The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components.
OnePlus smartphones including OnePlus 3, 3T and 5 can be rooted without unlocking the bootloader via EngineerMode APK app. They are able to gain root if they have a password to bypass privilege escalation checks. Now, another potential threat has arisen on OnePlus devices as an app on several of the company's phones has been revealed to carry root access.
Root implies to the highest degree of access to an Android operating system that is usually deployed to safeguard the privacy of the user.
While it appears OnePlus is responsible for leaving Engineer Mode on its devices, it is not directly responsible for the application itself or the backdoor it creates. An attacker would likely need physical access to your phone to do any damage, but that still means they could insert trackers or otherwise compromise your phone with very little effort. The company recently admitted to collecting personal information of users without their permission.
Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance.
Mere days ahead of the OnePlus 5T launch and OnePlus has been accused of inadvertent installing a backdoor into its phones which hackers could exploit to seize control of affected phones.
Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more.
In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server".