OnePlus is somewhat a household name these days. The smartphone company is known for providing flagship devices for a budget price. With the motto of “Never Settle”, OnePlus has impressed its users with the devices in its arsenal. However, due to a lack of software support for its devices, the company came under huge criticism last year. That was again shunned by how the manufacturer cheated with the OnePlus 5 by manipulating benchmarks. This time OnePlus is back with another trouble as it looks like the company is collecting private data from their users without any permission.
This discovery was made by Chris Moore during a holiday hack challenge where he had used OWASP ZAP, a tool that can attack web applications. During the tests, he found an unfamiliar domain related to open.oneplus.net and decided to further investigate the matter He later discovered that this domain was collecting his private information related to his smartphone and sending it to Amazon Web Services, all without his knowledge and permission.
Here’s what the domain was circulating on Chris Moore’s OnePlus 2:
- Mac Addresses
- Phone numbers
- Mobile networks names
- Wireless network’s ESSID and BSSID
- IMSI prefixes
- OnePlus device’s serial number
- Timestamp of when user locks and unlocks their device
- Timestamp of when user opens and closes any application on their device
- Timestamp when user turns his phone off and on
With these data, one can easily identify any user, and OnePlus is doing just that.
Chris Moore, in his article, says, “this kind of data collection, especially one containing information that can be directly tied back to me as an individual, should really be opt-in and/or have an easily accessible off switch.”
With series of tweets, Chris did report the issue to OnePlus Support but their response wasn’t encouraging.
Android Authority reached out to the company for comments and here’s how they responded:
” We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. “
Another representative has claimed that the company is doing this in order to provide a better after-sales service to its customers. Does providing after-sales service justify collecting a user’s private data without their permission?
It is really concerning that OnePlus isn’t taking this issue seriously enough. The company is already one of the big hitters in the smartphone world and issues like collecting unauthorized data can surely blemish its reputation. But what can you expect from a company which makes fake promises just to glorify its image?
Fortunately for us, there is a way this issue can be dealt with. An Android developer has brought forward a solution to disable this unauthorized data collection without even rooting your OnePlus device. Here’s is what you need to do:
- Install ADB on your computer. Click here for guide
- After installing ADB and connecting it with your smartphone, open Command Prompt.
- Type ADB Shell
- Enter this command: pm uninstall -k –user 0 net.oneplus.odm