manner, or send it in an email. Instead, you just need to generate a QR code to share the information.

This guide shows you how to share your Wi-Fi password from an iPhone to an Android device. Afterward, we reverse course and show you how to share a network password with an iPhone using stock Android 11 and a Samsung phone with Android 10. The methods are extremely simple and are far more secure than dolling out passwords in written and texted forms.
Share your network password from iPhone to Android
Because iOS doesn’t have a built-in QR code generator like Android, you need to install an app like Qrafter or Visual Codes. In this guide, we use the latter app, which requires iOS 11 and newer. It's free to use in this case, but you can unlock the Share & Print Codes feature for $1 and the ability to save scanned codes for another $2.
On the iPhone

Read more
How to set parental controls on your Amazon Fire tablet
amazon fire hd 8 2017 review 10

Tablets can be great devices for kids since they can play games, watch movies, read books, and a whole lot more. But, you need to be able to protect them from questionable content. The best kids’ tablet you can buy right now is the Fire HD 8 Kids Edition. One of the reasons that it’s our top pick is that Amazon tablets have some of the most comprehensive parental controls around.

Amazon’s parental controls work on any Amazon Fire tablet, so whether you have one of the Kids Edition tablets, a Fire HD 10, or an older Fire tablet, you can still use these controls. In this guide, we’re going to run through how to set up parental controls on your Fire tablet and highlight some of the key features you’ll want to take advantage of.
How to set up parental controls on a Fire tablet
We’ll assume that you’ve created your own profile and signed into your Amazon account on the Fire tablet in question. If you haven’t, then go to Settings > My Account and do so. Now, there are two ways to restrict access on your tablet. This first method is easier and quicker, but we recommend you skip ahead to the second as it's more versatile.

Read more