Aug 1st, 2017

When Amazon first launched its Prime Exclusive phones initiative, Miami-based smartphone company BLU was one of the first to be on board. The BLU R1 HD was offered for only $50 so long as you were fine with Amazon displaying ads on the lock screen.

When a cyber security company caught Chinese malware pinging servers in Shangai, Amazon stopped selling various BLU phones until the issue was sorted. However, it appears as though the Chinese companies just got a bit slicker about how they hide these pings, because they’re still happening. We reported on the discovery after the Black Hat conference in Las Vegas revealed these phones were still subject to malware collecting information about the users and sending it to China.

Now, Amazon has responded yet again by taking BLU phones out of their Prime Exclusive line-up. If you take a look at the screenshot captured above, you’ll notice BLU phones have been removed. A quick search for “BLU R1 HD” on Amazon reveals several cases and other accessories for the phone, but it’s not available for sale anywhere.

This is the second time that Amazon has had to suspend sales of these rebranded Chinese smartphones. Perhaps the third time is the charm?

[UPDATE] BLU has reached out to us to let us know that they believe there are no issues here. Here’s their statement in full:

The original report by Kryptowire issued on November 2016 regarding the Adups OTA application, stated a small fraction of BLU phones had a version of the application which was collecting phonebook contacts and text messages. Since BLU was unaware of this collection, they hadn’t notified customers, thus it was deemed as a potential privacy issue. BLU moved quickly and resolved the problem by having Adups turn off this functionality.

Furthermore, BLU decided to switch the Adups OTA application on future devices with Google’s GOTA. Even though it is BLU’s policy to only use GOTA moving forward, some older devices still use ADUPS OTA.

BLU hired Kryptowire in November of 2016 since their first report to regularly monitor the ADUPS application in theirdevices, and they have since been doing that. The data that is currently being collected is standard for OTA functionallyand basic informational reporting. This is in line with every other smartphone device manufacturer in the world. There is nothing out of the ordinary that is being collected, and certainly does not affect any user’s privacy or security. In addition, as per Tom Karygiannis, VP of Kryptowire, the data collection is in line with BLU’s Privacy Policy, and does not constitute any wrong doing by BLU.

Regarding that some information may be stored in China servers, their privacy policy clearly states that some of the data collected can be stored in servers outside the US, there is absolutely nothing wrong with having a server in ChinaBLU management takes issue with the statement that any server in China is prone to risk while several other multibillion dollar companies and other mobile manufactures such as Huawei and ZTE use them.

BLU has correctly pointed out that other phones do indeed ping servers in China, but no other phones have been removed from Amazon’s Prime Exclusive line-up. We’ll keep you up-to-date to let you know when Amazon reinstates the BLU R1 HD.

See Prime Exclusive Phones
local_offer    Amazon   BLU   Blu R1 HD