Some especially sneaky spyware, which takes all of a user’s messages and browsing data and quietly ships it to servers in China, was recently discovered on some inexpensive Android devices sold in this country. Two customers who own the offending phones have filed a class action against the company that sold them here in the United States, on behalf of the buyers of at least 120,000 devices.

The Adups program, which was installed on the firmware of affected devices, would reportedly scoop up data, including call logs, text messages, and contact lists, and send it to a company server in China. The same software runs on hundreds of millions of phones in China, but American consumers were not keen on the idea.

“It was obviously something that we were not aware of,” the CEO of BLU Products told the New York Times after the problem was first discovered. “We moved very quickly to correct it,” noting that Adups in China said that all American customers’ data had been destroyed.

After the spyware and its possible vulnerabilities were discovered, the company updated the phones’ firmware. However, in one of the class actions filed since the news broke, the plaintiffs claim that it is possible for the companies to put the software back on at any time.

“Despite the firmware update that purports to remove the spyware functions,” their attorneys wrote in the initial complaint [PDF], “the defendants, at any time, can push an update to the products that restarts the spyware functionality.” Oh, goody.

The plaintiffs also complain that the uploads interfered with the functioning of their phones and gobbled up their data allotment to send their data back to the mothership in China without permission.