Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phone Maker BLU Settles With FTC Over Unauthorized User Data Extraction (threatpost.com)

Posted by BeauHD on from the you-get-what-you-pay-for dept.

lod123 shares a report from Threatpost: Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this week against BLU and the company's co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users' text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.

Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act's section pertaining to "deceptive representation regarding disclosure of personal information." The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed "to adequately assess the privacy and security risks of third-party software installed on BLU devices" resulting in "common security vulnerabilities that could enable attackers to gain full access to the devices." Security researchers at Kryptowire first reported in 2016 that several models of BLU phones actively transmitted user and device information to Adups.

4 of 26 comments (clear)

  1. Wrong three-letter agency by WoodstockJeff · · Score: 3, Informative

    The Federal TRADE Commission is not the same as the Federal COMMUNICATIONS Commission.

  2. No penalty. So we'll get more of this. by Ungrounded+Lightning · · Score: 3, Interesting

    Under the proposed settlement with the FTC, BLU and Ohev-Zion are prohibited from misrepresenting the extent to which they protect the privacy and security of personal information and must implement and maintain a comprehensive security program that addresses security risks associated with new and existing mobile devices and protects consumer information. In addition, BLU will be subject to third-party assessments of its security program every two years for 20 years as well as record keeping and compliance monitoring requirements.
    Business model:

    1. Break the law.
    2. Get paid for it.
    3. Get caught.
    4. Propose a settlement where you are prohibited from breaking the law in the way you were were already prohibited from breaking the law but did (for pay) anyhow.
    5. PROFIT!

    So breaking this law is still a way to make money, even if you're caught. Expect a lot more of it.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  3. Re:No penalty. So we'll get more of this. by Streetlight · · Score: 2

    Why isn't BLU closed from doing business in the US? Close them down after returning all subscription fees to subscribers.

    --
    In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
  4. Worse than useless by craighansen · · Score: 2

    As a purchaser of BLU phones, I've read the proposed settlement, and find it worse than useless. No compensation, and no firmware repairs/upgrades are promised to customers. I put a complaint to that effect in the FTC comment files. BLU phones should be blocked from the US market until they clean up the mess.