OnePlus reportedly collects personal information from smartphone users

OnePlus reportedly collects personal information from smartphone users

In a world dominated by privacy paranoia, many companies are trying to be as transparent as possible whenever they launch a new product. Unfortunately, in the smartphone industry, it's even harder to get away with backdoors and other exploits that would allow a company to collect personal data from customers.

Well, it looks like OnePlus has been found guilty of breaking consumers trust. What's really baffling is that the Chinese company is already aware of privacy issue, as last year security researcher Christopher Moore discovered his OnePlus 2 smartphone was sending data to a HTTPS domain belonging to OnePlus without user's consent.

OnePlus reportedly collects personal information from smartphone users
After analyzing the data the phone was sending to open.oneplus.net domain, he learned that it contained information about the screen, device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, IMSI prefixes, as well as wireless network ESSID and BSSID.

Moreover, Moore discovered the OxygenOS also gathers time stamps of when the user opened and closed apps, or which activities were being opened. Apparently, there are two apps are to be blamed for collecting and sending personal information to OnePlus' domain: OnePlus Device Manager and OnePlus Device Manager Provider.

Although the security researcher contacted OnePlus early this year, he was led down the usual path of troubleshooting suggestions after which communication has been cut completely.

More recently, someone discovered a workaround that will allow OnePlus users to disable OnePlus Analytics without having to root their devices. So, in order to disable the app permanently, you will have to use the following adb command: pm uninstall -k --user 0 pkg.

OnePlus has yet to respond to these allegations, but the fact that it tried to hide from the public this specific privacy issue may prove fatal for the company's brand image.

FEATURED VIDEO

31 Comments

1. jojon

Posts: 421; Member since: Feb 11, 2014

....for me, this is another good reason not to buy Chinese phones.

13. you_sukk_it

Posts: 219; Member since: Apr 11, 2017

op already had bad sales with the 5. this will help ease the death quicker.

19. Shubham412302

Posts: 547; Member since: Nov 09, 2011

Americans are even worst. They plant malware into their citizens PC and Mobile. #wannacry

22. NickHill

Posts: 388; Member since: May 07, 2016

*facepalm* *crying* OnePlus collecting data and wannacry are nowhere related, young man.

24. Good-Is-Better

Posts: 105; Member since: Nov 12, 2015

Don't be fooled. Every manufacture collects data. Believe it or leave it. The question is how they use the data collected? What everyone should understand is, the day you bought a smart-phone and injected you info inside, is the day you part with your privacy. If the manufacture of that device decides to sell the info, the buy will get home with it and that's it.

29. Shubham412302

Posts: 547; Member since: Nov 09, 2011

Why don't you Google wannacry malware's history. It uses the loopholes in windows OS which American Govt. was using to spy on its people.

2. kiko007

Posts: 7465; Member since: Feb 17, 2016

"OnePlus has yet to respond to these allegations, but the fact that it tried to hide from the public this specific privacy issue may prove fatal for the company's brand image." I don't know which is more shocking. That 1+ is collecting personal data, or that they had a brand image to uphold in the first place. What did you expect from a phone maker in mainland China? Oppo has been caught using a similar practice in the past as well, wonder if there is an overlap. Having said my piece (peace?), I wouldn't worry too much about it as a 1+ owner. If they wanna peek at your selection of porn... let'em.

3. piyath

Posts: 2445; Member since: Mar 23, 2012

This looks not good for Oneplus... Hope they fix this soon.

4. DavidDau

Posts: 29; Member since: Oct 24, 2016

Backdoors are required by law for Chinese tech companies. OnePlus, Xiaomi, Huawei and Oppo all have adopted the law introduced by Chinese government. Nothing isn't transparent here.

5. kiko007

Posts: 7465; Member since: Feb 17, 2016

Seriously? That seems a bit... excessive.

18. dimas

Posts: 3253; Member since: Jul 22, 2014

That's how it works in their country. But imposing that same data collecting system in global scale? No thanks oneplus.

11. Beijendorf unregistered

Could you cite that law, please?

25. RebelwithoutaClue

Posts: 5483; Member since: Apr 05, 2013

Perhaps these backdoors are required for smartphones meant for the local market. International ones don't. That's why OP uses 2 Android versions (HydrogenOS and OxygenOS).

