Secret software sent texts to China.
A U.S. company is facing a class action lawsuit following reports it sold thousands of Android phones containing software that sent consumers’ private messages to companies in China.
Miami-based Blu Products, which sells low cost phones through Amazon AMZN and BestBuy BBY , came to attention last week when the New York Times identified it as among the phone makers whose products contained a so-called “backdoor.”
In this case, the backdoor served to send copies of users’ text messages and phone call data every 72 hours to a Chinese software firm called Shanghai AdUps Technologies. It also relayed other data, such as information about location and app usage, every 24 hours. The Shanghai firm reportedly collects such data for advertising purposes.
Following the report of the secret backdoor, Blu Products told the Times that 120,000 of its devices had been affected and that it had pushed out a software update to stop them sending information to China. It also said it had not known about the backdoor.
Get Data Sheet, Fortune’s technology newsletter.
But the incident also led Rosen Legal, a firm specializing in class action lawsuits, to post a “security alert” warning consumers about the backdoor, and inviting those who had bought certain Blu Products devices to be part of an investigation and participate in the lawsuit. The notice also explained how consumers could determine if their devices had been affected by what the firm calls “spyware”:
Blu Products, for its part, dismissed the law firm’s allegations.
“This is a non issue and there is no wrong doing from BLU to warrant any such claim. There were no damages that anyone suffered, and this is a typical knee jerk ambulance chaser who dismisses details and is uneducated on the subject,” said Carmen Gonzalez, senior marketing director for Blu Products, said in an email to Fortune.
The controversy comes at a time of growing concern over how phones, and many other Internet-connected devices, are susceptible to hacking or intrusive software that records or transmits private information. This week, a security firm reported the existence of another powerful backdoor in over 3 million Android devices that permits third parties to monitor the device owners’ communications.