OnePlus 5, OnePlus 3, OnePlus 3T and OnePlus 2 may be collecting and sharing too much user data without permission

OnePlus 5 vs OnePlus 3T

The hype around the follow-up to OnePlus 5, the OnePlus 5T, is already building and in fact, some sections are already talking about the 2018 OnePlus 6, months before the phone’s expected release.

Even as this is happening, OnePlus has found itself in an awkward position, almost similar to what we’ve seen before with respect to Chinese OEMs, where the owners of the company’s OnePlus 5, OnePlus 3 and OnePlus 3T are apparently being monitored without their knowledge.

OnePlus is already dealing with a backlash from its customers following the decision to discontinue the much-needed support for OnePlus 2, a phone that was released in 2015. After the launch of the OnePlus 5, the company had to deal with claims of faking benchmarks as well as criticisms over its copy-pasting of Apple’s iPhone 7 Plus design and sooner than later, the company was also in hot soup after it was discovered that dialing 911 on the phone was not possible.

Just as the company is almost finding its rightful place in the smartphone industry, things have once again turned south, with reports that anyone using the company’s OxygenOS is at risk. According to a UK-based security blog owned by Chris Moore, OnePlus has been gathering personal information and transmitting the same without the consent of users.

Through the domain open.oneplus.net, the company was collecting private device and user information from his OnePlus 2 handset and sending it to an Amazon AWS instance without permission. The data in question range from the phone’s IMEI, serial and even the cellular number, mobile network name, MAC address, IMSI prefix, wireless network ESSID and BSSID as well as other user data such as charging, rebooting, application and screen timestamps.

According to Moore, the code that is responsible for this transmission of personal data from OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 phones is associated with the OnePlus Device Manager and OnePlus Device Manager Provider. For tech-savvy owners of the affected phones, it’s reportedly possible to stop this data collection by replacing net.oneplus.odm for pkg through ADB or running the command “pm uninstall -k -user 0 pkg”, but what about green users of the phones?

This is a major concern that such a name in the smartphone industry can collect user data and share without their permission. In fact, it’s even a much bigger concern that OnePlus doesn’t see this is a privacy concern, instead, the issue is being treated as a normal procedure of data collection for improving user support.

Source

Article View Count: (45)

Leave a Reply