Written byPatrick Howell O'Neill
Chinese tech firm Adups and American phone manufacturer Blu are disputing reports of privacy and security problems plaguing their products after Amazon temporarily suspended the sale of Blu phones, which are some of the most popular on the retail site.
In response, the American cybersecurity company that claimed Adups was quietly siphoning heaps of data from mobile phones issued a statement Wednesday sticking to its story.
“We stand by our findings because we have clear forensic evidence, both in terms of code and in terms of network traces, to support them,” Kryptowire, the cybersecurity company, said in a press release.
CyberScoop reported on Kryptowire’s findings on July 25. Adups initially did not respond to requests for comment, but reached out two days later, calling the article “malicious slander” and asking “to stop refrain from reporting, and withdraw the article.”
An Adups representative claimed third-party testers — including Kryptowire — had verified that the security and privacy issues had been solved.
Ryan Johnson, a co-founder with Kryptowire, disagreed. The company provided more detailed technical analysis of its research on Wednesday, asserting that Adups software siphons out private data including browser history, location and text message metadata from several phone models. Kryptowire said Adups had been alerted to the privacy and security issues nearly a year ago.
“The capability is there and that’s certainly a capability I wouldn’t be comfortable with,” Johnson told CyberScoop.
Adups suggested that it could take legal action against Kryptowire.
“We condemn the conduct of Kryptowire in the name of a third party company security protection to seeking commercial interests,” an Adups representative told CyberScoop via email. “At the same time, we will also retain the legitimate measures to resist Kryptowire for its malicious defamation behavior.”
Blu is one of the best-selling phone manufacturers on Amazon. Johnson said consumers should be wary of such brands.
“If you’re getting a pretty sweet phone, a phone that has too much value price for power, there is the possibility they’re subsidizing that through some sort of data stealing,” Johnson said. “If you have a phone, it’s a good idea to run some sort of anti-virus and see if there’s any known malicious software. There definitely should be more attention paid to what the capabilities of these apps are and how much data they’re getting.”
A week after the original article was published, Blu disputed the reporting and published a press release seeking an apology from reporters. The data collection is normal, they said, and “does not constitute any wrong doing by Blu.”
Amazon.com first suspended Blu in 2016 over similar issues and did so again last week.
“Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved,” Amazon said in a statement to CNET last week.
As of Wednesday, Blu phones are being sold on Amazon.com once again but have not been reinstated to their position in Amazon’s “Prime Exclusive Phones” program. Amazon did not respond to a request to clarify the status of Blu’s phone on Amazon.com.