Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Suspends Sales of Blu Android Phones Due To Privacy Concerns (cnet.com)

Posted by msmash on from the privacy-worries dept.

CNET reports: Amazon just put budget phone maker Blu in the penalty box. The online retailing giant told CNET that it was suspending sales of phones from Blu, known for making ultra-cheap Android handsets, due to a "potential security issue." The move comes after security firm Kryptowire demonstrated last week how software in Blu's phones collected data and sent it to servers in China without alerting people. Blu defended the software, created by a Chinese company called Shanghai Adups Technology, and denied any wrongdoing. A company spokeswoman said at the time it "has several policies in place which take customer privacy and security seriously." She added there had been no breaches. Blu said it was in a process of review to reinstate the phones at Amazon.

15 of 66 comments (clear)

  1. I use LineageOS by bluefoxlucid · · Score: 3, Interesting

    First thing I do with a new phone, I wipe it and install LineageOS. Somebody else builds the ROM and I don't have the time or resources to personally-inspect the source code, so it's mostly a more-trusted quantity; and everybody sees it and sees the build process, so there are at least a dozen primary developers, a couple hundred bored hobbyists, and the occasional security researcher looking at the built ROM and the source code. Between the diff against Android and the massive number of eyes on Android's source trees, a lot of people have to be involved in a conspiracy to mess with my phone for there to be anything intentionally-malicious in there.

    I like OnePlus, but I'm not going to run their OS just so it can repeatedly try to sell themes to me. If there was a Lineage ChromiumOS, I'd put that on my Chromebook.

    --
    Support my political activism on Patreon.
    1. Re:I use LineageOS by bluefoxlucid · · Score: 2

      You have some rational basis for that trust, beyond the size and presumed motivations/ethics/history of that COMMUNITY?

      One community is a corporate culture that builds an OS image in-house, publishes it for their particular phone, and gets scrutiny when someone decides to try to dismantle the binary image on their particular phone or snoop what's going out the cellular radio. Their OS can hide what's going out the radio, so they need a logic analyzer or specialized radio equipment (lots of effort, not necessarily lots of cost, enormous technical expertise). They can start with an open-source asset and modify it to their taste, and mostly restrict inspection--especially of their own source repositories--to a small number of eyes. You can even have most developers not know about some parts of the code, because they simply have no reason to inspect the entire code base.

      The other is working out in the open. They publish binary images for hundreds of different phones, built from the same source. They're liable to inject the same Trojan horse into several, if not all, models if they're being nefarious. Their repositories are open, and so we can do a spot-check of differences between their code repositories and the official repositories. The official repositories are high-profile; the derived, open-source repositories are also high-profile, but less-so; even security researchers are significantly interested in what's going on with this stuff, and have the ready opportunity to examine it. Hiding things is more-difficult.

      The likelihood of getting caught is higher for one of these than the other.

      --
      Support my political activism on Patreon.
  2. What they mean by Zontar_Thing_From_Ve · · Score: 3, Insightful

    "All user data is obtained without their permission, sure, but it's sent securely via encrypted transmission methods. Further, I assure all of our customers that the Chinese Communist Party servers that keep and analyze this data are under the highest security standards and the CCP does not share its data or findings with outside parties. So there is nothing to worry about. Our phones are doing exactly what our masters in the CCP are requiring them to do and doing so in a very secure manner."

  3. Re:Nanny-State Amazon by Oswald+McWeany · · Score: 4, Insightful

    News at 11. Amazon is going to suspend sales of Amazon Echo; followed by suspending their entire online shopping site due to "potential" security issues. Almost everything has potential security issues (other than a block of concrete 10 feet under), but as a customer, it's my right to make that trade-off.

    As a customer it is your right to make that trade-off. You don't have the right to demand that Amazon be the one to sell it to you though.

    It's your right to buy clam chowder but McDonalds doesn't have to sell it. It's your right to drive a Toyota Corolla, but your Honda dealership doesn't have to stock them. You're perfectly in your right to buy and wear a Rolex, but walmart doesn't have to have one waiting for you to buy.

    Amazon has the right to choose not to sell BLU phones just as McDonalds has the right to not sell Clam Chowder.

    I'm sure they don't want to be associated with spyware, or have negative customer satisfaction from people that buy those phones and incorrectly blame Amazon for selling them a spyware ridden phone. You may not blame Amazon but plenty of less tech savvy people would.

    --
    "That's the way to do it" - Punch
  4. Obviously: what about the rest? by houghi · · Score: 2

    ALL the phones phone home. So are they going to block them as well, or is that OK, because it is not China, but companies.

    TBJ, I am not sure if it is better to give my data to China or to Google/Apple/Windows/Amazon/....

    --
    Don't fight for your country, if your country does not fight for you.
  5. Re:I may be wrong about this... by Zombie+Ryushu · · Score: 4, Informative

    BLU Phones are Easily Rootable, and until the R1 HD, did NOT have locked bootloaders that prevented the installation of TWRP Recovery. However, Because they used MediaTek Chipsets instead of QualComm, they were GSM Exclusive. (Meaning: No CDMA because QualComm has a Patent on it in the US.)

    That means ATT and T-Mobile only (and their Associated MVNO carriers.) No Verizon, and no Sprint. CDMA is very pervasive in the US.
    Most LineageOS (formerly Cyanogen Mod) Programmers are from the US, so because of that MediaTek based Phones are a Tiny, Tiny, Tiny Minority. Wal-Mart Stopped carrying BLU Phones in the US because People would buy them, find out they were on a CDMA Carrier, (Sprint, Verizon) and then Wal-Mart would be swamped with Returns.)

    BLU started locking the Bootloaders with the R1 HD due to the Lock Screen ads. People removed the ads, and denying them ad revenue seemed like theft to BLU.

  6. Re:Nanny-State Amazon by fph+il+quozientatore · · Score: 2

    I'm sure they don't want to be associated with spyware

    You mean the Amazon that is marketing a device with a permanently-on microphone that listens to what you are saying and sends it to their servers? Yeah, I am sure they don't want to be associated with spyware.

    --
    My first program:

    Hell Segmentation fault

  7. Re:Amazon doesn't know what it's talking about. by Teckla · · Score: 2

    Seems to me that privacy issues are a subset of security issues.

  8. There are gradiations by XXongo · · Score: 5, Insightful

    There are gradations in privacy. The fact that I'm ok with having some small portion of my data used by corporations whose services I utilize does not mean that I'm ok with massive violation of privacy without any notice at all by some other corporation.

    What the Blu phone does is way over the line. They are not only secretly sending data to China, they have "a command-and-control channel that can execute code on a user’s phone as a system user."

    This is not merely "spyware"-- this is actual spying, by a foreign power.

    http://www.cbsnews.com/news/researchers-find-phones-secretly-sending-data-china/

    1. Re:There are gradiations by Kernel+Kurtz · · Score: 2

      If I have to be spied on, I'd rather it be by China (who has no real power or authority over me) than the US (who does).

      Exactly! If you are the government, or a corporation then foreign spies are indeed the biggest concern, but if you are an individual, your own government has far greater potential to mess with your life than most any foreign country. The Russians and the Chinese don't care if you order bongs online or donate money to radical groups or gamble on illegal sports or whatever.

      Only your own government is uniquely positioned to use their spying against you.

    2. Re:There are gradiations by JohnFen · · Score: 2

      There is a 99.999% chance that you never do anything that would warrant anyone spying on you

      True, but that doesn't stop them. The US, for example, isn't at all shy about the fact that they spy on all of us.

      Google represents the number one threat to everyone's privacy. After them come the 10000's of commercial companies who either collect your data themselves or just buy your life story from some other commercial enterprise that has better capture technology.

      Exactly correct! Although I'm at a loss as to why you're so eager to give Microsoft a pass on their spying. There's no such thing as "anonymized", and the amount they try to collect is the exact opposite of "small" -- although they, like Google, etc., graciously allow you to reduce -- but not eliminate -- the scope of their spying.

      Also, just because some entities spy more than others doesn't mean that it's OK for anybody to do it. I reject your implication otherwise.

  9. Re:Nanny-State Amazon by cfalcon · · Score: 2

    > calling them out as huge hypocrites when they sell plenty of other privacy invasive products

    I don't think it is hypocrisy. The really invasive companies such as Google and Amazon have written in a lot of stuff, and spent a lot of money on lawyers, to handle data in aggregate, in ways that aren't supposed to invade our privacy, but still let them do targeted ads. This nuance is lost on you and I, sure (I, and probably you, want nothing to do with their endless parade of data hoarding), but it's still a real cost that they pay and it represents real restrictions on what they do with their data. Without even this basic assurance, it's a non-hypocritical position for a data conglomerate like Amazon to have issues with a company that does any of this secretly, and with open ended data usage (again, from a perspective like Google's, their data usage is not open ended, it is very constrained).

  10. Re:BLU, Adups, and MediaTek by JohnFen · · Score: 2

    However the version of Adups it used was not the version that was stealing people's info.

    It's not the version that made the news, perhaps, but do you have any reason to think it's any different in terms of spying?

  11. Re:Android is the worst thing ever. by OneHundredAndTen · · Score: 2

    Such an informed, well-measured, deep and balanced comment has all but convinced me, and probably millions of others.

  12. Punctuation is critical. by 517714 · · Score: 2

    Fixed that for you: A company spokeswoman said at the time it "has several policies in place which take customer privacy and security, seriously."

    --
    The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.