OnePlus responds to the latest backdoor debacle, doesn't see it as "a major security issue"
Just yesterday, it was discovered that OnePlus has included a rather powerful app
that could easily serve as a backdoor for many of its latest devices like the OnePlus 5
, 3T, and 3. Dubbed Engineer Mode, the app is normally intended for testing and maintenance of Qualcomm-powered Android devices but also allows anyone with average knowledge to pre-root the device and greatly mess up with the security of the device. Of course, such an app has no place inside an official user build for an Android device.
There were even concerns that apps could be engineered abuse these easy root privileges, but OnePlus came up with an official statement earlier, declining that EngineerMode.apk
can't be exploited by apps but only through ADB (Android Debug Bridge), a powerful desktop-based shell for Android. Granted, a knowing wrongdoer would be able to root your device in a rather easy way by having physical access to your OnePlus device, which has to have USB debugging explicitly enabled in the Developer Options menu.
Even if that's true, the question still remains why OnePlus kept that app bundled within the official software build that's strictly intended for the end-user. What's more, the OnePlus team claimed it "doesn't see this as a major security issue", which doesn't sound particularly-reassuring and doesn't help its case very much.
The ADB root feature of the Engineer Mode app will be removed in an upcoming software update, said OnePlus, but it seems that the app would remain part and parcel of OnePlus' OxygenOS ROM.