OnePlus is collecting user data without permission, and that’s not okay

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
On his blog, Chris Moore reveals that the Chinese electronics company has been collecting some very specific data from OnePlus users without their permission.The hype around OnePlus is real: the next so-called flagship killer from the company is expected to feature a bigger display with a new aspect ratio and minimal bezels, and there are already multiple reports out there creating an online buzz. However, that’s not to say that all’s well in paradise. It’s no secret that OnePlus has faced heavy criticism from its users in the past year or two over its failure to provide adequate device support. More negative press ensued after the launch of the OnePlus 5 with reports of benchmark manipulation, wrongly-mounted displays, and more importantly, users being unable to dial 911 in emergency situations. Well, it seems the Chinese tech company is in trouble again, and in my opinion, OnePlus should really take the time to explain itself this time.

Chris Moore, the owner of a UK-based security and tech blog, recently published an article demonstrating that OnePlus has been gathering his personal information and transmitting them without his permission. He noticed an unfamiliar domain while completing the SANS Holiday Hack Challenge and decided to further examine it. He found that the domain – open.oneplus.net – had essentially been collecting his private device and user data and transmitting them to an Amazon AWS instance, all without his permission.
The data that OnePlus is accessing ranges from device information like the phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID to user data like reboot, charging, screen timestamps as well as application timestamps.

We also spoke with a representative from the company but did not receive a satisfactory explanation as to why the company does not simply let users opt-in and share their data to help with future updates. At any rate, the irony here is that OnePlus is breaching its users’ privacy to provide better after-sales support. Of all the manufacturers out there, the company who managed to anger and frustrate so many users precisely due to its lack of after-sales support is trying to justify its unauthorized data collection on the grounds that it’s for after-sales support.
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
267
While China and its companies aren't exactly paragons of upholding customer rights & privacy I've always expected OnePlus to treat its international customers with a little bit of respect. Well, I have 2 OP phones but they're only backups. That said, I'm still disappointed.

I think the way out is to flash a 3rd party open source ROM. LineageOS Downloads (formerly Cyanogen) comes to mind. This is now under serious consideration.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top