Phone maker BLU is settling charges that it allowed a China-based partner to collect a mountain of customers' personal data—including full content of text messages, real-time locations, telephone numbers, contacts, and installed apps—despite promises it would keep such details private.
Under a settlement with the US Federal Trade Commission announced Monday, BLU agreed to implement a "comprehensive data-security program" to prevent similar privacy leaks in the future. Both the company as a whole and co-owner and President Samuel Ohev-Zion are barred from misrepresenting the extent to which they protect the privacy and security of personal information. The company further will be subject to third-party assessments of its security program every two years for 20 years and must comply with record-keeping and compliance-monitoring requirements.
full contents of text messages
real-time cellular-tower location data
call and text message logs with full telephone numbers
lists of applications used and installed on each device
AdUps collected text messages and transmitted them back to company servers every 72 hours while collecting location data in real time and transmitting it to servers every 24 hours, the FTC's complaint said.
Following the 2016 Kryptowire report, BLU notified customers that AdUps ceased its data collection activities. Even then, however, BLU "continued to allow AdUps to operate on its older devices without adequate oversight," FTC attorneys wrote.
The FTC action made no mention of a follow-up report from Kryptowire in 2017. It said three models of BLU phones continued to collect a more limited set of users' personal information and sent them to servers located in China. For instance, Kryptowire said that two models—the Grand M and Life One X2—sent phone numbers, IMEIs, IMSIs, Wi-Fi MAC addresses, device serial numbers, and lists of installed applications, as well as cell-tower IDs and locations. The security firm said the BLU Advance 5.0 contained code-execution and logging capabilities that could be used by third-party apps.
A BLU executive responded to the Kryptowire update at the time by saying the data collection was standard for over-the-air functions. "This is in line with every other smartphone device manufacturer in the world," BLU Marketing Director Carmen Gonzalez wrote in the response. "There is nothing out of the ordinary that is being collected," she wrote, and she also asserted that BLU "certainly does not affect any user's privacy or security."
At the time of the Kryptowire update, Amazon said it was suspending sales of BLU phones. Aquick search on Monday showed a variety of BLU phones available from the online retailer.
- 3G Mobile Phone Selection
- WCDMA Basic Introduction
- Mobile Phones Are Practical And Easy To Use In ...
- 3G Mobile Application
- What Is A 3G Smart Phone?
- Key Phone Fault Solution
- WCDMA Technical Features
- 3G Mobile Phone Use Advantage
- 3G Mobile Phone Wireless Interface
- The Ministry Of Industry And Information Techno...
- ZTE Phones, Budget-priced Androids Favored By S...
- Telstra Stops Selling ZTE Phones: What You Need...
- Need A Phone? Get A Huawei P20 With Your TNW201...
- New IPhone SE 2 Leak Reaffirms Bezel-less Desig...
- Google Unveils Android P: New Gesture-based Int...
- Asus Zenfone Max Pro M1 Hands-on Review
- Lenovo Z5 Sketch With Nearly 100% Screen-to-bod...
- 红米 S2 想靠自拍来吸引线下消费者
- Why The Worst May Be Over For Nokia
- Best Smart Lighting: From Philips Hue To Lifx, ...