Low-cost Android phones collected calls, texts without permission

Several popular Android phones were collecting personal data -- such as text messages and call history -- without users' knowledge or consent, according to security firm Kryptowire.

Mobile phone company Blu sells low-cost Android phones and is a common sight on Amazon. Its $59 Blu Advance 5.0 is the No. 1 product the retailer's "unlocked cell phones" category. While that model wasn't affected, several other Blu phones were, including the Blu R1 HD. You can see the full list here.

Many low-cost Android phones, including several Blu models, "contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent," said Kryptowire in a release Tuesday.

Blu responded by publishing a "Security Concern" notice, which includes instructions for making sure your phone has the company's software patch to disable the data collection.

"BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices," Blu said in the security notice. "Our customer's privacy and security are of the upmost [sic] importance and priority."

Blu didn't immediately responded to a request for comment.

The data potentially collected was extensive, according to Kryptowire. "These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers."

Where did the data go? Kryptowire says the data was "transmitted periodically without the users' consent or knowledge" to a server located in Shanghai.