OnePlus found to be gathering users’ phone data without consent
NEW DELHI: Amidst all the rumours revolving around the OnePlus 5T and OnePlus 6, a new report has popped up saying that the Chinese tech firm has been collecting user data without their consent. It has been mentioned that the company collects its handset users’ IMEI numbers, mobile network names, MAC addresses, and IMSI prefixes among other information.
The discovery was done by a software engineer, Christopher Moore and is revealed in his blog post. He found this last year during the SANSHoliday Hack Challenge while proxying the internet traffic from a OnePlus 2 device using a security tool – OWASP Zed Attack Proxy Project. During the activity, Moore discovered that the smartphone data was being sent to the open.oneplus.net portal without any alert or authorisation. The domain was found to be owned by OnePlus.
Digging further, it was found that OnePlus was sending information on locks, unlocks and unexpected reboots along with timestamps of the OnePlus 2 to the domain. While the data on unexpected reboots is still fine given that developers need it for analysis and bug fixes, recording when the handset was locked or unlocked with timestamps was unnecessary, according to Moore.
Now, a Twitter user seems to have come up with a solution, which is by removing the OnePlus Device Manager app without rooting the device.