One plus silently harvesting private data from users without permission

OnePlus is soon to launch the next so-called flagship killer and is expected to feature a bigger display with a new aspect ratio and minimal bezels. There are multiple reports out in the internet world about this latest gadget creating an online buzz. However, not everything turns out right. Its failure to provide adequate device support has brought down the brand with heavy criticism from its users in the past year or two. After the launch of the OnePlus five more reports of issues like benchmark manipulation, wrongly-mounted displays and users being unable to dial 911 in emergency situations surfaced. Following all these issues, this Chinese tech company is in trouble again and this one requires a good long explanation.

The owner of a UK-based security and tech blog, Chris Moore, recently published an article showing that OnePlus has been gathering his personal information and transmitting them without his permission. He came across this unfamiliar domain while completing the SANS Holiday Hack Challenge, which he decided to investigate further. After a deep investigation, he found that the had been collecting his private device and user data and transmitting them to an Amazon AWS instance, while doing all this without any permission from the owner of the cellphone.

Device information like Phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network EESID and BSSID to user data like the reboot, charging, screen timestamps, as well as application timestamps, were being harvested and accessed by OnePlus. The code responsible for this data collection system is part of the one plus device Manager and OnePlus Device Manager Provider. Now another twitter user Jakub Czekanski provided a solution to this problem stating that despite there being a system service, this can be permanently disabled by replacing net.oneplus.odm with pkg via ADB or through running this command:

Pm uninstall-k-user 0 pkg

OnePlus being a major Android manufacturer has been collecting data and transmitting them without permission which is a cause for concern. What’s even more upsetting is that OnePlus doesn’t seem to consider it a major issue. When reached out for a comment, the company simply explained that the data is being collected for user support and failed to address the privacy concerns related to the data harvesting.

After a brief meeting with a representative from the company, a satisfactory explanation wasn’t obtained as to why the company does not merely allow the users to opt to share their data to help future updates. Whatever be the reason, OnePlus here is breaching the privacy of its users to provide a better after-sales support which is an irony on its own. The company who successfully managed to anger and frustrate many of its users due to lack of after-sales support is now trying to justify its secret data collection because it is for after-sales support.

Around the World

Add Comment

Click here to post a comment

You Might Also Like