Published: Thu, October 12, 2017
Hi-Tech | By Cory Rios

OnePlus accused of taking users' sensitive smartphone data without their consent

OnePlus accused of taking users' sensitive smartphone data without their consent

Chinese handset maker OnePlus has been found sending sensitive personal data of users to its servers.

A software engineer has discovered that OnePlus is actively collecting certain data on its users without their knowledge or permission. Initially, the data transfer was thought to be limited to just OnePlus 2, but now, it has come to light that all the OnePlus series phones perform this action in the background. He found that his OnePlus 2 was constantly reaching out to open.oneplus.net, which in turn diverted traffic to an Amazon server in the US.

Moore states that the code responsible for this data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider. This is not the first time a mobile phone manufacturer has been found to be collecting user information without consent.

This is a major concern that such a name in the smartphone industry can collect user data and share without their permission.

More news: Oil prices steady as Saudis pump more; OPEC sees strong demand

Moore has detailed his findings on his website and he explains that he notice OnePlus was collecting information about when his screen was turned on and off, when his phone was unlocked, his serial number, details of mobile networks, phone numbers, MAC addresses and even which apps we was running, when and for how long. As Engadget points out, the data being collected isn't unlike what other devices ask for, Wi-Fi usage, apps used, unlock frequency. His phone also transmitted timestamp ranges, letting OnePlus known when he opened and closed applications on his phone, which again was stamped with his device's serial number. Although the security researcher contacted OnePlus early this year, he was led down the usual path of troubleshooting suggestions after which communication has been cut completely.

Android Authority was able to speak to a OnePlus representative about this issue, but received an unsatisfactory response. This means the company can always trace an individual user. This transmission of usage activity can be turned off by navigating to ‘Settings - ‘Advanced - ‘Join user experience program. The second stream, meanwhile, is for device information, which OnePlus said it collects to provide customers with better after-sales support. Moore says in his case, the services had sent off 16MB of data in 10 hours.

A Twitter user, Jakub Czekanski, said that the data transmission can be "permanently disabled". Users will have to run this command [ pm uninstall -k -user 0 net.oneplus.odm ] to remove the OnePlus Device Manager permanently.

Like this: