Amazon Suspends Sales of Blu Android Phones Due To Privacy Concerns (cnet.com) 66
CNET reports: Amazon just put budget phone maker Blu in the penalty box. The online retailing giant told CNET that it was suspending sales of phones from Blu, known for making ultra-cheap Android handsets, due to a "potential security issue." The move comes after security firm Kryptowire demonstrated last week how software in Blu's phones collected data and sent it to servers in China without alerting people. Blu defended the software, created by a Chinese company called Shanghai Adups Technology, and denied any wrongdoing. A company spokeswoman said at the time it "has several policies in place which take customer privacy and security seriously." She added there had been no breaches. Blu said it was in a process of review to reinstate the phones at Amazon.
There are gradiations (Score:5, Insightful)
There are gradations in privacy. The fact that I'm ok with having some small portion of my data used by corporations whose services I utilize does not mean that I'm ok with massive violation of privacy without any notice at all by some other corporation.
What the Blu phone does is way over the line. They are not only secretly sending data to China, they have "a command-and-control channel that can execute code on a user’s phone as a system user." [cyberscoop.com]
This is not merely "spyware"-- this is actual spying, by a foreign power.
http://www.cbsnews.com/news/researchers-find-phones-secretly-sending-data-china/
Re: (Score:2)
This is not merely "spyware"-- this is actual spying, by a foreign power.
Agreed, although I'm not sure that "by a foreign power" is actually meaningful. Spying is spying, and it doesn't matter much whether the entities doing it are part of the same nation as you.
It does matter a little, though. If I have to be spied on, I'd rather it be by China (who has no real power or authority over me) than the US (who does).
Re: (Score:2)
The NSA and CIA have their hands full trying to spy on the entire ME, China, NK, Russia, Europe, and just about any other country of note and hardly have the time to spy on a bunch of twits who also claim using Facebook qualifies as a technical job skill.
Actually we all know the NSA and CIA happily share information they obtain by mass spying with local law enforcement agencies for offences that have nothing at all to do with national security.
The police call them "anonymous tips".
Re: (Score:3)
There is a 99.999% chance that you never do anything that would warrant anyone spying on you
True, but that doesn't stop them. The US, for example, isn't at all shy about the fact that they spy on all of us.
Google represents the number one threat to everyone's privacy. After them come the 10000's of commercial companies who either collect your data themselves or just buy your life story from some other commercial enterprise that has better capture technology.
Exactly correct! Although I'm at a loss as to why you're so eager to give Microsoft a pass on their spying. There's no such thing as "anonymized", and the amount they try to collect is the exact opposite of "small" -- although they, like Google, etc., graciously allow you to reduce -- but not eliminate -- the scope of their spying.
Also, just because some entities spy more than others doesn't mea
Re: (Score:3)
If I have to be spied on, I'd rather it be by China (who has no real power or authority over me) than the US (who does).
Exactly! If you are the government, or a corporation then foreign spies are indeed the biggest concern, but if you are an individual, your own government has far greater potential to mess with your life than most any foreign country. The Russians and the Chinese don't care if you order bongs online or donate money to radical groups or gamble on illegal sports or whatever.
Only your own government is uniquely positioned to use their spying against you.
I use LineageOS (Score:4, Interesting)
First thing I do with a new phone, I wipe it and install LineageOS. Somebody else builds the ROM and I don't have the time or resources to personally-inspect the source code, so it's mostly a more-trusted quantity; and everybody sees it and sees the build process, so there are at least a dozen primary developers, a couple hundred bored hobbyists, and the occasional security researcher looking at the built ROM and the source code. Between the diff against Android and the massive number of eyes on Android's source trees, a lot of people have to be involved in a conspiracy to mess with my phone for there to be anything intentionally-malicious in there.
I like OnePlus, but I'm not going to run their OS just so it can repeatedly try to sell themes to me. If there was a Lineage ChromiumOS, I'd put that on my Chromebook.
Re:I may be wrong about this... (Score:5, Informative)
BLU Phones are Easily Rootable, and until the R1 HD, did NOT have locked bootloaders that prevented the installation of TWRP Recovery. However, Because they used MediaTek Chipsets instead of QualComm, they were GSM Exclusive. (Meaning: No CDMA because QualComm has a Patent on it in the US.)
That means ATT and T-Mobile only (and their Associated MVNO carriers.) No Verizon, and no Sprint. CDMA is very pervasive in the US.
Most LineageOS (formerly Cyanogen Mod) Programmers are from the US, so because of that MediaTek based Phones are a Tiny, Tiny, Tiny Minority. Wal-Mart Stopped carrying BLU Phones in the US because People would buy them, find out they were on a CDMA Carrier, (Sprint, Verizon) and then Wal-Mart would be swamped with Returns.)
BLU started locking the Bootloaders with the R1 HD due to the Lock Screen ads. People removed the ads, and denying them ad revenue seemed like theft to BLU.
Re: (Score:2)
"I don't have the time or resources to personally-inspect the source code"
"everybody sees it and sees the build process,"
So you don't trust or inspect the code, you rely on others to do that. In other words, choose one community over the other.
Ok, in other words, you trust that community more than you trust the manufacturer and Amazon.
Which I understand, but I'm curious - You have some rational basis for that trust, beyond the size and presumed motivations/ethics/history of that COMMUNITY?
Not that they can
Re: (Score:3)
You have some rational basis for that trust, beyond the size and presumed motivations/ethics/history of that COMMUNITY?
One community is a corporate culture that builds an OS image in-house, publishes it for their particular phone, and gets scrutiny when someone decides to try to dismantle the binary image on their particular phone or snoop what's going out the cellular radio. Their OS can hide what's going out the radio, so they need a logic analyzer or specialized radio equipment (lots of effort, not necessarily lots of cost, enormous technical expertise). They can start with an open-source asset and modify it to their
Re: (Score:2)
Ok, in other words, you trust that community more than you trust the manufacturer and Amazon.
