BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com)

← Back to Stories (view on slashdot.org)

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com)

Posted by BeauHD on Friday August 4, 2017 @01:00PM from the everybody's-doing-it dept.

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users. UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."

43 comments

Min score:

Reason:

Sort:

I didn't really care about the privacy issues by rsilvergun · 2017-08-04 13:11 · Score: 1

I was more concerned with my bluetooth not connecting unless I reset the radio (airplane mode on/off).

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
1. Re:I didn't really care about the privacy issues by Anonymous Coward · 2017-08-04 13:19 · Score: 0
  
  Sheep. Unless you've pretty much abandoned your privacy rights and are OK with Communist China monitoring anything your phone does/stores/says. I pray for you and the rest of your herd.
  https://www.theregister.co.uk/2017/08/04/apparent_us_army_memo_bans_dji_drones/
2. Re: I didn't really care about the privacy issues by Thundercat007 · 2017-08-04 16:26 · Score: 1
  
  Took 3 minutes to remove Adups from my BLU phone. Hail complainers that have no technology savvyness
3. Re: I didn't really care about the privacy issues by Reverend+Green · 2017-08-04 18:58 · Score: 1
  
  I'm way less concerned about the Chicoms watching everything I do, compared to fedgov watching.
  Moral of the story: you have no rights, you lose. Fuck you, pleb, that's why.
4. Re:I didn't really care about the privacy issues by Anonymous Coward · 2017-08-05 01:34 · Score: 0
  
  Sheep. Unless you've pretty much abandoned your privacy rights and are OK with Communist China monitoring anything your phone does/stores/says. I pray for you and the rest of your herd.
  It's not China I'm worried about.
  China want to monitor their own population to keep them contained and they want to monitor my government for business purposes.
  Unlike my own government they have no particular interest in me so whatever data they gain they won't use, and probably don't even bother with storing.
  Ideally I want a phone without spyware, but if I have to chose between a phone with Chinese spyware or spyware from my own government I pick the Chinese since that one won't be used against me.
BLU blew it by turkeydance · 2017-08-04 13:22 · Score: 1

But Left Undeterred
1. Re:BLU blew it by Anonymous Coward · 2017-08-04 13:33 · Score: 0
  
  BLU
  Left
  Undeterred
2. Re:BLU blew it by Mal-2 · 2017-08-04 17:15 · Score: 1
  
  Better Left Untouched.
  
  --
  How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
3. Re: BLU blew it by Anonymous Coward · 2017-08-05 04:33 · Score: 0
  
  Bitch, Leave Us!
Whatever else you bash BLU for... by Anonymous Coward · 2017-08-04 13:35 · Score: 0

Keep in mind that adb/fastboot unlock works on them without authorization codes or other bullshit like on other Android phones. Just keep in mind like all google devices with root/user reflash capabilities it wipes the device for security purposes before handing it over to you, so make sure you do it on a fresh phone without any personal info.
That said, BLU is probably one of the friendliest low end phone suppliers available, supporting dozens of usually 'chinese-only' phone designs that otherwise might not make it to the states.
Excuses by Anonymous Coward · 2017-08-04 13:40 · Score: 2, Funny

They sound like a teenager:
"I didn't do it! Not really. Well, technically I guess. But it doesn't matter anyway. Everyone else is doing it!"
What? by Anonymous Coward · 2017-08-04 13:46 · Score: 0

This whole time I thought only Microsoft could get away with "oops my bad" when they were caught blatantly spying on their users.
No expectation of privacy by duke_cheetah2003 · 2017-08-04 14:00 · Score: 3, Insightful

I generally treat any smartphone as a very insecure device. They transmit gods knows what to god knows whom, on a regular basis. Pretty much every App is phoning home regularly. Obviously it's transmitting "Personally Identifiable Information", it kinda needs to so it can tell you from a stranger sitting next to you.
With that in mind, use it accordingly. You really can't expect privacy out of these things, should anyone really want to dig about what you do. Like Law Enforcement. Smartphones are a treasure-trove of evidence for LE.
I would even considering going as far as to treat these devices as 'foreign' on network infrastructure, walling it off from internal resources that may be less than secure because they're on an intranet, and inaccessible from the outside.
1. Re:No expectation of privacy by whoever57 · 2017-08-04 14:21 · Score: 3, Insightful
  
  While apps are all phoning home, the type of your personal data that an app can access may be limited.
  This, however, as a firmware install, can presumably access everything on the phone: all actions, all data.
  
  --
  The real "Libtards" are the Libertarians!
2. Re:No expectation of privacy by rtb61 · 2017-08-04 15:38 · Score: 0
  
  I like the idea of all data collected required to remain in the country of origin, so that it can be readily audited for privacy violations, especially with regard to minors, and appropriate fines, custodial sentences and damages awarded to citizens. There is not need to any data to leave the country and it should not. All stored and processed locally within the laws of that country. Other points of emphasis, zero data collection from any medical facility, from doctors practice to major hospitals, this is a crime and those that abuse it should be penalised severely including and especially suppliers of operating systems. Also legal offices, again strictly against the law and yet where are those version will all illegal spy ware removed, again a lawyers office so it by law, should never ever enter those premises and all efforts should be taken to ensure it does not happen. Every citizen has a right to privacy and no product should ever be allowed that denies that right upon request of that citizens. The second the citizens request privacy by law it must be provided and not infringed without their consent, which they can off course repudiate for any reason there in after.
  
  --
  Chaos - everything, everywhere, everywhen
3. Re: No expectation of privacy by Anonymous Coward · 2017-08-04 19:04 · Score: 0
  
  You must be a laywer...
4. Re: No expectation of privacy by Anonymous Coward · 2017-08-05 03:08 · Score: 0
  
  **lawyer**
if /. were cool, we could... by dAzED1 · 2017-08-04 14:19 · Score: 1

Amazon now has this no-questions return policy thing about which people are complaining. We could all order one of these phones, then leave horrible reviews (which, as people who bought them, would be considered more real), and then get refunds. If they popped up under a different account or product name, lather/rinse/repeat. Ah well, guess that's more of a job for reddit these days ;)
1. Re: if /. were cool, we could... by Anonymous Coward · 2017-08-04 19:06 · Score: 0
  
  ^^ #baizou conspiring to commit malicious commercial fraud
2. Re:if /. were cool, we could... by gmack · 2017-08-05 01:52 · Score: 1
  
  I already left a bad review after mine waited until just out of warranty to start spamming me from a non removable app.
Same as many privacy policies then by Anonymous Coward · 2017-08-04 15:08 · Score: 0

"Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live."
https://www.google.com/policies/privacy/
"All the information you provide may be transferred or accessed by entities around the world as described in this Privacy Policy. "
https://www.apple.com/au/legal/privacy/en-ww/
"By using or participating in any Service and/or providing us with your information, you consent to the collection, disclosure, transfer, storage and processing of your information outside of Australia, consistent with this Privacy Policy. You acknowledge that the overseas recipients of your personal information may, depending on the particular Service that you have requested, be located outside Australia including in South Korea, the Philippines, Singapore, Malaysia, the United States of America, Germany, China, the Netherlands, Vietnam or Denmark. "
http://www.samsung.com/au/info/privacy/
"In addition, we share personal data among Microsoft-controlled affiliates and subsidiaries. We also share personal data with vendors or agents working on our behalf for the purposes described in this statement. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and services may need access to personal data in order to provide those functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets."
https://privacy.microsoft.com/en-us/privacystatement
(It doesn't specify outside US but it seems likely)
What about aftermarket roms? by Anonymous Coward · 2017-08-04 15:10 · Score: 0

Can't they be reflashed with Lineage or another custom rom, to resolve/remove the spying?
Damage already done by Gojira+Shipi-Taro · 2017-08-04 15:13 · Score: 2

I won't consider their phones, or let anyone relies on me do so. They might as well not bother.

--
"Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
1. Re:Damage already done by Anonymous Coward · 2017-08-04 17:10 · Score: 0
  
  That's right! When my smartphone spies on me, I demand it's Americans doing the spying instead of Chinese people!
2. Re:Damage already done by amiga3D · 2017-08-04 19:16 · Score: 1
  
  It seems though, that this issue applies to all Android phones.
3. Re:Damage already done by Anonymous Coward · 2017-08-05 01:27 · Score: 0
  
  ... because apple doesn't do the same thing. At least we know what Google is doing with the data and how they're selling it. Apple? Complete wild card.
4. Re:Damage already done by Anonymous Coward · 2017-08-05 03:16 · Score: 0
  
  AFAIK, iPhones have gps on all the time, android allows gps to be turned off (for now). Apple says they protect your privacy, I take that with a grain of salt. Our government wouldn't allow Apple to get away with storing their billions out of country unless Apple was cooperating with them.
  Not an Apple hater, all these device are portable computers with antennas. It just amazes me that people are so proud of overpaying for the right to be monitored 24/7. Crazy world.
It was unfair of Amazon. by Mal-2 · 2017-08-04 17:12 · Score: 1

I didn't hear anything about them suspending the sale of RED phones, and BLU and RED are always up to the same shit. It's almost like Spy Vs. Spy or something.

