OnePlus found collecting sensitive user data, including phone numbers

OnePlus found collecting sensitive user data, including phone numbers

Earlier, there have been reports on OnePlus manipulating benchmarks and incorrect mounting displays but this time around, Moore while participating in the SANS Holiday Hack Challenge chose to check the internet traffic from his phone OnePlus2 2.

As well as hoovering up details such as users' phone and IMEI numbers, MAC addresses and mobile network names, Moore revealed that OnePlus was collecting timestamped details such as when the user locked the device and when apps were opened and closed.

OnePlus is collecting private user data without people's permission. In the recent past, OnePlus has been accused for manipulating benchmarks, incorrectly mounting displays, incompetency in providing adequate device support and now the company has been reportedly found guilty of collecting user data without their knowledge. Moore writes: "Unfortunately, as a system service, there doesn't appear to be any way of permanently disabling this data collection or removing this functionality without rooting the phone".

The data collection has been sourced to a system application called "OnePlus System Service" which uses cannot be turned off but can be disabled every time you turn your device on. The representative didn't provide an explanation as to why OnePlus didn't simply have users opt-in for this instead of having it covertly happening in the background. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour.

More news: Bale will try to persuade Chris Coleman to stay with Wales

The OnePlus team responded to the data collection claims, and told Android Police, "We securely transmit analytics in two different streams over HTTPS to an Amazon server". Also, the statement does not address privacy concerns. This transmission of user activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program".

Czekanski's method does not require rebooting as OnePlus Device Manager (app responsible for sending data) can be removed via ADB tool and USB debugging enabled. However, Jakub Czekański has provided a suggestion on how to disable them permanently.

The data that OnePlus is accessing ranges from device information like the phone's IMEI and serial number to user data like reboot, charging, screen timestamps as well as application timestamps.
Other Chinese OEMs like OPPO, Vivo and Xiaomi have also been accused in the previous year for sending sensitive user information to Chinese servers at regular intervals. But, notes the company, this is to understand the problems that the users are facing and solve them in the forthcoming update.

Related Articles