OnePlus is a manufacturer Android whose portfolio is very small but she has managed to convince all and sundry thanks to mobile with an excellent quality-price. In addition to a hardware competitive one of its hallmarks is the bet for OxygenOS, a ROM itself similar to the Android stock but with their added custom.
The performance is excellent and up to the date beyond some specific problems, OxygenOS has not really been news. Until now. Christopher Moore, safety engineer, was examining the traffic across your OnePlus 2 when he discovered a strange behavior in OxygenOS.
Sending usage statistics to the servers of OnePlus
through the tool OWASP ZAP has been observed as your OnePlus is connected to the domain open.oneplus.net. These connections point to a server of Amazon. What was being sent? What has been discovered is troubling and at the moment OnePlus has not offered a reasonable response.
They were sending authentication information and data encoded in Base64. In a more in-depth analysis reports that these servers are sending information to the phone IMEI, phone number, MAC addresses and names of the WiFi networks to which we connect. An information that at any time we have given access to OnePlus or has shown us a warning message.
The service of OnePlus in charge of collecting this usage data forms part of the OnePlus Device Manager (OPDM) and the Device Manager Provider that executes a service of OneplusAnalyticsJobService. In the case of the analyst, in a total of about 16MB of data in about ten hours.
This service would be the equivalent to others such as Google also collect usage statistics. The amount of libraries used is very high and among them are some such as the geolocation.
contacted OnePlus through the Twitter account but the response has been to reset the mobile to factory. Something that doesn’t make much sense since these services are within one’s own OxygenOS.
No notice and no way to avoid sending sensitive data
Another problem is that there is no way to turn off this data collection except rooteando the device and blocking one of the apps of the system. It is a very serious problem because the privacy of the users of OnePlus is being called into question with this information.
it Is true that other manufacturers, such as Google also have similar services but there are a couple of details differential; on the one hand show a warning and in the second place, we are not aware that data is sent as sensitive as the IMEI code of our mobile. It is a way of proceeding which reminds us of the problems that exist with the privacy of the chinese apps or many VPN.
We will be attentive to any statement of OnePlus in front of this controversy and we will update you with their response.
More information | Chris’s Security
Xataka Android | How to encrypt your Android phone and what you get with this
The news OnePlus collects our usage data through OxygenOS without warning or possibility to avoid it was originally published in Xataka Android by Enrique Perez .
October 10, 2017
- ← Here is the trailer end of ‘Star Wars: The last jedi’ and it is awesome
- The Internet connection of Movistar, drop in for an hour and a half in the big cities →