--
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
1. Re:It was unfair of Amazon. by Anonymous Coward · 2017-08-04 18:08 · Score: 0
  
  The BLU phones were suspended because of spying that was ACTUALLY DONE BY THE RED SPY BUT HE WAS DISGUISED. After amazon found out, they unbanned the BLU phones. They intended to ban the RED team instead, but got stabbed around a corner when following the RED spy to the RED base.
BLU, ADUPS, and Self Soft Bricking by Zombie+Ryushu · 2017-08-04 17:16 · Score: 1

The real problem here is, yeah, you can remove ADUPS if you root the Phone. I did this. I also removed MTK Logger. If you root the Device however, and then try and update, the Phone will soft brick due to the way ADUPS updates the device in an inconsistent Manner. So getting a new Stock Rom means a complete Re-Flash and Re-Root, and eradication of the User Partition EVERY update to prevent Soft Bricking.
Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Makes.
1. Re:BLU, ADUPS, and Self Soft Bricking by drinkypoo · 2017-08-04 23:22 · Score: 1
  
  Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Makes.
  They'd be better off making a Rom for nothing Blu makes, because making a Lineage OS port only rewards them by making their product more salable.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:BLU, ADUPS, and Self Soft Bricking by Anonymous Coward · 2017-08-05 03:21 · Score: 0
  
  and then try and update
  LOL! Updates on a phone made by BLU? That's the least of your worries.
No, but yes. by campuscodi · 2017-08-04 18:34 · Score: 1

This is not BLU's doing, but it is. The firmware maker is causing all these issues, but they choose to collaborate with that company in the first place.
1. Re:No, but yes. by Zombie+Ryushu · 2017-08-04 19:11 · Score: 1
  
  The issue is ADUPS and MediaTek. BLU Doesn't want to pay the QualComm Tax, this is why their Phones are GSM only. If BLU had to pay the QualComm Fee, BLU Phones would get alot more expensive. BLU Phones use ADUPS to do updates. ADUPS is Chinese State Spyware. Its intended to be installed on Phones from companies like Oppo. To spy on Domestic Chinese Citizens.
  What BLU is saying here is: We have to have ADUPS in our Roms to be able to update them. People will root our Phones if we don't have ADUPS. You aren't Chinese citizens, so it doesn't really matter if the Chinese spooks are spying on you.
2. Re:No, but yes. by Anonymous Coward · 2017-08-05 03:23 · Score: 0
  
  BLU Doesn't want to pay the QualComm Tax, this is why their Phones are GSM only.
  I owned a Blu phone with a low end QualComm processor.
  It was GSM (well.... and LTE) only.
  Most of the world is, and that's not a problem since Verizon is insanely expensive and Sprint is crap.
  I used it on an AT&T MVNO in case you're wondering.
Just buy an Alcatel.. by hairyfeet · 2017-08-04 19:01 · Score: 1

You can root them with NO third party apps and then remove anything you do not care for, easy peasy. If you have an Alcatel or plan to buy one here is how you root it in under 2 minutes..
Alcatel has its own "system updates" app. If you tap the three dots in the right hand corner and then hit "Help", then hit the "Auto -Check Intervals" button a bunch, it will unlock "Advanced Mode." Go back and tap the three dots again and it will be under "help." When you go into this advanced mode, it will ask you for a "tester password". The pass is fotaapp*#1221#.
As far as BLU goes? They are a company that just rebrands Chinese smartphones and sells them in the US, I seriously doubt they have even a handful of devs so it really doesn't surprise me they are using third parties for updates as they are just middlemen.

--
ACs don't waste your time replying, your posts are never seen by me.
Well, then I have to ask... by Chris+Mattern · 2017-08-04 23:07 · Score: 1

What about RED?
Corporate Owner by Anonymous Coward · 2017-08-04 23:18 · Score: 0

Adups is owned by Mediatek.
Adups *IS* Mediatek.
I'm sorry, but I'm unclear on this: by Anonymous Coward · 2017-08-04 23:37 · Score: 0

The argument that "everyone's doing it", is that supposed to exonerate Blu, or indict the industry? Personally, I favor the latter. Of course, I also favor chain gang sentences for privacy violators. Vote Draconian in 2018.
Common practices by Anonymous Coward · 2017-08-05 00:53 · Score: 0

Google, the OEMs, and the telecomm companies are all going to be screwed when everybody's moved to a cheap Chinese smartphone (they'll probably let you root your phone and they won't be nearly as boot on neck with all the malicious bloatware). All it'll take is Apple slipping just a little bit.