Slashdot Mirror

← Back to Stories (view on slashdot.org)

BLU Claims Innocence, Gets Phones Reinstated On Amazon (slashgear.com)

Posted by BeauHD on from the everybody's-doing-it dept.

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users. UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."

19 of 43 comments (clear)

  1. I didn't really care about the privacy issues by rsilvergun · · Score: 1

    I was more concerned with my bluetooth not connecting unless I reset the radio (airplane mode on/off).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re: I didn't really care about the privacy issues by Thundercat007 · · Score: 1

      Took 3 minutes to remove Adups from my BLU phone. Hail complainers that have no technology savvyness

    2. Re: I didn't really care about the privacy issues by Reverend+Green · · Score: 1

      I'm way less concerned about the Chicoms watching everything I do, compared to fedgov watching.

      Moral of the story: you have no rights, you lose. Fuck you, pleb, that's why.

  2. BLU blew it by turkeydance · · Score: 1

    But Left Undeterred

    1. Re:BLU blew it by Mal-2 · · Score: 1

      Better Left Untouched.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  3. Excuses by Anonymous Coward · · Score: 2, Funny

    They sound like a teenager:

    "I didn't do it! Not really. Well, technically I guess. But it doesn't matter anyway. Everyone else is doing it!"

  4. No expectation of privacy by duke_cheetah2003 · · Score: 3, Insightful

    I generally treat any smartphone as a very insecure device. They transmit gods knows what to god knows whom, on a regular basis. Pretty much every App is phoning home regularly. Obviously it's transmitting "Personally Identifiable Information", it kinda needs to so it can tell you from a stranger sitting next to you.

    With that in mind, use it accordingly. You really can't expect privacy out of these things, should anyone really want to dig about what you do. Like Law Enforcement. Smartphones are a treasure-trove of evidence for LE.

    I would even considering going as far as to treat these devices as 'foreign' on network infrastructure, walling it off from internal resources that may be less than secure because they're on an intranet, and inaccessible from the outside.

    1. Re:No expectation of privacy by whoever57 · · Score: 3, Insightful

      While apps are all phoning home, the type of your personal data that an app can access may be limited.

      This, however, as a firmware install, can presumably access everything on the phone: all actions, all data.

      --
      The real "Libtards" are the Libertarians!
  5. if /. were cool, we could... by dAzED1 · · Score: 1

    Amazon now has this no-questions return policy thing about which people are complaining. We could all order one of these phones, then leave horrible reviews (which, as people who bought them, would be considered more real), and then get refunds. If they popped up under a different account or product name, lather/rinse/repeat. Ah well, guess that's more of a job for reddit these days ;)

    1. Re:if /. were cool, we could... by gmack · · Score: 1

      I already left a bad review after mine waited until just out of warranty to start spamming me from a non removable app.

  6. Damage already done by Gojira+Shipi-Taro · · Score: 2

    I won't consider their phones, or let anyone relies on me do so. They might as well not bother.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    1. Re:Damage already done by amiga3D · · Score: 1

      It seems though, that this issue applies to all Android phones.

  7. It was unfair of Amazon. by Mal-2 · · Score: 1

    I didn't hear anything about them suspending the sale of RED phones, and BLU and RED are always up to the same shit. It's almost like Spy Vs. Spy or something.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  8. BLU, ADUPS, and Self Soft Bricking by Zombie+Ryushu · · Score: 1

    The real problem here is, yeah, you can remove ADUPS if you root the Phone. I did this. I also removed MTK Logger. If you root the Device however, and then try and update, the Phone will soft brick due to the way ADUPS updates the device in an inconsistent Manner. So getting a new Stock Rom means a complete Re-Flash and Re-Root, and eradication of the User Partition EVERY update to prevent Soft Bricking.

    Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Makes.

    1. Re:BLU, ADUPS, and Self Soft Bricking by drinkypoo · · Score: 1

      Lineage OS needs to go to war with Blu on this and make a Lineage OS Rom for every Android device Blu Makes.

      They'd be better off making a Rom for nothing Blu makes, because making a Lineage OS port only rewards them by making their product more salable.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. No, but yes. by campuscodi · · Score: 1

    This is not BLU's doing, but it is. The firmware maker is causing all these issues, but they choose to collaborate with that company in the first place.

    1. Re:No, but yes. by Zombie+Ryushu · · Score: 1

      The issue is ADUPS and MediaTek. BLU Doesn't want to pay the QualComm Tax, this is why their Phones are GSM only. If BLU had to pay the QualComm Fee, BLU Phones would get alot more expensive. BLU Phones use ADUPS to do updates. ADUPS is Chinese State Spyware. Its intended to be installed on Phones from companies like Oppo. To spy on Domestic Chinese Citizens.

      What BLU is saying here is: We have to have ADUPS in our Roms to be able to update them. People will root our Phones if we don't have ADUPS. You aren't Chinese citizens, so it doesn't really matter if the Chinese spooks are spying on you.

  10. Just buy an Alcatel.. by hairyfeet · · Score: 1

    You can root them with NO third party apps and then remove anything you do not care for, easy peasy. If you have an Alcatel or plan to buy one here is how you root it in under 2 minutes..

    Alcatel has its own "system updates" app. If you tap the three dots in the right hand corner and then hit "Help", then hit the "Auto -Check Intervals" button a bunch, it will unlock "Advanced Mode." Go back and tap the three dots again and it will be under "help." When you go into this advanced mode, it will ask you for a "tester password". The pass is fotaapp*#1221#.

    As far as BLU goes? They are a company that just rebrands Chinese smartphones and sells them in the US, I seriously doubt they have even a handful of devs so it really doesn't surprise me they are using third parties for updates as they are just middlemen.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  11. Well, then I have to ask... by Chris+Mattern · · Score: 1

    What about RED?