BLU, a mobile phone vendor out of Miami, Florida, specializes in refitting Chinese phones with new hardware and software to make them appealing to the US market, then selling them at budget prices. Over the years, this has led the company to strip many a default app out of the Chinese phones that they rebrand and sell, resulting in their devices becoming known for a cleaner, more stock-like Android. Having nearly finished the process of migrating away from Chinese default apps, the last one that they were still using was an over the air software updating app from a firm out of Shanghai, known as Adups. As it turns out, this software was uploading user information, such as SMS messages, to a server in China, and as soon as BLU was alerted of this behavior by security research firm Kryptowire, they plucked the offending app from their source branches, replaced it with a Google-approved alternative, and began working on patches for existing BLU phones in the wild to do the same.
According to BLU CEO Sammy Ohev-Zion, BLU had no knowledge of this going on, and had even told Adups that they did not want their software on BLU devices going forward. That request was violated, which means that users of current BLU devices may have the app, and will have to wait for an update to remove it. Future BLU devices sold, including new units of the popular BLU R1 HD, will reportedly not have this issue, and patches are in the works for all affected devices currently still within their support lifetime.
BLU has learned a valuable lesson from this debacle; the company has vowed never again to use software that they can’t personally examine the source code for, and to that end, have gone full Google, ripping out all the proprietary and third-party software they can and replacing it with Google alternatives. BLU’s working relationship with Google has reportedly grown quite deep over the years, and all BLU phones put out on the market have to pass muster against Google’s standards. Additionally, Kryptowire will be monitoring all future BLU devices and notifying them of any suspicious activity on the part of software providers.