OnePlus caught collecting sensitive user data without permission

Share

One of the major concern here is that whether the company will still continue to collect the user's data without informing them? However, a security researcher at Redgate, an English software firm, uncovered something disturbing when he was testing his OnePlus 2.

Moore discovered that critical data such as timestamps of when the device was active and on standby, MAC address, phone number, wireless network, mobile network, and International Mobile Equipment Identity (IMEI) numbers were being transmitted.

A UK-based software engineer, Chris Moore, found out that the Chinese smartphone manufacturer OnePlus has been collecting user data without permission, as first reported by Android Authority.

However, if you want to ensure that none of your data goes to OnePlus, there is a second option though it might be a pain for less tech-savvy users.

These data aren't really anything different from what other smartphone makers collect from users' devices. This essentially means the data is identifiable and can be traced back to a particular user.

Moore states that the code responsible for this data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider.

Revenue Estimates Analysis Helios and Matheson Analytics Inc. (HMNY)
The stock has advanced 1395.45% to a low over the previous 12 months and showed rising move 14.63% to a high over the same period. Currently, the stock carries a price to earnings ratio of 0, a price to book ratio of 11.38, and a price to sales ratio of 0.

The domain, open.oneplus.net, gathered private user and device data and sent it to an Amazon Web Service server.

OnePlus, however, has explained how its data collection process works. However, users can't avoid device information collection, which is supposed to help OnePlus to provide " after-sale support".

Though the company claims that this is for better after-sales support, users are not much satisfied about their information being tracked.

The data is broken into two streams and transferred to an Amazon secured server. "Even if OnePlus doesn't have any mal intentions, if a malicious hacker gains access to internal assets of OnePlus, this kind of information, can be used for extremely targeted attacks on mass", said Ankush Johar, Director at HumanFirewall.io, a ITsecurity company. Thankfully, Twitter user Jakub Czekanski, tweeted that the data transmission can be disabled permanently using ADB tool with USB debugging enabled on the device. Users can deactivate this by heading to Settings and then clicking on the Advanced option.

We've been focusing a lot of our energy on the Pixel 2, Galaxy Note 8, and LG V30 as of late, but there are still a couple more flagship phones coming down the pipeline in ...

Share