Amazon Monday announced it is suspending sales of certain Android phones manufactured by Blu after a Black Hat presentation claimed that three of the firm's model's sent sensitive information to third parties in China, a claim Blu denies.
Kryptowire researchers last week announced the findings at the conference in Las Vegas eight months after the firm first warned Amazon in November 2017 that Blu devices contain firmware that transmits information including text messages, contact lists, call histories, and unique device identifiers, all without users consent or disclosure, to a Chinese company named AdUps.
In the first incident, AdUps officials claimed the data transmission was a mistake and that it would be corrected but the recent findings show that information is still being sent. Blu responded to the claims in a July 31, 2017 press release.
“There is absolutely no spyware or malware or secret software on BLU devices, these are inaccurate and false reports,” the release said. “BLU is reaching out to several reporters to correct their articles and issue apologies, which BLU has started receiving.”
Kryptowire doubled down on its claims in an Aug. 2, 2017 statement clarifying that they stand by their findings and offered additional information to any interested parties upon request.
“We decided to provide more technical information to clarify press reports and to help others identify additional devices that might be affected,” the statement said. “We stand by our findings because we have clear forensic evidence, both in terms of code and in terms of network traces, to support them.”
As of Aug. 2 2017 some Blu models are still available for sale in the Amazon market.