Blu Adopts Google OTA Software After Chinese Back Door Controversy

Blu Adopts Google OTA Software After Chinese Back Door Controversy

Smartphone company Blu came under the radar after its Blu R1 HD was found to transmit personally identifiable information (PII) to servers in China via a back door. Blu was fast to react to the issue, and released a software update that apparently stopped the transfer of data. Furthermore, Amazon stopped listing the unit on its site for purchase. Now, Blu has announced that it is ending ties with third party OTA update provider Adups, and is adopting the standard Google OTA method.

Security firm Kryptowire had revealed that Adups was the reason of this non-transparent data transfer between the smartphone and Chinese servers. Blu CEO Sammy Ohev-Zion confirmed to PC Mag that future smartphones from the company will be shipped with the standard Google OTA software. “Any new model that launches from December onwards will have Google’s OTA application instead of Adups,” he told the publication.
Ohev-Zion said that this pertains to all Blu smartphones, not just the R1 HD. “We will not install third-party applications where we don’t have the source code and don’t understand the behaviour. Today, no Blu phone has this problem,” Ohev-Zion pledged.

Information that was collected and transmitted included the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) from a user’s phone. In some versions of the software, it even included fine-grained location. This transfer was happening without any initiation to the customer.

Notably, even anti-virus and other security software on phones were not able to discover the threat, as they normally disregard software already bundled on the phone by the smartphone manufacturer. Adups software was used in a variety of smartphones by Chinese and other manufacturers. If you’d like to check if your smartphone is affected, look for these APK files on your smartphone – com.adups.fota and com.adups.fota.sysoper.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s