OnePlus is collecting private user data without people's permission.
OnePlus been accused of collecting personally identifiable analytics data from mobile owners.
Last year, Christopher Moore was taking part in a Hack Challenge and made a decision to run the web traffic from his OnePlus 2 through a proxy. OWASP ZAP is a free security tool which helps the user to find security vulnerabilities in their web applications when developing and testing applications. After analyzing the data the phone was sending to open.oneplus.net domain, he learned that it contained information about the screen, device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, IMSI prefixes, as well as wireless network ESSID and BSSID. Moore writes: "Unfortunately, as a system service, there doesn't appear to be any way of permanently disabling this data collection or removing this functionality without rooting the phone". OnePlus seems to have been caught because it has not been using users' permission. The blog claims that OnePlus was also collecting details on when a user locked his device, when he unlocked it as well as the timings related to when a particular app was being used. "The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour", the firm said. This transmission of usage activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program". Also, the statement does not address privacy concerns.
Well, OnePlus has been allegedly found guilty of breaking the customers' trust.
Moore states that the code responsible for this data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider.
Christopher soon realised that Oneplus support team may not be authorised to suggest a legitimate solution even if they want to.
While OnePlus says that the bulk of the data transmission can be turned off with the above instructions, Twitter user @JaCzekanski pointed out that the app sending the data (OnePlus Device Manager) can be removed via ADB, root not required. There are two apps those were blamed for the collection and sharing of the personal information with the OnePlus domain. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what goal (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation. Today, the security of user data is becoming important than ever.