Several BLU phones have been secretly sending personal data via third-party app

The unlocked smartphone company BLU has now admitted that several of its handsets have been secretly sending out personal data collected from their owners. The data was transmitted via a third-party app that was installed on six of its phones.

According to The New York Times, the security firm Kryptowire first discovered that an app in some of BLU’s phones was transmitting data to a Chinese server every 72 hours. It’s not yet clear if the data was being mined for advertising purposes or to collect intelligence for the Chinese government. However, the story adds that the company that wrote the software, Shanghai Adups Technology Company, claims the app was made for a Chinese phone manufacturer to monitor users. It also claims it was not meant to be installed on handsets sold to a U.S. audience.

BLU has since admitted that about 120,000 of its phones “had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers” via the “Wireless Update” app. The six phone models that were affected are the R1 HD, the Energy X Plus 2, the Studio Touch, the Advance 4.0 L2, the Neo XL, and the Energy Diamond.

BLU now claims the offending app “has since been self-updated and the functionality verified to be no longer collecting or sending this information.” However, it’s likely that many BLU phone buyers won’t be able to trust the company again after this serious breach of security.  There’s no word if the company will offer any refunds, but it did say, “Our customer’s privacy and security are of the utmost importance and priority” and that any customers with questions about this situation can call them at 1-877-602-8762 or email them at service@bluproducts.com.

If you own a BLU smartphone, or were thinking of buying one, has this discovery put you off on getting any future handsets from the company?