According to a blog post from Chris Moore which reveals that the Oneplus has been collecting some precise data from its users without their permission.

Chris Moore who is the owner of a UK-based security and tech blog has recently published an article on how OnePlus is collecting his personal information and transmitting to their servers even without his permission. During completing the SANS Holiday Hack Challenge, he noticed an unfamiliar domain open.oneplus.net on which the device is transmitting his data without his permission.

OnePlus is accessing a wide variety of data which ranges from phone’s IMEI, serial number, cellular number, wireless network ESSID and BSSID to the sensitive user data like screen timestamps, application timestamps, reboot, charging, etc.

Moore also finds out that this data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider. It is system service which can be permanently disabled through replacing net.oneplus.odm for pkg via ADB or through running this command: pm uninstall -k –user 0 pkg

This is a breach of privacy, and it’s a concern that Oneplus is collecting and transmitting user data without permission. And according to the company that the data are collected for user support. A spokesperson from Oneplus said

We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support

The company tried to justify its unauthorized data collection because of it’s after-sales support and failed to provide proper after sales support in many countries.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here