OnePlus 2

NEW DELHI: Amidst all the rumours revolving around the OnePlus 5T and OnePlus 6, a new report has popped up saying that the Chinese tech firm has been collecting user data without their consent. It has been mentioned that the company collects its handset users’ IMEI numbers, mobile network names, MAC addresses, and IMSI prefixes among other information.

The discovery was done by a software engineer, Christopher Moore and is revealed in his blog post. He found this last year during the SANSHoliday Hack Challenge while proxying the internet traffic from a OnePlus 2 device using a security tool – OWASP Zed Attack Proxy Project. During the activity, Moore discovered that the smartphone data was being sent to the portal without any alert or authorisation. The domain was found to be owned by OnePlus.

Digging further, it was found that OnePlus was sending information on locks, unlocks and unexpected reboots along with timestamps of the OnePlus 2 to the domain. While the data on unexpected reboots is still fine given that developers need it for analysis and bug fixes, recording when the handset was locked or unlocked with timestamps was unnecessary, according to Moore.

Now, a Twitter user seems to have come up with a solution, which is by removing the OnePlus Device Manager app without rooting the device.

 OnePlus also responded to Android Police with a statement. “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
It should be pointed out that in the given statement OnePlus has not denied the fact that it gathers data on phone locks and unlocks with timestamp, IMEI number and more, like what Moore mentioned in his blog post.
It has not been confirmed if the Chinese tech firm is doing the same with its OnePlus 3, 3T and OnePlus 5.