Privacy Concerns About BLU Handsets Prompt Temporary Amazon Sales Ban

Privacy Concerns About BLU Handsets Prompt Temporary Amazon Sales Ban
 Who Is BLU, Anyway?
The Amazon Marketplace How Important Is Amazon to BLU?
Kryptowire Studies BLU Handsets
Shanghai Adups Technology Is the Source of the Offending Software
This Isn't the First Time This Issue was Found on BLU Handsets
How Data Transmission Feature Works
Amazon Responds to the Reports
BLU Denies the Existence of Malware on Its Handsets
BLU Handsets Are Now Back on Amazon
The Implications Going Forward
1 of 11

Privacy Concerns About BLU Handsets Prompt Temporary Amazon Sales Ban

There smartphone market is crowded with handset makers that have small user bases and usually fail to attract much attention. But a small vendor named BLU Products attracted the wrong kind of attention recently, after security firm Kryptowire demonstrated how an application running on its devices could be collecting data and sending it to China. Soon after, Amazon, which has been a critical BLU marketing partner, responded by temporarily suspending sales of its smartphones. BLU responded to Amazon's action by denying it has done anything wrong. Now BLU is trying to reassure customers who may have shied away from the company's handsets. This  slideshow will describe origins of the Amazon-BLU dispute.

2 of 11

Who Is BLU, Anyway?

BLU is a small American smartphone maker based in Miami, Fla.. The Latin-owned company founded by Brazilian entrepreneur Samuel Ohev-Zion, sells several different devices, all with varied designs and price levels. However, generally speaking, BLU has built its brand on affordable devices that in some cases, cost around $50 or $60 and are marketed widely to Latin communities in the U.S. and abroad.  

3 of 11

The Amazon Marketplace How Important Is Amazon to BLU?

Amazon is critical to BLU’s business. Last year, for instance, BLU was part of Amazon’s Prime Exclusive Phones program, which helped Amazon build out its mobile offering and enabled BLU to get some much-needed attention on the giant online marketplace. BLU has also proven to be one of the most popular smartphone makers on Amazon. BLU's Advance 5.0 was recently the third-most-popular handset for sale on the site.

4 of 11

Kryptowire Studies BLU Handsets

At the center of the recent controversy is Kryptowire, a security firm that recently analyzed BLU devices of late. The company, which presented its findings at the Black Hat conference in Las Vegas in July, revealed that the BLU devices it tested was running software running that would collect device data and transmit it to a server in Shanghai, China without the user’s knowledge or consent. Kryptowire claims to have found the software on three BLU smartphones.

5 of 11

Shanghai Adups Technology Is the Source of the Offending Software

The source of the offending software is Shanghai Adups Technology, China-based company that describes itself as a provider of firmware that can be wirelessly updated when running on mobile and Internet of Things devices. Shanghai Adups Technology has admitted its software has a flaw that transmits data to China, but has calls the issues a mistake.

6 of 11

This Isn't the First Time This Issue was Found on BLU Handsets

This is the second year that security researchers found that BLU smartphones were sending data to China. In 2016 researchers found that certain BLU smartphone models had the Shanghai Adups Software that transferred data. BLU said that it would update its devices to remove the feature while Shanghai Adups Technology said its inclusion BLU devices was inadvertent. It was believed then that BLU handsets no longer sent data back to China the after promised updates were implemented.

7 of 11

How Data Transmission Feature Works

Kryptowire found Shanghai Adups software would enable the device to collect data and send it to China, where it can be analyzed and used to invade a user’s privacy. However the software can also open a line of communication between the device and a command and control server. This would allow a  malicious user half a world away to seize control of the handset as completely as the authorized user. The malicious user for example could wipe a device clean or steal information.

8 of 11

Amazon Responds to the Reports

Not long after news broke of the privacy breach, Amazon responded. The company swiftly removed all BLU handsets from its online marketplace pending a review of its devices and the company's data privacy policies. They sent the handset maker into a tailspin and prompted the company to criticize the media for publishing erroneous reports about the security of its smartphones.

9 of 11

BLU Denies the Existence of Malware on Its Handsets

On July 31 BLU issued a statement asserting there is no malware, spyware, or “secret software” running on its smartphones. BLU said that its smartphones did suffer from some data-leakage last year, but it had resolved the problem. BLU argues that any data collected by its handsets follows standard industry practices and falls within its privacy policy. The company also asserted that it is committed to maintaining user privacy

10 of 11

BLU Handsets Are Now Back on Amazon

BLU might have been redeemed. As of this writing, Amazon has brought back BLU devices and is selling the company’s handsets on its ecommerce site. The BLU R1 HD, one of the company’s most popular devices, is in 20th place in the list of best selling smartphones on Amazon.com. It’s unknown how overall sales of BLU handset models affected by Amazon's temporary ban.

11 of 11

The Implications Going Forward

While BLU’s smartphones can again be purchased on Amazon.com, sales don’t appear to be quite as strong as they recently were. BLU is still trying to overcome market perception charges that its smartphones routinely violate user privacy. So it remains unclear whether BLU can regain its previous sales momentum and permanently resolve the bad press about its products.

Top White Papers and Webcasts