Blu Products, the leading seller of unlocked smartphones in the US, has revealed a serious security problem with a bunch of its products. It says a third-party app called "Wireless Update" has been "collecting unauthorized personal data in the form of text messages, call logs and contacts from customers" on some devices. While the app has been "self-updated" and is no longer siphoning data, Blu advises users to check their phones and call customer service if an older version of the app is still installed.
If you're drawing a blank on Blu, the Florida-based company is actually the largest manufacturer of unlocked cell phones in the US, having sold over 5 million of them in 2015, according to eMarketer. It sells even more in Latin America and elsewhere, with total sales of around 35 million in 40 countries, according to the company. The problem with the app (from a company called Adups) affects around 120,000 phones, the company tells Engadget.
Even though only six models are affected out of dozens sold, the sheer numbers and nature of the breech obviously make it a serious issue. Needless to say, collecting private user and contact info without permission is illegal and could let thieves access passwords or financial data. What's worse, Blu is apparently still using "Wireless Update" as a core OTA app on certain models. We've reached out for more info, but you should check if your phone is affected and contact the company's customer support line if so.
Update: In an email exchange, Blu Products told Engadget that the data breech issue, caused by a third-party app from a firm called Adups, is limited to about 120,000 phones. A spokesperson said it uses the product for OTA updates as it's "the only reputable company that provides this service today." However, she adds that "we are now working with Google to switch to use Google's OTA and servers for future products in the near-term future." The article has been updated to include this information.