Update (8/5): Amazon has resumed selling some Blu phones after reviewing information sent by the maker. Meanwhile Blu has announced they're getting relisted calling it a "false alarm," it must be harsh to be out of Amazon if you're a small phone manufacturer.

Back in November last year, security firm Kryptowire discovered spyware on some unlocked budget Android handsets made by US manufacturer Blu Products. Sales were halted for a month, but it seems that wasn't the end of the matter. Amazon has just suspended the company from selling on the site, again, because the malicious software is apparently still present.

The app in question is developed by a Chinese firm called Shanghai Adups Technology Company. Kryptowire researchers discovered it was collecting user data from the Blu R1 HD phone and surreptitiously sending it to servers in China.

During last week's BlackHat security conference in Las Vegas, Virginia-based Kryptowire said certain Blu phones still contained the spying software, which it claims makes the handsets vulnerable to remote attacks, as well as call and text logging.

"They replaced [the malware] with nicer versions. I have captured the network traffic of them using the command and control channel when they did it," said Kryptowire co-founder Ryan Johnson. He found the information being sent overseas included what apps were installed on the phone, MAC addresses, IMEI, phone numbers, and cell phone tower IDs.

A Blu spokeswoman denies the company has done anything wrong, stressing that it has "several policies in place which take customer privacy and security seriously." Regarding the data collection, the company said:

The data that is currently being collected is standard for OTA functionally and basic informational reporting. This is in line with every other smartphone device manufacturer in the world. There is nothing out of the ordinary that is being collected, and certainly does not affect any user's privacy or security [...] Regarding that some information may be stored in China servers, their privacy policy clearly states that some of the data collected can be stored in servers outside the US, there is absolutely nothing wrong with having a server in China.

But it seems Amazon isn't happy with Blu's explanation. The retail giant told CNET that "because [the] security and privacy of our customers are of the utmost importance," it has stopped sales of Blu handsets.