OnePlus seems to be in a soup again as recent allegations on the Chinese smartphone maker accuse it of collecting comprehensive data of OnePlus users. Unlike other smartphone manufacturers, which usually limit their data collection to crash reports and user data for analytics, OnePlus has been accused of collecting information from OnePlus devices including IMEI number, MAC addresses, phone's serial number, mobile network names and IMSI prefixes, wireless network ESSID, and more. The practice was recently reported by a software engineer named Christopher Moore through a blog post.
Moore used a security tool called OWASP ZAP on his OnePlus 2 while setting up the device and found out traffic requests to open.oneplus.net. The traffic through this was further being redirected to a US-based Amazon AWS server. The time stamps of opening and closing the apps along with the device’s serial number were also being collected by OnePlus, as noticed by Moore. He then left the system running for an extended time period to know of any other data that OnePlus might be collecting from its devices.
The issue was highlighted by Moore on Twitter back in January, as he asked OnePlus for ways to disable this sort of data collection from the devices. On October 10, another Twitter user discovered the app responsible for collecting this data and revealed it to be a system app on OnePlus devices by the name of “OnePlus System Service." Jakub Czekanski, one to discover the system app, also mentioned that the data collection can be permanently disabled by running the following ADB command: pm uninstall -k --user 0 pkg and by substituting net.oneplus.odm for pkg.
Hey @OnePlus_Support, it's none of your business when I turn my screen on/off or unlock my phone - how do I turn this off? /cc:@troyhunt pic.twitter.com/VihaIDI6wP— Christopher Moore (@chrisdcmoore) January 13, 2017
OnePlus has also replied to the accusations in a statement "We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support."
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k --user 0 pkg— Jakub Czekański (@JaCzekanski) October 10, 2017
Though all smartphone manufacturers collect some or the other form of data from the devices, the data collection is mostly restricted to helping the developers fix bugs and errors and is only done upon the user’s consent. OnePlus collecting time stamps of when the users turn their device’s screen on/off or unlock their phone is, at many levels, an intrusion to their privacy.
Watch Video: Honor 9i Review | The Quad Camera Smartphone | Feat TheUnbiasedBlog
Comments
0 comment