31. jacky899

Posts: 360; Member since: May 16, 2017

Don't think Chinese or any other governments have this requirement. The only country proven to require backdoors built-in to their hardware is the NSA

6. Chuck007

Posts: 1409; Member since: Mar 02, 2014

I like Oneplus' products but it's just one of those unfortunate things beings based on Mainland China. Sure the market is HUGE but you'd only be successful if you cooperate with the CCP regime. It's basically one large, corporate conglomerate.

7. MrShazam

Posts: 987; Member since: Jun 22, 2017

Nothing surprising based on the article. During initial setup of my mum's new OnePlus 5, there were terms and conditions detailing what OnePlus will be collecting, and I recall reading about device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, etc. information being collected. BTW, apple also collects personal information from iphone users, so, what exactly is the difference here besides the brand name?

9. L0n3n1nja

Posts: 1511; Member since: Jul 12, 2016

This is phonearena. Apple is holy and uses your data for good as they are American. OnePlus is Chinese and will do evil terrible things with the information.

10. apple-rulz

Posts: 1870; Member since: Dec 27, 2016

Dry those salty tears and show me on the doll where Apple touched you.

26. Tech-shake

Posts: 207; Member since: Nov 14, 2016

I understand all the data being collected except the phone numbers part. What will OnePlus do with the collected phone numbers?

28. MrShazam

Posts: 987; Member since: Jun 22, 2017

Yeah, the phone number part is concerning, that's a major reason why I rooted it and installed Xposed via Magisk; to get XPrivacy on it and take control of those suspicious data requests, be it by google or OnePlus.

8. L0n3n1nja

Posts: 1511; Member since: Jul 12, 2016

Not a surprise to me, it's a budget flagship from a Chinese company. Even Lenovo has been caught spying on their users. With that said, your cell phone carrier, internet service provider, Google, and Apple all collect a lot of information. Honestly since Google now became Google Assistant, it's become increasingly obvious Google is watching everything I do with some of the push notifications I get recommending things to me.

12. Foxgabanna

Posts: 576; Member since: Sep 11, 2016

Androids have been doing this for years!

14. Papa_Ji

Posts: 776; Member since: Jun 27, 2016

Who knows what (American) Apple and Google are doing at OS level to steal users data.....

15. kiko007

Posts: 7465; Member since: Feb 17, 2016

I trust American companies with my data more than say, Chinese ones. No offence to any Chinese forum posters, but your government is kind of like that uncle who wants to know how your sex life is going.

21. TheOracle1

Posts: 1899; Member since: May 04, 2015

Because the Chinese ones are going to do what with your useless information that Google and Apple aren't already doing? This is only a worry for government officials, corporate executives and other high profile people that have access to sensitive information. We are mere nonentities in the big scheme of things. Besides there are apps and workarounds that can prevent this. Pre-installed bloatware from the small Chinese brands and downloaded apps are far more insidious than BBK's data collection practices. Try apps like VirusTotal or Spy Monitor to see where your info is going and use a data blocker.

16. trojan_horse

Posts: 5868; Member since: May 06, 2016

Damn, this might just put another nail in the OnePlus 5 coffin, as it's sales are already in red ink.

17. dimas

Posts: 3253; Member since: Jul 22, 2014

And this is why I don't patronize huawei anymore. Good move oneplus, oppo, vivo or whatever your real branding is.

20. Zylam

Posts: 1794; Member since: Oct 20, 2010

This isn't just a One Plus thing, it's an Android thing. Remember that software carriers used to install on all Androids to collect user data? I'm not surprised OEM'S are implementing their own ways to collect data. It's not just phones, I've heard numerous times that LG collects data on their smart TV's of what people watch, I wouldn't be surprised if the other TV vendors do the same. Doesn't bother me much, both my TV's are LG, they can collect all the data they want, but phones, there's way too much personal information on them and it's only going to increase. Google's needs to create safeguards in Android that stop Oems from obtaining your personal information, but than again Google does the exact same thing. It's also why there's no adblock in Chrome.

23. mootu

Posts: 1368; Member since: Mar 16, 2017

Google, Apple, Microsoft, all the carriers, your internet provider etc, they all do it and anyone who thinks otherwise is living in a dreamworld.

27. Plasticsh1t

Posts: 3090; Member since: Sep 01, 2014

Let them watch at my porn collection. In the meantime, I'll find a way to turn off this mechanism. If I installed an AOSP rom will it prevent the data collection if anyone knows?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.