On April 30,2018, the Federal Trade Commission (FTC) announced a settlement with mobile phone manufacturer BLU Products and its owner over allegations that the company failed to implement appropriate procedures to oversee their service providers’ security practices, which allowed the service provider to install software containing commonly known security vulnerabilities on consumers’ mobile devices and to collect detailed personal information about consumers, such as text messages and location information, without consumers’ notice and consent.

According to the FTC’s complaint, BLU and its owner contracted with China-based ADUPS Technology to preinstall certain security software on BLU devices. The complaint alleged that, unbeknownst to consumers, the ADUPS software on BLU devices transmitted their personal information to ADUPS servers, including contents of text messages, real-time location data, call and text message logs, contact lists, and a list of applications installed on the device. The FTC did not allege that ADUPS used or disclosed consumers’ personal information.Continue Reading Feeling BLU: What You Need to Know About Overseeing Your Service Providers