Blu-Pure-XR-Review-AA11

In today’s tech industry, it’s hard to find two hotter topics than ‘security’ and ‘globalization.’ With so much of our technology – both hardware and software – coming from companies overseas, sometimes what lands on our devices isn’t what it first appears. Today we spoke with BLU CEO Samuel Ohev-Zion about the challenges of dealing with security and 3rd party software.

Earlier this month, BLU became aware that a Chinese company called Adups had slipped some troubling software onto some of their smartphones. Adups was originally hired by BLU to provide an application which performs the important function of keeping users up to date by managing over-the-air (OTA) firmware updates. What BLU didn’t know was that, during a short period of time, one of the versions for this application being used by BLU had code which collected user data in the form of text messages, and call logs, and periodically sent it back to China.

Fortunately, due to legal agreements established beforehand, this data never left servers in China. BLU quickly scrubbed the unwanted behavior from the Adups application on the affected devices via an OTA update and has verified that no end-user data was compromised in the debacle.

“The thing is, we had no intention of collecting this user data. We don’t have any use for that kind of information,” said Samuel Ohev-Zion. “That software didn’t involve us, and the data that Adups was collecting was unacceptable and without excuse. We’ve taken steps to ensure that something like this will never happen again on our devices.”

We had no intention of collecting this user data

Ohev-Zion is here referring to BLU’s partnering with Google to bring Google’s own robust OTA procedures, along with regular security updates to their smartphones, which will weed out any future threats. As a growing brand in the mid-range market, BLU’s joint action with Google stands to improve user privacy and protection in a key area of the Android ecosystem.

This brush with customer privacy and 3rd party applications concerns was an eye-opener for BLU, and though the company moved quickly to strip it from their devices, Ohev-Zion warns that other phone makers using similar software may be turning a blind eye.

Indeed, some manufacturers actually collect this same data via customer “consent” through sneaky privacy policies that few users ever read. BLU had no such privacy policy because the company didn’t intend to collect this data.

“Other manufacturers are doing this without user awareness,” said Ohev-Zion. “We weren’t even aware of the issue until Kryptowire uncovered it, and we were under the impression that Adups had followed our requests [regarding user privacy]. As soon as we our internal team verified the exploit, we took immediate steps to shut it down.”

BLU even took an additional step to hire Kryptowire, the security firm which found the vulnerability on the Adups application to audit the app’s behavior moving forward.

As Tom Karygiannis, Ph. D. VP of Product at Kryptowire reports:

Kryptowire analysis on November 14th shows that the updated Adups firmware on the BLU R1 HD device does not appear to send the text message, call log, and contact information. Kryptowire will continue to monitor the BLU R1 HD for the next 12 months.

Adups software is still present on major brand-name devices worldwide. Adups claims that their popular OTA application is in over 700 million phones currently existing in the global mobile market, and it’s wholly possible that they might be sharing more about you than you want. Furthermore, the vast majority of these handsets aren’t under the scrutiny of security professionals like Kryptowire.

With this experience under their belt, Ohev-Zion says BLU is dedicated to leading the charge in improving the Android ecosystem in terms of security and user privacy. Their partnership with Google will be an ongoing endeavor that Ohev-Zion hopes will serve as an example for other companies using such technologies.

These are important steps for companies like BLU to make. Globalization is here to stay, as are security concerns. Market demands mean that we can’t always pick and choose where smartphone components come from, but companies dealing with international technology need to take similar measures to ensure user privacy is maintained.