Notebookcheck

OnePlus is collecting user data without permission, and you should be scared

A more fitting name if this trend of fails continues. (Source: CHEIL India)
A more fitting name if this trend of fails continues. (Source: CHEIL India)
OnePlus has dropped the ball yet again, with a user discovering a data siphon that sends his private phone information and logs to a remote OnePlus server.

Public perception of OnePlus must be at an all-time low, with issues like inverted displays, emergency number dialing shenanigans, and the continued discontinuation of software support leading to unrest among fans of what used to be one of the most consumer-focused smartphone brands. The latest issue, one that proves OnePlus sends user data directly to its servers without permission, will do the company's PR no good.

The finder of the data siphon, Chris Moore, owner of a UK-based security and tech blog, has outlined the methodologies behind him discovering the leak. Apparently, after hooking up his phone to a security tool, he found requests to OnePlus's "open.oneplus.net" domain. The information transmitted included:

  • Reboot timestamps
  • Charging timestamps
  • Screen on/off timestamps
  • Device firmware details
  • Device serial number
  • Device IMEI
  • MAC address
  • App processes and accompanying timestamps

All of these are damning details that compromise the user's security and privacy, and it's a bit shocking that such a large brand would do this without requesting for permission. Probably because no one in their right senses would grant permission to such an intrusive request, we expect.

While this may be a shocking move by the OEM, Android being open-source means that there are ways to stick it to them. You can either install a security tool like NetGuard and block off that domain, or freeze the transmitting apps (OnePlus Device Manager and OnePlus Device Manager Provider), if that doesn't mess up your ROM, that is, or simply block those apps from having access to your data. Better still, you could wipe OxygenOS off your phone and install a custom ROM like Lineage OS.

Shame on you, OnePlus.

Thanks to Reddit's vulgarly-named /u/PM_ME_D*CK_PICTURES for the tip!

Working For Notebookcheck

Are you a loyal reader of notebookcheck? Are you a techie who knows how to write? Then join our Team!

Especially wanted: 
German-English-Translator - Details here
Review Editor - 
Details here
News Editor - Details here

 

 

 

 

 

 

 

 

 

 

Source(s)

Read all 8 comments / answer
static version load dynamic
Loading Comments
Comment this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 10 > OnePlus is collecting user data without permission, and you should be scared
Ricci Rox, 2017-10-10 (Update: 2017-10-10)
Ricci Rox
Ricci Rox - News Editor - @riccirox
I'm a freelance copywriter who lives and dies for tech. Android, ​especially. The smartphone market is one going through an impressive growth spurt, so I crawl the Internet with keen interest in a technological ecosystem that doesn't seem to be slowing down anytime soon.