Amazon has suspended sales of smartphones from budget maker Blu for over claims that it was selling devices with data-harvesting malware built-in.
Last week, Kryptowire showed that the silent background data harvest was terminating at a company called Shanghai Adups Technology which, according to our information, offers Firmware Over The Air (FOTA). This means that the whole thing may be perfectly legit, but it's not necessarily entirely transparent.
However, Adups has been repeatedly accused of planting spyware on devices, along with back doors, to make getting more data in and out of devices even easier.
Moreover, Blu isn't a first time offender either. The former partner of Amazon's Prime Exclusive Phones in the US was first suspended last October when its Blu R1 HD was found to be sporting exactly the same tracking software. ZTE and Huawei were also fingered by Kryptowire for the same offence.
At the time, Blu said it was a "mistake" and took the spyware out. Along with the same spyware from the Life One X2 model it was also hidden in. Sometimes the system was even sending SMS messages back to base.
This time, however, the same security company found the same firm using the same company's spyware in more expensive models of phone stocked by the same retailer.
This time, though, they're collecting cell-tower data and even more personal ID.
A statement to CNET last week from Amazon stated: "Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved."
Blu has also been accused of patent violation by no less a firm than Blackberry.
According to The Verge, Blu said that it "has several policies in place which take customer privacy and security seriously".
All that aside, the company's smartphones have been well reviewed for their general stylishness, but the mainstream Android smartphone market - like the market for cheap laptops - is fiercely competitive.
Security expert Brian Krebs suggests that many manufacturers are therefore tempted to make up whatever they can by bundling in apps, sometimes of highly dubious provenance.
The Computing Cloud & Infrastructure Summit returns on Wednesday 20 September at the Hilton London Tower Bridge.
Hear the latest Computing research, case studies from industry pioneers, and pose your questions to our expert CIO panellists. Attendance is free to qualifying IT leaders and senior IT professionals, but places are strictly limited, so register now
Western Digital releases 20TB desktop drive with RAID-0 out of the box, but it will cost £620 to buy
Finally, a storage system that can just about hold your entire Steam library
Infected apps have been downloaded more than 50 million times
Customers of regular price-raising ISP and cable operator claim nationwide outages started on Monday
Pixel 2 smartphones and a Pixel-branded laptop also planned by Google