Published: Wed, November 15, 2017
Hi-Tech | By Cory Rios

OnePlus engineering APK exposes backdoor to root access ars_ab.settitle(1204221)

OnePlus engineering APK exposes backdoor to root access ars_ab.settitle(1204221)

Intended for internal use only by the company's engineering team to test if devices are working properly, the application has managed to remain on OnePlus devices that have been shipped to consumers-and may present a threat to their security. One developer claims that it is possible to obtain root access on the OnePlus phones without unlocking them.

Phone maker OnePlus is shipping devices with a diagnostics app that allows root superuser access to the smartphone, potentially exposing sensitive user data.

The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it's called EngineerMode and arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searching Settings Apps Menu Show system apps, and then search "EngineerMode" in the app list).

We've seen several statements by community developers that are anxious because this apk grants root privileges.

Thankfully OnePlus will fix the issue with a software update, so people have nothing to worry about. It's used to run system tests for things like GPS, vibration, screen brightness, and also root checking.

More news: Patriots TE Martellus Bennett supposedly told teams not to claim him

The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands.

You can also check if this application is installed on your OnePlus device or not. OnePlus has been alerted to the exploit and CEO Carl Pei has confirmed that the company is looking into it.

Will it affect OnePlus 5T sales?

What is worse, Baptiste and other researchers note that this effective backdoor might not just be limited to the OnePlus phones that initially exposed the package, but could affect a number of Qualcomm-equipped handsets. At the time, OnePlus stated that the whole objective of collecting data was to improve the service.

Like this: