OnePlus accused of collecting user data without permission

Share

Nonetheless, after detailed inspection, Moore found that his phone was frequently sending data to the open.oneplus.net server over HTTPS.

According to Chris Moore, who published an in-depth article on his Security and Tech Blog, his OnePlus device is harvesting and uploading quite of bit of personal information without his consent. After setting up a security tool called OWASP ZAP on his OnePlus 2 handset, he noticed HTTPS requests being sent to a domain called open.oneplus.net, which further redirected the traffic to a US-based Amazon AWS server. In his blog, Moore says: "They're collecting timestamped metrics on certain events, some of which I understand - from a development point of view, wanting to know about abnormal reboots seems legitimate - but the screen on/off and unlock activities feel excessive". At least these are anonymised, right?

He said such data is encrypted with the serial number of the devices. These data were all time-stamped and contained his phone's serial number.

OnePlus has already responded to the allegation, saying that there are two streams of data that they collected. OnePlus advised that he wipe his phone's cache, and also try a hard reset, neither of which would do anything to prevent sensitive data from being transmitted. The first is for usage analytics to fine-tune its software and the second stream is device information, which it collects for after-sales support.

More news: Gujarat govt cuts Value-Added Tax on petrol, diesel by 4%

For what it's worth, you can turn off the "transmission of usage activity" by unjoining the "user experience program" in your advanced settings menu. This is a bad look for OnePlus, and it is equally concerning that the company does not really consider this to be a big deal. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what goal (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation. Notably, Moore contacted the Chinese company in January 2017 as well asking for solution to permanently disable data collection.

Additionally, Twitter user Jakub Czekanski seemed to have found a fix to permanently disable the data transmission as well.

If OnePlus hopes to become a more well-respected company, it will need to take issues like these and others more seriously.

However, we advise our readers not to resort to this method of removing OnePlus Device Manager app, as it could affect the performance of your phone.

Share