Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

OnePlus is collecting user data without permission, and you should be scared

A more fitting name if this trend of fails continues. (Source: CHEIL India)
A more fitting name if this trend of fails continues. (Source: CHEIL India)
OnePlus has dropped the ball yet again, with a user discovering a data siphon that sends his private phone information and logs to a remote OnePlus server.
Ricci Rox,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Public perception of OnePlus must be at an all-time low, with issues like inverted displays, emergency number dialing shenanigans, and the continued discontinuation of software support leading to unrest among fans of what used to be one of the most consumer-focused smartphone brands. The latest issue, one that proves OnePlus sends user data directly to its servers without permission, will do the company's PR no good.

The finder of the data siphon, Chris Moore, owner of a UK-based security and tech blog, has outlined the methodologies behind him discovering the leak. Apparently, after hooking up his phone to a security tool, he found requests to OnePlus's "open.oneplus.net" domain. The information transmitted included:

  • Reboot timestamps
  • Charging timestamps
  • Screen on/off timestamps
  • Device firmware details
  • Device serial number
  • Device IMEI
  • MAC address
  • App processes and accompanying timestamps

All of these are damning details that compromise the user's security and privacy, and it's a bit shocking that such a large brand would do this without requesting for permission. Probably because no one in their right senses would grant permission to such an intrusive request, we expect.

While this may be a shocking move by the OEM, Android being open-source means that there are ways to stick it to them. You can either install a security tool like NetGuard and block off that domain, or freeze the transmitting apps (OnePlus Device Manager and OnePlus Device Manager Provider), if that doesn't mess up your ROM, that is, or simply block those apps from having access to your data. Better still, you could wipe OxygenOS off your phone and install a custom ROM like Lineage OS.

Shame on you, OnePlus.

Thanks to Reddit's vulgarly-named /u/PM_ME_D*CK_PICTURES for the tip!

Source(s)

Read all 8 comments / answer
static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Ricci Rox
Ricci Rox - Senior Tech Writer - 1851 articles published on Notebookcheck since 2017
I like tech, simple as. Half the time, you can catch me writing snarky sales copy. The rest of the time, I'm either keeping readers abreast with the latest happenings in the mobile tech world or watching football. I worked as both a journo and freelance content writer for a couple of years before joining the Notebookcheck team in 2017. Feel free to shoot me some questions on Twitter or Reddit if it so tickles thine fancy.
contact me via: @riccirox, LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 10 > OnePlus is collecting user data without permission, and you should be scared
Ricci Rox, 2017-10-10 (Update: 2017-10-10)