From Ars Technica
Phone maker BLU is settling charges that it allowed a China-based partner to collect a mountain of customers’ personal data—including full content of text messages, real-time locations, telephone numbers, contacts, and installed apps—despite promises it would keep such details private.
Under a settlement with the US Federal Trade Commission announced Monday, BLU agreed to implement a “comprehensive data-security program” to prevent similar privacy leaks in the future. Both the company as a whole and co-owner and president Samuel Ohev-Zion are barred from misrepresenting the extent to which they protect the privacy and security of personal information. The company further will be subject to third-party assessments of its security program every two years for 20 years and must comply with record-keeping and compliance-monitoring requirements.
The settlement stems from research published in November 2016 by security firm Kryptowire. It found that BLU phones…