Most cell-phone-using Americans might not be familiar with BLU, a Miami-based tech company that makes budget-level Android phones and sells them at markedly cheap prices. But the Federal Trade Commission (FTC) alleges some third-party Chinese data-collection agencies knew BLU well. The company was secretly selling phones infected with spyware that sent users' cell-tower location data, call- and
The scandal, which has been rocking tech communities for years but has largely gone unnoticed in the local media, came to a head this week after the FTC announced it had settled with BLU and was dropping its deceptive-practices complaints against the company.
"Mobile phone manufacturer BLU Products, Inc. and its co-owner have reached a settlement with the Federal Trade Commission over allegations that the company allowed a China-based third-party service provider to collect detailed personal information about consumers, such as text message contents and real-time location information, without their knowledge or consent despite promises by the company that it would keep such information secure and private," the FTC announced Monday. "As part of the settlement, BLU must implement a comprehensive data security program to help prevent unauthorized access
BLU Products, which is headquartered on NW 33rd Street in Doral, was founded by a Miami native and Marine and Science Technology High School (MAST) graduate, 39-year-old Samuel Ohev-Zion. According to the Miami Herald, Ohev-Zion was arrested in 2003 for drag-racing at more than 100 mph across the Rickenbacker Causeway and subsequently fleeing the scene of a crash in which five people had allegedly been hurt. Court records show the charges were dropped after he completed a pretrial diversion program.
BLU says on its website that it operates an 80,000-square-foot warehouse in South Florida and has been manufacturing phones under the BLU name since 2010. Its business model seems to just be manufacturing phones at dirt-cheap prices: While a new iPhone X might run more than $1,000, prices for "unlocked" BLU smartphones on the company's official Amazon.com page range from just $59.99 to $287.
As of 2013, BLU became one of the fastest-growing phone companies in Latin America, where it sold 4.1 million units in 2013. The Verge, a tech-news outlet, questioned whether the then-fledgling company in 2013 could one day "beat Samsung."
BLU also currently sponsors the Valencia CF pro-soccer team in Spain, one of the more popular and successful teams in the top Spanish La Liga circuit. (They've won six La Liga championships, seven Copa Del Rey titles, and twice been UEFA Champions League runners-up.) BLU's name is currently emblazoned across the team's jersey kits and all over their 49,500-seat stadium. The sponsorship deal began in
"To our new friends from BLU, I would like to say to them that I am sure that they will find this partnership very beneficial, and we hope to take off together this season and fly very high together," club President Anil Murthy announced last year. "Valencia CF must be better by the day, and allying ourselves with a cutting edge company who are innovative and ambitious is going to help us to make that happen."
solidez y equilibrio
— Valencia CF (@valenciacf) May 2, 2018
El @valenciacf Ataca y defiende como un colectivo
Todos reman https://t.co/XdPn1pVhPr
News broke about the Adups spyware in November 2016 after the mobile-security firm
In response, Amazon temporarily stopped selling some BLU phones, and BLU in December 2016 pledged to replace the Adups software with programs from Google.
But
Instead, Amazon temporarily pulled BLU's phones from its website again in August 2017, one week after the Black Hat conference. And last month, the FTC hit BLU with a formal "deceptive practices" complaint alleging that the company had misled users into believing the company was collecting only routine, necessary data and that it had falsely told consumers it had in place privacy procedures to protect their data.
"As a result, ADUPS collected sensitive personal information via BLU devices without consumers’ knowledge and consent that it did not need to perform its contracted services," the FTC said in a release Monday. "In addition, ADUPS software preinstalled on BLU devices contained common security vulnerabilities that could enable attackers to gain full access to the devices."
Corrections: Several points in this story have been changed to reflect that the FTC did not allege Blu had actively share data and that the company had policies in place to protect data.