TechSpot giveaway: Win a DJI Spark drone & a Star Wars BB-8 droid

OnePlus caught collecting sensitive user data without permission

By midian182
Oct 12, 2017
Post New Reply
  1. Despite making some impressive handsets that sell at wallet-friendly prices, OnePlus has been no stranger to controversy this year. Now, the Chinese phone maker could face another customer backlash, this time over accusations that it collects users’ identifiable data without their consent.

    Software engineer Christopher Moore discovered what was happening after setting up OWASP ZAP, a security tool for attacking web applications, on his OnePlus 2. He noticed HTTPS requests were being sent to a domain owned by OnePlus, called open.oneplus.net. The traffic was then being redirected to an Amazon AWS server based in the US.

    Upon decoding the data, Moore found his device was sending timestamp details of certain events to the server, such as when specific apps were opened and closed, when the screen was on, locks and unlocks, and charging times.

    Additionally, OnePlus also collected “the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number.”

    Moore writes that some of the data can be tied to specific users and that OnePlus doesn’t ask for permission to collect it. He notes that while sharing certain information about a device, such as repeated unexplained reboots, can help a manufacturer address problems, what OnePlus is doing feels very excessive.

    When asked for comment, the company said: “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior.”

    "This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.”

    Moore revealed that the data collection is tied to the OnePlus Device Manager and OnePlus Device Manager Provider. Twitter user Jakub Czekański explained how to block the transmissions using ADB with USB debugging enabled on the device, but this could cause other problems.

    Back in June, OnePlus was once again accused of using code in its review units to manipulate handsets’ benchmark scores. A month later, an issue with the OnePlus 5 caused the phone to reboot every time a user dialed 911.

    Permalink to story.

     
    Last edited by a moderator: Oct 12, 2017
  2. JaredTheDragon

    JaredTheDragon TS Booster Posts: 149   +77

    A mobile device with spyware built-in? Imagine that!
     
  3. OutlawCecil

    OutlawCecil TS Addict Posts: 201   +96

    I was shocked to see this article but after reading it, COME ON! This is normal of about every app and device nowadays. Transmitting (encrypted) usage information helps companies learn how their products are used and helps them know what to work on. I don't see anything listed that could be used to identify users, so why did he mention "some of the data can be tied to specific users" but not list specifically what it is. This is click bait & a non-issue...
     
  4. Kashim

    Kashim TS Rookie Posts: 19   +10

    I'm willing to bet that Apple, Microsoft and Google all collect as much or more information about their customers, but you don't see people throwing a fit about it.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...