Blu Products has reached a settlement agreement with the U.S. Federal Trade Commission over allegations that it allowed its phones to surreptitiously collect owner data. Blu installed software from a China-based company called ADUPS Technology. The software was intended to help issue security and operating system updates to Blu devices. ADUPS, however, ferreted tons of user data, including calls and text messages with phone numbers and content, contact lists, installed app lists, and real-time location.
The FTC said Blu misled customers by claiming only the needed information was collected, and then further falsely claimed that it had implemented measures to protect consumer information. Moreover, ADUPS’ software was insecure and left owners of Blu phones vulnerable to attack. At one point, Amazon.com ceased selling Blu handsets.
Under the terms of the settlement with the FTC, Blu is cannot mislead customers about the information it collects, why that info is collected, and what it does with the information. It must also put into practice comprehensive security measures to address security risks.
Blu will be subject to third-party audits very two years for 20 years to ensure compliance. Blu will not have to pay a fine. Blu Products is based in Miami and makes low-cost phones.
