OnePlus Caught Stealing User Data: Here’s How You Can Stop It
This is not the first time OnePlus finds itself mired in controversy!
It will definitely hurt your brand image when you get discovered diverting user data without their knowledge, soon after you have been declared as the most trusted smartphone brand. Not only trust, OnePlus has garnered the highest market share in the premium segment of smartphones in the online space.
Chris Moore, a software engineer and OnePlus user, in his blog revealed how the Chinese manufacturer has been stealing some very specific data from the OnePlus users without their permission.
Contents
How Was OnePlus Discovered?
Christopher Moore discovered that OnePlus has been collecting personal information and user specific data from its users. Last year, he had discovered that his OP 2 was sending some personal data to a HTTPS domain, which belonged to OnePlus. All the data being sent was without his consent or knowledge. When analyzed, he found that the data was being sent to open.oneplus.net domain.
What Data Has OnePlus Been Stealing?
The user data sent to the OP’s domain has information about the screen, serial number, IMEI, MAC address, device unlock patterns, passcodes, IMSI numbers, mobile network names, abnormal reboots, and wireless network ESSID and BSSID. All this data was being sent to the server without user’s consent or knowledge.
The official operating system of OP phones, OxygenOS, has helped to gather timestamps of when apps are being opened or closed, and other activities are being carried out. OnePlus Device Manager and OnePlus Device Manager Provider collected data and shared it to the OP’s domain from where the data was transmitted to Amazon AWS servers, all this without any permission.
There was no response from OnePlus when contacted for their side of the story. After all the research, Moore later contacted the Chinese company. When he contacted OP regarding the privacy issue, he was taken through a big process of troubleshooting suggestions, after which all communication was terminated.
How To Stop It?
If you are a OnePlus smartphone user, you can permanently disable the data sharing by replacing the net.oneplus.odm for pkg via ADB or by running the following command;
pm uninstall -k –user 0 pkg
With this, OP users will be able to disable the their Analytics without rooting their smartphones.
There is also a simpler way. Navigate to ‘Settings –> Advanced –> Join User Experience Program’ and opt out. This has been suggested by OnePlus themselves.
Company’s Take On Collecting User Data Without Permission
OnePlus is now a major Android manufacturer. Though it has been found to be recording and transmitting user data without permission, what’s more surprising is OP’s response. They don’t seem to consider this a big issue. They have simply stated it to be a secure transmission of analytics in two different streams over HTTPS to an Amazon server so that they can fine tune their software in terms of user behavior and provide a better after-sales support. They added, the usage activity can be turned off by navigating to ‘Settings’ > ‘Advanced’ > ‘Join User Experience Program’.
Past Incidents
OnePlus has been in the news a lot for wrong reasons. From manipulating benchmarks to inadequate device support, the Chinese company has had an “interesting” journey so far.
Inadequate Device Support
OnePlus has faced heavy criticism from users in the past one or two years over its failure to provide adequate device support.
Benchmark Manipulation
During the launch of the OP 5, the company used artificially enhanced benchmark numbers to manipulate its rank with other flagship devices.
Upside-Down Mounted Displays
OP 5 users noticed a bizarre jelly like scrolling effect on their handsets. The screen wobbled and distorted as one tried to scroll through it. The issue was later traced to displays which were mounted upside-down, which was a “deliberate engineering decision”.
Users Unable To Dial 911
This was one of the most serious bugs in the new OP 5. Each time users tried to dial 911, the OP 5 rebooted. This was a potential hazard as 911 is the all-in-one emergency number. The issue was traced to a bug in memory and rectified in quick-time.
