[alert variation=”alert-warning”]Update: On July 31, Amazon decided on stopping sales of all BLU phones based on security concerns, just days after this report was filed.[/alert]

Shanghai Adups continues to provide firmware to US phones seller BLU that can and does collect all sorts of data from your phone, security firm Kryptowire reports.

The controversy was first sparked last last year and prompted BLU to reportedly switch to Google-vended software updates and accuse its previous vendor of a breach in good faith while Shanghai Adups proclaimed innocence, saying that the issues “are not existing anymore.”

This time around, researcher Ryan Johnson claims that the firmware on three BLU models — including the Grand M and top-selling Advance 5.0 — allows Adups to take background control of the device. The processes are better concealed nowadays, but they are still there.

Apps can be installed out of thin air, screenshots and video capture can happen at random and factory resets could, too. All of this can be done while the user is none the wiser either during the process or at all. Plus, data such as IMEI, MAC address, your phone number and other identifiers gets sent to Shanghai Adups servers, too.

GPS coordinates aren’t covered, but network-approximated location is.

“It can generally locate a person, presuming they’re in an urban area,” Johnson said at the Black Hat conference in Las Vegas this week.

All these actions could be done on not just BLU phones, Johnson claims, but other low-cost phones from competitors as the devices run on MediaTek chipsets. They come with a companion app, “MTKLogger,” that’s susceptible to unsolicited privilege escalation — meaning that hackers can also take control of your phone if they please. Phones valued above $300 generally don’t have this firmware, meaning that people with vulnerable income are more likely to be affected to this “pretty widespread” problem.

Shanghai Adups claims that it deletes the data it receives, but there’s no telling what happens with the data between reception and deletion.

You May Also Like

Pocketnow Daily: Samsung Galaxy S11 SPOTTED In the Wild! (108MP Unique Camera) (video)

On today’s Pocketnow Daily, we talk about the real life leaked images of the Samsung Galaxy S11, the new OnePlus 8 Lite and more
Galaxy S10 Lite Note 10 Lite

We have the leaked prices for the Samsung Galaxy S10 Lite, Note Lite, A51 and A71

We are waiting for an official launch of the Samsung Galaxy S10 Lite and Note 10 Lite, but while we wait, here’s their rumored pricing

Amazon has great deals on the Pixel 4 XL, Surface Pro, 6 and more

Check out the latest deals from Amazon that include products from Google, Microsoft, GoPro and more