The Chinese smartphone manufacturer OnePlus has been reportedly collecting the users’ personal information and other device-related data without their consent. The data that OnePlus is accessing ranges from device information like the phone’s IMEI number, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID to user data like locks, unlocks, unexpected reboots, charging, screen timestamps and application timestamps. It also monitoring usage habits, such as, which apps are opened or closed, for how long they are used, etc.
Christopher Moore, a UK-based security researcher revealed on his personal blog about OnePlus collecting user information without permission. During the SANS Holiday Hack Challenge, Moore accidentally discovered an unfamiliar domain (open.oneplus.net) and decided to further examine it. He found that the domain had essentially been collecting his OnePlus 2 device information and transferring it to an Amazon AWS instance, all without his permission.
It’s concerning that a major smartphone manufacturer has been collecting and transmitting user data without permission, but it’s even more concerning that OnePlus doesn’t seem to consider it a big issue. In their defense, the company simply stated that the data are collected for user support and it’s used to fine-tune their software for better user experience and to improve their “after-sales support.” And this transmission of user activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’.
However, the “feature” can be disabled permanently via adb, according to a Twitter user Jakub Czekański, who claims that you can disable the feature through replacing net.oneplus.odm for pkg via ADB or through running this command: pm uninstall -k –user 0 pkg
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k –user 0 pkg
— Jakub Czekański (@JaCzekanski) October 10, 2017
Many companies collect user data to improve their products. The problem in the case of OnePlus is they never asked for it. Gathering personal information and transmitting them without the user’s consent is a bit more concerning given that the company is somehow breaching users’ privacy.
This is not the first time OnePlus has been accused of unethical activities. OnePlus, as the company has faced heavy criticism from its users in the past over its failure to provide adequate device support and cheating in synthetic benchmarks to scores.