You might have heard of the Blu R1 HD. This is the top selling phone on Amazon, and for good reason; it costs just $60. However, last November researchers found out something about the phone that raised more than a few eyebrows. The phone caught sending private data to China. The company behind the spying software, Shanghai Adups Technology, called this a mistake. However, it has been discovered that the software provider is still doing the same thing on other phones. Now, however, the software has become more secretive about its activities.
At the recently held Black Hat security conference, researchers from Kryptowire, a security firm, revealed that Adups’ software is still sending devices’ data to a company server in China without alerting people. Kryptowire said it has observed Adups sending data without telling users on at least three different smartphones. However, an Adups spokesperson said that the company had resolved the issues way back in 2016, and that the issues do not exist anymore.
It is worth mentioning that Adups’ secret data funneling to China was discovered mostly because the Blu R1 HD was the top-selling phone on Amazon. The issue still persists on other low-profile devices, according to Kryptowire. For example, the Blu Grand M, which goes for between $60 and $75, still had this problem six months after Adups admitted their mistake. The researcher discovered that the phone was sending data to China containing a list of installed apps, used apps, unique phone identifiers like the MAC address and IMEI, and also the phone number and cell phone tower ID. Now, some of the more aggressive spying would send a person’s browsing history and bookmarks.
This spyware has not been found on devices that cost more than $300, as Adups is mostly installed on cheaper devices. Also, it is not restricted to Blu devices. In fact, it seems pretty widespread on lower-end smartphones. It is still unclear what happens with the data once it gets to the servers in china, though.