Yesterday Kryptowire researchers reasserted their claims that certain Android phones manufactured by Blu sent sensitive information to third parties in China, claims which Blu denies. Kryptowire issued a statement clarifying that it stands by its findings and offered additional information to any interested parties upon request.
Earlier this week Amazon announced it is suspending sales of certain Android phones manufactured by Blu after a Black Hat presentation claimed that three of the firm's models sent sensitive information to third parties in China.
Kryptowire researchers announced the findings at the conference in Las Vegas last week, eight months after the firm first warned Amazon in November 2017 that Blu devices contain firmware that transmits information including text messages, contact lists, call histories, and unique device identifiers, all without users' consent or disclosure, to a Chinese company named AdUps.
In the first incident, AdUps officials claimed the data transmission was a mistake and that it would be corrected but the recent findings show that information is still being sent. Blu responded to the claims in a July 31, 2017 press release.
“There is absolutely no spyware or malware or secret software on BLU devices, these are inaccurate and false reports,” the release said. “BLU is reaching out to several reporters to correct their articles and issue apologies, which BLU has started receiving.”
Kryptowire's latest statement says, “We decided to provide more technical information to clarify press reports and to help others identify additional devices that might be affected. We stand by our findings because we have clear forensic evidence, both in terms of code and in terms of network traces, to support them.”
As of 2nd August 2017 some Blu models were still available for sale on Amazon.