If you're drawing a blank on Blu, the Florida-based company is actually the largest manufacturer of unlocked cell phones in the US, having sold over 5 million of them in 2015, according to eMarketer. It sells even more in Latin America and elsewhere, with total sales of around 35 million in 40 countries, according to the company. The problem with the app (from a company called Adups) affects around 120,000 phones, the company tells Engadget.Blu's Advance 5.5 HD is $90 on Amazon
Even though only six models are affected out of dozens sold, the sheer numbers and nature of the breech obviously make it a serious issue. Needless to say, collecting private user and contact info without permission is illegal and could let thieves access passwords or financial data. What's worse, Blu is apparently still using "Wireless Update" as a core OTA app on certain models. We've reached out for more info, but you should check if your phone is affected and contact the company's customer support line if so.
Update: In an email exchange, Blu Products told Engadget that the data breech issue, caused by a third-party app from a firm called Adups, is limited to about 120,000 phones. A spokesperson said it uses the product for OTA updates as it's "the only reputable company that provides this service today." However, she adds that "we are now working with Google to switch to use Google's OTA and servers for future products in the near-term future." The article has been updated to include this information.