Blu settles with FTC over allegations of lax user data security

A subcontractor farmed customer data and Blu misled how much it was protecting them.

Sponsored Links

Bloomberg via Getty Images
Bloomberg via Getty Images

Unlocked mobile phone retailer Blu has settled with the FTC over allegations that it didn't protect consumers from a Chinese company that farmed their data and misled users about the extent of it. The device maker won't get slapped with a fine, but as part of the agreement, it can't misrepresent how it protecting customer privacy and security. It will also need to adopt a program that addresses risks for protecting user information and be audited every two years for the next two decades to ensure compliance.

Blue had contracted ADUPS for third-party apps that would come preinstalled on phones. Back in 2016, the device maker admitted that the software ended up collecting far more consumer data than it was supposed to, including text messages, real-time location data, call and text message logs, contact lists and application rosters.

While Blu assured customers that a software update would protect them from such collection, the FTC claimed that the company continued to allow it on older devices. This was so obvious that Amazon removed Blu products from its platform last fall.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget