Some Blu smartphone owners got a hidden feature they weren’t quite expecting.
It turned out software from a Chinese company was transmitting all of their text messages and other data to China every 72 hours. The vulnerability was discovered by a Kryptowire, an American enterprise security firm.
On its website, Adups says it builds firmware that runs on more than 700 million phones. Kryptowire concluded that the data sharing included full contexts of text messages, call logs, contact lists, location information, and other data. There was other identifiable information like each phone’s Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).
Blu Products told The Times that 120,000 of its phones were affected, but the leak was plugged through a software update. Blu is known primarily for low cost phones, such as the Blu R1 HD which recently was part of a special offered by Amazon for $50.
Adups provides software for ZTE and Huawei, although it’s unclear if the scope of the data mining effort extends to other products as well. According to the report, Adups assured Blu that all customer information had been destroyed and was not part of any intentional effort to keep the data or send to a government agency.
The purpose of saving the information, according to Adups, was to identify client junk text messages and calls.
Kryptowire shared its findings with the U.S. government, Blu, and Google. You can check out the full report for details about what it uncovered.
Why this matters: The episode illustrates that data can often pass through many different companies as part of the process of creating a smartphone. While any crisis may have been averted here, it may give you pause about where you buy your next smartphone and which companies have hands in creating all of the software.