Blu is Getting Rid of Data-Stealing Malware via an OTA Update

Florida-based budget Android phone maker Blu says it is updating phones infected with user data-stealing malware. Kryptowire first reported a month ago that phones had this malware loaded onto them. The issue was a pre-installed service on the phones that monitored communications from the users, even occasionally sending text messages to a keyword-searchable archive on a Chinese server. The offending service was part of the OTA update module provided by third-party company Adups. Blu has rolled out the fix by starting to use Google’s standard over-the-air firmware-updating tool instead of using the software provided by Adups.

After the unfortunate news became public, Amazon halted their sale of all phones from Blu, which previously was the most popular unlocked phone Amazon was selling mainly because the phones sell for around just $50. The main places where Blue sells it products are large retailers such as Amazon.

The revelations from Kryptowire last month called into question Blu’s business model of buying up cheap Chinese smartphones and relying on some of the devices’ third-party software. Blu has now signed a deal with Kryptowire to have its phones monitored for the upcoming year for any malicious software. Blu CEO Sammy Ohev-Zion also pledged the company will no longer install any third-party service on its phones for which it does not have the source code and a full understanding of the functionality.