Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Security China Government Privacy United States

Phone Maker BLU Settles With FTC Over Unauthorized User Data Extraction (threatpost.com) 26

lod123 shares a report from Threatpost: Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent. In an administrative complaint filed earlier this week against BLU and the company's co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users' text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.

Ultimately, the FTC is alleging Ohev-Zion and BLU violated the FTC Act's section pertaining to "deceptive representation regarding disclosure of personal information." The proposed settlement will be made final after a 30-day public comment period. In its proposed complaint, the FTC said Florida-based BLU contracted with Adups to issue security and operating system updates to millions of phones sold by the firm through Amazon, Best Buy and Walmart. In addition to allegedly failing to protect consumer privacy, the FTC asserts that BLU failed "to adequately assess the privacy and security risks of third-party software installed on BLU devices" resulting in "common security vulnerabilities that could enable attackers to gain full access to the devices."
Security researchers at Kryptowire first reported in 2016 that several models of BLU phones actively transmitted user and device information to Adups.
This discussion has been archived. No new comments can be posted.

Phone Maker BLU Settles With FTC Over Unauthorized User Data Extraction

Comments Filter:
  • by Anonymous Coward

    Stop being crybaby millennial snowflakes. If you don't like your data being extracted, don't use a smartphone. Grow up. Nobody needs a smartphone; it is a luxury item.

  • The FCC fully supports ISP's extracting every single bit of user data for any whim, yet when a Chinese based company does it they file against them?
    BLU must have forgotten Pai's payola.......
  • by Ungrounded Lightning ( 62228 ) on Thursday May 03, 2018 @06:24PM (#56550914) Journal

    Under the proposed settlement with the FTC, BLU and Ohev-Zion are prohibited from misrepresenting the extent to which they protect the privacy and security of personal information and must implement and maintain a comprehensive security program that addresses security risks associated with new and existing mobile devices and protects consumer information. In addition, BLU will be subject to third-party assessments of its security program every two years for 20 years as well as record keeping and compliance monitoring requirements.
    Business model:

    1. Break the law.
    2. Get paid for it.
    3. Get caught.
    4. Propose a settlement where you are prohibited from breaking the law in the way you were were already prohibited from breaking the law but did (for pay) anyhow.
    5. PROFIT!

    So breaking this law is still a way to make money, even if you're caught. Expect a lot more of it.

    • Why isn't BLU closed from doing business in the US? Close them down after returning all subscription fees to subscribers.
  • What about RED? Saxton Hale will hear of this!

  • Good news!

    How many of the executives and controlling minds at BLU are going to jail?

    "The proposed settlement agreement with the FTC does not include any financial penalty or consumer restitution over the alleged issues with affected phones, because in first offense matters such as this, the FTC lacks the power to levy such financial penalties."

    Oh...

  • by craighansen ( 744648 ) on Thursday May 03, 2018 @10:25PM (#56551728) Journal

    As a purchaser of BLU phones, I've read the proposed settlement, and find it worse than useless. No compensation, and no firmware repairs/upgrades are promised to customers. I put a complaint to that effect in the FTC comment files. BLU phones should be blocked from the US market until they clean up the mess.

    • From TFA:

      The proposed settlement agreement with the FTC does not include any financial penalty or consumer restitution over the alleged issues with affected phones, because in first offense matters such as this, the FTC lacks the power to levy such financial penalties.

      IANAL but a class-action lawsuit would be your best bet.

  • I doubt BLU knew of this exploit by Adups but should be a wake up call for low tier product sourcing from China. Not a big surprise, this is how BLU could offer such low cost mobile devices.
    • by Anonymous Coward

      BLU knew. This incident was first time reported in 2016. At that time BLU "fixed" things and started selling phones without included tracking apps but still using ADUPS for updates. Things were good till fall 2017 when with Android security update ADUPS installed 3 user tracking apps. The apps were setup so that one would periodically download and install first one which would install two more (if they were already installed, it would just reset their permissions to what they needed for data collection),

  • They should be prosecuted instead for selling phones with tons of preinstalled unremovable crapware, coupled with the storage space of a Vic20.
  • They were selling mid-range-ish phones for $150. You have to assume they are making money somehow.

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...