I do, too. It's a matter of a combination of incentives and track records.
Commercial corporations have no incentive to make my personal well-being and privacy a priority. They prioritize profit. And the track record of commercial entities makes it very clear that they adhere to those priorities.
Hobbyist communities have very different incentives and priorities. I don't think that they can be trusted completely, either, but the track record for them is vastly better than for companies.
Re: (Score:2)
This.
Any smartphone that I haven't placed my own OS on is a smartphone that cannot be trusted to even a minimal extent.
Re: (Score:2)
BLU, Adups, and MediaTek (Score:2)
I have a BLU Studio 5.0C, an, its rooted, and I removed ADUPS. However the version of Adups it used was not the version that was stealing people's info. I really like the quality of the Phone I have. I don't like that it has a MediaTek Chipset for which there is no Lineage OS Build.
BLU Needs to cough up Specs and Drivers to the Lineage OS Community, and start selling LineageOS on their phones, and don't put ADUPS on their Phones. They need to make amends with the Android Community. Because what they have be
Re: (Score:3)
However the version of Adups it used was not the version that was stealing people's info.
It's not the version that made the news, perhaps, but do you have any reason to think it's any different in terms of spying?
Re:Nanny-State Amazon (Score:5, Insightful)
News at 11. Amazon is going to suspend sales of Amazon Echo; followed by suspending their entire online shopping site due to "potential" security issues. Almost everything has potential security issues (other than a block of concrete 10 feet under), but as a customer, it's my right to make that trade-off.
As a customer it is your right to make that trade-off. You don't have the right to demand that Amazon be the one to sell it to you though.
It's your right to buy clam chowder but McDonalds doesn't have to sell it. It's your right to drive a Toyota Corolla, but your Honda dealership doesn't have to stock them. You're perfectly in your right to buy and wear a Rolex, but walmart doesn't have to have one waiting for you to buy.
Amazon has the right to choose not to sell BLU phones just as McDonalds has the right to not sell Clam Chowder.
I'm sure they don't want to be associated with spyware, or have negative customer satisfaction from people that buy those phones and incorrectly blame Amazon for selling them a spyware ridden phone. You may not blame Amazon but plenty of less tech savvy people would.
Re: (Score:3)
> calling them out as huge hypocrites when they sell plenty of other privacy invasive products
I don't think it is hypocrisy. The really invasive companies such as Google and Amazon have written in a lot of stuff, and spent a lot of money on lawyers, to handle data in aggregate, in ways that aren't supposed to invade our privacy, but still let them do targeted ads. This nuance is lost on you and I, sure (I, and probably you, want nothing to do with their endless parade of data hoarding), but it's still
Re: (Score:3)
You mean the Amazon that is marketing a device with a permanently-on microphone that listens to what you are saying and sends it to their servers? Yeah, I am sure they don't want to be associated with spyware.
What they mean (Score:4, Insightful)
Re: (Score:2)
I actually feel a bit better about this than say a Samsung TV sending your data unencrypted to anyone willing to cough up a dollar.
Comment removed (Score:3)
Re: (Score:2)
You're engaging in a false equivalency. All spying is bad, but some is worse than others. In this case, what Adups does is far worse than what any other company, even Google, does (that I'm aware of). It has nothing to do with being Chinese.
In fact, it wasn't all that long ago that a firestorm erupted when it was discovered that several US carriers had installed very similar software in US phones.
Re: (Score:2)
I wished we had installable and controllable firewalls. I use firewalls on my home computers that let me customize rules for the networks. I hate softwares that phone home for no reasons.
Re: (Score:2)
It's Google's handy design flaw of Android. Oops, little leak there.
Indeed, should you check with AppThority and others, you'll find that the misbehavior is mindboggling.
But here's the part that makes me crazy: no one gives a shit. They believe it's the price they pay. The technologists have been shown time and time again that people are sheep. They follow the herd. The herd hasn't the capacity fathom what data mining in China means, and so because it goes over their heads, it's a whoooosh situation. So the
Re: (Score:2)
or is that OK, because it is not China
Well ... yeah. Security and privacy are not binary. There are many things I couldn't care less about one non-descript entity knowing that none the less I would not want sent to another.
Some spying is worse than others.
Some actors doing the spying are worse than others.
BLU is a POS (Score:2)
The ONLY thing good about most BLU phones is that the touchscreen still functions after the screen cracks.
Oh, and the FM radio is at least guaranteed to work.
BT support sucks, hardware is RAM-starved, they rarely not do system updates, the list goes on and on...
Re: (Score:1)
The "high end" BLU phones are pretty decent and a great price.
I got a Studio Energy 2 for $120 or so new, and it worked fine with it's 1.5GB
I currently have a Life one X 2, and it has 4GB, and fast charge, was $180
Amazon doesn't know what it's talking about. (Score:2)
Re: (Score:3)
Seems to me that privacy issues are a subset of security issues.
Re: (Score:2)
that's a *PRIVACY* issue, not a *SECURITY* issue.
Privacy issues are security issues.
Re: (Score:2)
But it's not exactly the same. None Amazon, Facebook, Microsoft, Google, etc., all tell you they're doing it (so you're making an informed choice if you use their services), and amount of data they collect isn't as comprehensive.
Bold Like Us (Score:1)
Android is the worst thing ever. (Score:1)
Truly horrible garbage. Any idiot who walks around with a brick of spyware in their pocket is no geek, but a buffoon.
Re: (Score:3)
Shanghai Adups (Score:2)
Shanghai Adups = "Shanghai American Dups"?
Punctuation is critical. (Score:3)
Go ahead (Score:2)