OnePlus found to be collecting user data sans authorisation

Share

The company isn't explcitly asking for user permission to amass this type of info, and we'd wager that not all of its customers are aware of the type of data they're offering up. The remote OnePlus server also collected information on when Moore opened and closed Android apps, locked or unlocked his phone and even turned the screen on or off. Initially, the data transfer was thought to be limited to just OnePlus 2, but now, it has come to light that all the OnePlus series phones perform this action in the background. At least these are anonymized, right? "This I'm less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose)". Upon further investigation, he discovered that the data being sent by his OnePlus device to the domain included the smartphone's IMEI, phone numbers, mobile networks information, MAC addresses, and the smartphone's serial number. The researcher says the data contains "timestamps of which activities were fired up in which in applications, again stamped with the phone's serial number".

At the heart of the issue is the telemetry data OnePlus is collecting, the expansiveness of which some people feel is too great, plus the fact that certain bits of data could theoretically make it possible for the company to connect the particular user with the particular data collected. OnePlus advised that he wipe his phone's cache, and also try a hard reset, neither of which would do anything to prevent sensitive data from being transmitted. The first stream is the usage analytics, which is collected by the company to upgrade the software based on user behavior. OnePlus recommended disabling this stream, if desired, by going to Settings - Advanced and toggling off the "Join user experience program" option. About its second stream, the company said it is done to offer better after-sales support. This is a bad look for OnePlus, and it is equally concerning that the company does not really consider this to be a big deal.

According to Moore, the code that is responsible for this transmission of personal data from OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 phones is associated with the OnePlus Device Manager and OnePlus Device Manager Provider.


However, we advise our readers not to resort to this method of removing OnePlus Device Manager app, as it could affect the performance of your phone.

We are yet to hear from OnePlus announcing a fix on this issue.

Share