Amazon pulls best-selling smartphones due to privacy concerns

Update: We've received a statement from Blu on the matter. It reads as follows:

"Since Nov 2016 when the initial privacy concern was reported by Kryptowire, which BLU quickly remedied, Amazon has been aware of the Adups and other applications on our BLU devices which were deemed at the time by BLU, Amazon, and Kryptowire to pose no further security or privacy risk.

"Now almost a year later, the devices are still behaving in the same exact way, with standard and basic data collection that pose no security or privacy risk. There has been absolutely no new behavior or change in any of our devices to trigger any concern. We expect Amazon to understand this, and quickly reinstate our devices for sale."

Amazon has removed Blu smartphones from its virtual shelves amid recent concerns that user data is being sent to third-party servers in China without the user’s consent.

This comes after cybersecurity firm Kryptowire revealed its findings that many popular Blu smartphone models have been sneakily sending full text messages, telephone numbers of contacts and other private information. 

Following this, Blu issued a statement which refutes the recent claim. While it does state that a “small fraction” of its devices were found to be behaving in such a way last year, which TechRadar reported on, this is said to have been fixed. 

To give credence to Blu’s stance on the report, it stated that after these incidents, Blu switched off this functionality from Adups, the service that it and apparently, many other device manufacturers, use to send over the air (OTA) updates to phones. In addition, it switched from Adups to Google’s own over-the-air updates moving forward. 

Though, obviously, there still seems to be concern as to how these devices are handling user data.

Is something really going wrong?

It’s an interesting turn of events that Blu is refuting a claim by the security company that it hired to make sure it was keeping to its word to put an end to Adups sneaking out user info. But wouldn’t Kryptowire know best? After all, it was the one that discovered the privacy issue in the first place.

Blu goes on by saying that there is nothing wrong with some information being stored in third-party servers in China. They are right in a sense, but only to an extent, as it doesn’t define exactly what constitutes as “some information”. Simple app usage data or full text messages?

All in all, it’s the phone makers’ responsibility to ensure that user data is protected. And until Blu can provide the assurance that’s sorely needed from the consumer’s eye, Amazon’s removal of Blu phones seems to be warranted for the time being.

Blu’s cheap smartphones, including the Blu R1 HD and Blu R1 Plus, have been on Amazon’s best-sellers page alongside. But there are other "Prime Exclusive Phones" like the Moto G5 Plus and Nokia 6, so it’s in the best interest of Blu to make this right.

Cameron Faulkner

Cameron is a writer at The Verge, focused on reviews, deals coverage, and news. He wrote for magazines and websites such as The Verge, TechRadar, Practical Photoshop, Polygon, Eater and Al Bawaba.