OnePlus Users Beware: Your Smartphone May Be Collecting User Data Without Permission

NEWS WORLD INDIA | 1
2575
| October 16 , 2017 , 18:03 IST

OnePlus users have something to be worried for as it has been discovered that the Chinese company might be collecting user data without permission. A report by security researcher Chris Moore states that the company is transmitting user data to a sever, along with the device's serial number, and other details.

He noticed an unfamiliar domain while completing the SANS Holiday Hack Challenge and decided to further examine it. He found that the domain – open.oneplus.net – had essentially been collecting his private device and user data and transmitting them to an Amazon AWS instance, all without his permission.

Moore discovered that OnePlus' operating system 'OxygenOS' records data such as when a user locks or unlocks a screen, what type of apps and when they are closed. It also records which Wi-Fi networks the device connects to. This data is normally collected by every smartphone for analytics purposes. While almost all tech manufacturers and brands today collect user data in some form or another, the difference with OnePlus and its OxygenOS operating system is that data such as the phone number, phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID to user data like reboot, charging, screen timestamps as well as application timestamps are also collected.

This makes the data identifiable to a specific user which is a direct conflict of privacy. According to Moore, the data collection is part of the OnePlus device manager and OnePlus Device Manager Provider. Moore also found out that these services had transmitted 16MB of data in 10 hours. 

 

 

OnePlus in its defense has stated “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour. This transmission of usage activity can be turned off by navigating to 'Settings' - 'Advanced' - 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support.”

After the complaints OnePlus cofounder Carl Pei stated that the company will begin improving the program going forward, and added that the collected data wasn’t shared outside of the company.

ALSO READ: OnePlus One To Unveil Bamboo Covers

Those improvements will mean that users using OxygenOS-equipped phones will be prompted to opt into the program at the end of October, and that the terms of service will be updated accordingly. Pei also says that the company will stop collecting phone numbers, MAC Addresses and WiFi information.