[alert variation=”alert-warning”]Update: On July 31, Amazon decided on stopping sales of all BLU phones based on security concerns, just days after this report was filed.[/alert]

Shanghai Adups continues to provide firmware to US phones seller BLU that can and does collect all sorts of data from your phone, security firm Kryptowire reports.

The controversy was first sparked last last year and prompted BLU to reportedly switch to Google-vended software updates and accuse its previous vendor of a breach in good faith while Shanghai Adups proclaimed innocence, saying that the issues “are not existing anymore.”

This time around, researcher Ryan Johnson claims that the firmware on three BLU models — including the Grand M and top-selling Advance 5.0 — allows Adups to take background control of the device. The processes are better concealed nowadays, but they are still there.

Apps can be installed out of thin air, screenshots and video capture can happen at random and factory resets could, too. All of this can be done while the user is none the wiser either during the process or at all. Plus, data such as IMEI, MAC address, your phone number and other identifiers gets sent to Shanghai Adups servers, too.

GPS coordinates aren’t covered, but network-approximated location is.

“It can generally locate a person, presuming they’re in an urban area,” Johnson said at the Black Hat conference in Las Vegas this week.

All these actions could be done on not just BLU phones, Johnson claims, but other low-cost phones from competitors as the devices run on MediaTek chipsets. They come with a companion app, “MTKLogger,” that’s susceptible to unsolicited privilege escalation — meaning that hackers can also take control of your phone if they please. Phones valued above $300 generally don’t have this firmware, meaning that people with vulnerable income are more likely to be affected to this “pretty widespread” problem.

Shanghai Adups claims that it deletes the data it receives, but there’s no telling what happens with the data between reception and deletion.

You May Also Like
Here is an HONOR 30S vs Samsung Galaxy S20+: Specs comparison

HONOR 30S vs Samsung Galaxy S20+: Specs comparison

Here is an HONOR 30S vs Samsung Galaxy S20+: Specs comparison
Galaxy A10s

Samsung releases Android 10-Based One UI 2.0 for Galaxy A10s

It is a budget offering from Samsung that was launched in Q3 of 2019.

Spike Video Chat is a great new free option for group video conferencing

Some of the other video conferencing options out there have been a security/privacy nightmare. Spike Video Chat is a new one with some very welcome advantages and improved simplicity.