Published: Wed, October 11, 2017
Hi-Tech | By Ellis Neal

OnePlus accused of collecting private user data without permission

OnePlus accused of collecting private user data without permission

OnePlus data collection was detected by Christopher Moore, a software engineer who began to sift through the internet traffic from his OnePlus 2 smartphone using OWASP ZAP. He also found that some of the data being sent to OnePlus servers included the phone's IMEI number, phone number, MAC addresses, mobile network names and IMSI prefixes, Wi-Fi connection info, and the phone's serial number. According to some reports, OnePlus has been harvesting unanonymised data analytics from its buyers.

On further investigation, he learnt that his smartphone is sending a lot of device information to an official microsite of Oneplus.

"They're collecting timestamped metrics on certain events, some of which I understand - from a development point of view, wanting to know about abnormal reboots seems legitimate - but the screen on/off and unlock activities feel excessive".

Earlier, there have been reports on OnePlus manipulating benchmarks and incorrect mounting displays but this time around, Moore while participating in the SANS Holiday Hack Challenge made a decision to check the internet traffic from his phone OnePlus2 2. He accidentally discovered an unfamiliar domain (open.oneplus.net) while he was busy with the SANS Holiday Hack Challenge.

We securely transmit analytics in two different streams over HTTPS to an Amazon server.

Moore's attempts to get details from OnePlus on how to disable the data tracking weren't fruitful, though he found a Reddit thread that led to the revelation that the data tracking is happening through OnePlus Device Manage and Device Manager Provider. It can be turned off by visiting Settings Advanced Join user experience program.

Now, even if OnePlus keeps all this to itself, "in order to more precisely fine tune software according to user behavior", as well as "provide better after-sales support", it's still way too much and way too detailed data. Earlier this year, the company was accused of inflating OnePlus 5's benchmark scores on apps like Geekbench 4.

How to switch it off? It is being reported that OnePlus is mining personal data from smartphones without user consent. We are yet to hear from the company on this. The data help developers to resolve any kind of bugs related issues and fix them with an update. There is also no clarity on how switching off this functionality permanently would affect the performance of the device and users are advised to tread with caution in choosing to disable it.

Like this: