In a world dominated by privacy paranoia, many companies are trying to be as transparent as possible whenever they launch a new product. Unfortunately, in the smartphone industry, it's even harder to get away with backdoors and other exploits that would allow a company to collect personal data from customers.
Well, it looks like
OnePlus has been found guilty of breaking consumers trust. What's really baffling is that the Chinese company is already aware of privacy issue, as last year security researcher Christopher Moore discovered his
OnePlus 2 smartphone was sending data to a HTTPS domain belonging to OnePlus without user's consent.
After analyzing the data the phone was sending to open.oneplus.net domain, he learned that it contained information about the screen, device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, IMSI prefixes, as well as wireless network ESSID and BSSID.
Moreover, Moore discovered the OxygenOS also gathers time stamps of when the user opened and closed apps, or which activities were being opened. Apparently, there are two apps are to be blamed for collecting and sending personal information to OnePlus' domain: OnePlus Device Manager and OnePlus Device Manager Provider.
Although the security researcher contacted OnePlus early this year, he was led down the usual path of troubleshooting suggestions after which communication has been cut completely.
More recently, someone discovered a workaround that will allow OnePlus users to disable OnePlus Analytics without having to root their devices. So, in order to disable the app permanently, you will have to use the following adb command:
pm uninstall -k --user 0 pkg.
OnePlus has yet to respond to these allegations, but the fact that it tried to hide from the public this specific privacy issue may prove fatal for the company's brand image.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: