Android OnePlus

OnePlus reportedly collects personal information from smartphone users

Cosmin Vasile by Cosmin Vasile   /  Oct 10, 2017, 8:22 PM

In a world dominated by privacy paranoia, many companies are trying to be as transparent as possible whenever they launch a new product. Unfortunately, in the smartphone industry, it's even harder to get away with backdoors and other exploits that would allow a company to collect personal data from customers.

Well, it looks like OnePlus has been found guilty of breaking consumers trust. What's really baffling is that the Chinese company is already aware of privacy issue, as last year security researcher Christopher Moore discovered his OnePlus 2 smartphone was sending data to a HTTPS domain belonging to OnePlus without user's consent.

After analyzing the data the phone was sending to open.oneplus.net domain, he learned that it contained information about the screen, device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, IMSI prefixes, as well as wireless network ESSID and BSSID.

Moreover, Moore discovered the OxygenOS also gathers time stamps of when the user opened and closed apps, or which activities were being opened. Apparently, there are two apps are to be blamed for collecting and sending personal information to OnePlus' domain: OnePlus Device Manager and OnePlus Device Manager Provider.

Although the security researcher contacted OnePlus early this year, he was led down the usual path of troubleshooting suggestions after which communication has been cut completely.

More recently, someone discovered a workaround that will allow OnePlus users to disable OnePlus Analytics without having to root their devices. So, in order to disable the app permanently, you will have to use the following adb command: pm uninstall -k --user 0 pkg.

OnePlus has yet to respond to these allegations, but the fact that it tried to hide from the public this specific privacy issue may prove fatal for the company's brand image.

FEATURED VIDEO

Options

31 Comments

jojon
Reply

1. jojon

Posts: 437; Member since: Feb 11, 2014

....for me, this is another good reason not to buy Chinese phones.

posted on Oct 10, 2017, 8:31 PM

you_sukk_it
Reply

13. you_sukk_it

Posts: 219; Member since: Apr 11, 2017

op already had bad sales with the 5. this will help ease the death quicker.

posted on Oct 10, 2017, 10:51 PM

Shubham412302
Reply

19. Shubham412302

Posts: 594; Member since: Nov 09, 2011

Americans are even worst. They plant malware into their citizens PC and Mobile. #wannacry

posted on Oct 11, 2017, 12:49 AM

NickHill
Reply

22. NickHill

Posts: 388; Member since: May 07, 2016

*facepalm* *crying* OnePlus collecting data and wannacry are nowhere related, young man.

posted on Oct 11, 2017, 1:26 AM

Good-Is-Better
Reply

24. Good-Is-Better

Posts: 105; Member since: Nov 12, 2015

Don't be fooled. Every manufacture collects data. Believe it or leave it. The question is how they use the data collected? What everyone should understand is, the day you bought a smart-phone and injected you info inside, is the day you part with your privacy. If the manufacture of that device decides to sell the info, the buy will get home with it and that's it.

posted on Oct 11, 2017, 3:16 AM

Shubham412302
Reply

29. Shubham412302

Posts: 594; Member since: Nov 09, 2011

Why don't you Google wannacry malware's history. It uses the loopholes in windows OS which American Govt. was using to spy on its people.

posted on Oct 11, 2017, 12:30 PM

kiko007
Reply

2. kiko007

Posts: 7521; Member since: Feb 17, 2016

"OnePlus has yet to respond to these allegations, but the fact that it tried to hide from the public this specific privacy issue may prove fatal for the company's brand image." I don't know which is more shocking. That 1+ is collecting personal data, or that they had a brand image to uphold in the first place. What did you expect from a phone maker in mainland China? Oppo has been caught using a similar practice in the past as well, wonder if there is an overlap. Having said my piece (peace?), I wouldn't worry too much about it as a 1+ owner. If they wanna peek at your selection of porn... let'em.

posted on Oct 10, 2017, 8:44 PM

piyath
Reply

3. piyath

Posts: 2445; Member since: Mar 23, 2012

This looks not good for Oneplus... Hope they fix this soon.

posted on Oct 10, 2017, 9:17 PM

DavidDau
Reply

4. DavidDau

Posts: 31; Member since: Oct 24, 2016

Backdoors are required by law for Chinese tech companies. OnePlus, Xiaomi, Huawei and Oppo all have adopted the law introduced by Chinese government. Nothing isn't transparent here.

posted on Oct 10, 2017, 9:24 PM

kiko007
Reply

5. kiko007

Posts: 7521; Member since: Feb 17, 2016

Seriously? That seems a bit... excessive.

posted on Oct 10, 2017, 9:30 PM

dimas
Reply

18. dimas

Posts: 3446; Member since: Jul 22, 2014

That's how it works in their country. But imposing that same data collecting system in global scale? No thanks oneplus.

posted on Oct 10, 2017, 11:51 PM

Beijendorf unregistered
Reply

11. Beijendorf unregistered

Could you cite that law, please?

posted on Oct 10, 2017, 10:44 PM

RebelwithoutaClue unregistered
Reply

25. RebelwithoutaClue unregistered

Perhaps these backdoors are required for smartphones meant for the local market. International ones don't. That's why OP uses 2 Android versions (HydrogenOS and OxygenOS).

posted on Oct 11, 2017, 3:38 AM

jacky899
Reply

31. jacky899

Posts: 434; Member since: May 16, 2017

Don't think Chinese or any other governments have this requirement. The only country proven to require backdoors built-in to their hardware is the NSA

posted on Oct 13, 2017, 5:03 PM

Chuck007
Reply

6. Chuck007

Posts: 1419; Member since: Mar 02, 2014

I like Oneplus' products but it's just one of those unfortunate things beings based on Mainland China. Sure the market is HUGE but you'd only be successful if you cooperate with the CCP regime. It's basically one large, corporate conglomerate.

posted on Oct 10, 2017, 9:38 PM

MrShazam
Reply

7. MrShazam

Posts: 987; Member since: Jun 22, 2017

Nothing surprising based on the article. During initial setup of my mum's new OnePlus 5, there were terms and conditions detailing what OnePlus will be collecting, and I recall reading about device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, etc. information being collected. BTW, apple also collects personal information from iphone users, so, what exactly is the difference here besides the brand name?

posted on Oct 10, 2017, 10:09 PM

L0n3n1nja
Reply

9. L0n3n1nja

Posts: 1603; Member since: Jul 12, 2016

This is phonearena. Apple is holy and uses your data for good as they are American. OnePlus is Chinese and will do evil terrible things with the information.

posted on Oct 10, 2017, 10:13 PM

apple-rulz
Reply

10. apple-rulz

Posts: 2198; Member since: Dec 27, 2016

Dry those salty tears and show me on the doll where Apple touched you.

posted on Oct 10, 2017, 10:42 PM

Tech-shake
Reply

26. Tech-shake

Posts: 213; Member since: Nov 14, 2016

I understand all the data being collected except the phone numbers part. What will OnePlus do with the collected phone numbers?

posted on Oct 11, 2017, 4:44 AM

MrShazam
Reply

28. MrShazam

Posts: 987; Member since: Jun 22, 2017

Yeah, the phone number part is concerning, that's a major reason why I rooted it and installed Xposed via Magisk; to get XPrivacy on it and take control of those suspicious data requests, be it by google or OnePlus.

posted on Oct 11, 2017, 7:45 AM

L0n3n1nja
Reply

8. L0n3n1nja

Posts: 1603; Member since: Jul 12, 2016

Not a surprise to me, it's a budget flagship from a Chinese company. Even Lenovo has been caught spying on their users. With that said, your cell phone carrier, internet service provider, Google, and Apple all collect a lot of information. Honestly since Google now became Google Assistant, it's become increasingly obvious Google is watching everything I do with some of the push notifications I get recommending things to me.

posted on Oct 10, 2017, 10:12 PM

Foxgabanna unregistered
Reply

12. Foxgabanna unregistered

Androids have been doing this for years!

posted on Oct 10, 2017, 10:46 PM

Papa_Ji
Reply

14. Papa_Ji

Posts: 911; Member since: Jun 27, 2016

Who knows what (American) Apple and Google are doing at OS level to steal users data.....

posted on Oct 10, 2017, 10:59 PM

kiko007
Reply

15. kiko007

Posts: 7521; Member since: Feb 17, 2016

I trust American companies with my data more than say, Chinese ones. No offence to any Chinese forum posters, but your government is kind of like that uncle who wants to know how your sex life is going.

posted on Oct 10, 2017, 11:08 PM

TheOracle1
Reply

21. TheOracle1

Posts: 2340; Member since: May 04, 2015

Because the Chinese ones are going to do what with your useless information that Google and Apple aren't already doing? This is only a worry for government officials, corporate executives and other high profile people that have access to sensitive information. We are mere nonentities in the big scheme of things. Besides there are apps and workarounds that can prevent this. Pre-installed bloatware from the small Chinese brands and downloaded apps are far more insidious than BBK's data collection practices. Try apps like VirusTotal or Spy Monitor to see where your info is going and use a data blocker.

posted on Oct 11, 2017, 1:12 AM

trojan_horse
Reply

16. trojan_horse

Posts: 5868; Member since: May 06, 2016

Damn, this might just put another nail in the OnePlus 5 coffin, as it's sales are already in red ink.

posted on Oct 10, 2017, 11:32 PM

dimas
Reply

17. dimas

Posts: 3446; Member since: Jul 22, 2014

And this is why I don't patronize huawei anymore. Good move oneplus, oppo, vivo or whatever your real branding is.

posted on Oct 10, 2017, 11:47 PM

Zylam
Reply

20. Zylam

Posts: 1823; Member since: Oct 20, 2010

This isn't just a One Plus thing, it's an Android thing. Remember that software carriers used to install on all Androids to collect user data? I'm not surprised OEM'S are implementing their own ways to collect data. It's not just phones, I've heard numerous times that LG collects data on their smart TV's of what people watch, I wouldn't be surprised if the other TV vendors do the same. Doesn't bother me much, both my TV's are LG, they can collect all the data they want, but phones, there's way too much personal information on them and it's only going to increase. Google's needs to create safeguards in Android that stop Oems from obtaining your personal information, but than again Google does the exact same thing. It's also why there's no adblock in Chrome.

posted on Oct 11, 2017, 12:54 AM

mootu
Reply

23. mootu

Posts: 1541; Member since: Mar 16, 2017

Google, Apple, Microsoft, all the carriers, your internet provider etc, they all do it and anyone who thinks otherwise is living in a dreamworld.

posted on Oct 11, 2017, 1:28 AM

Plasticsh1t
Reply

27. Plasticsh1t

Posts: 3109; Member since: Sep 01, 2014

Let them watch at my porn collection. In the meantime, I'll find a way to turn off this mechanism. If I installed an AOSP rom will it prevent the data collection if anyone knows?

posted on Oct 11, 2017, 6:31 AM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

android-r-spotted-on-a-pixel-4
"R" you ready? Pixel 4 running the next Android developer preview is spotted
samsung-galaxy-s20-plus-ultra-specs-cameras-leak
Detailed Galaxy S20 series spec sheet reveals all: camera, battery, processor, more
Sony-has-some-of-the-best-gadgets-hiding-behind-some-of-the-worst-names-in-the-industry
Sony should fix this problem with its gadgets right now
Galaxy-S20-Ultra-Plus-vs-Galaxy-S10-Plus-Note-10-Size-comparison-design
Galaxy S20, S20+, S20 Ultra size comparison: Here's how they measure up against the Galaxy S10-series
huawei-p40-pro-premium-edition-design-renders-leak
Premium Huawei P40 Pro variant leaks with five cameras, ceramic back
huawei-p40-pro-design-colors-leak
Leaked Huawei P40 Pro renders show off design, reveal launch colors
galaxy-s20-ultra-5x-10x-optical-periscope-zoom-levels
No, the Galaxy S20 Ultra won't have 10x optical zoom, here's why
samsung-galaxy-s20-plus-ultra-dummies-comparison-note-10-pixel-4-s10
Here's how the Galaxy S20 series compares to the Note 10, Pixel 4, and more

Popular stories

fbi-does-not-need-apple-to-unlock-terrorists-iphones
Trump, Barr, and the FBI do not need Apple to unlock a terrorist's iPhones
Google-Fi-voicemail-support
Important changes are coming to Google Fi soon
t-Mobile-sprint-merger-case-decision-dish
After the closing arguments, the T-Mobile/Sprint merger case leans towards a deal block
apple-contradicts-trump-barr-over-law-enforcement-requests
Data released by Apple contradicts Trump and Barr
samsung-new-smartwatch-rumor-galaxy-watch-active-3
Samsung has a mystery new smartwatch in the pipeline
judge-will-allow-third-party-briefs-in-review-of-doj-sprint-deal
Here's your chance to tell a federal judge what you think about the T-Mobile-Sprint merger
Samsung-Galaxy-S20-ultra-price-release-specs-features
The Samsung Galaxy S20 Ultra: price, release, specs, and features of the upcoming ultra phone
tracfone-prepaid-t-mobile-sprint-verizon-att-prepaid-smartsim-dynamic-handover
After endorsing the T-Mobile/Sprint merger, Tracfone will pick the best network with SmartSIM

Hot phones

Latest Stories

View more news
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless