14 Oct 2017

Your OnePlus handset, running OxygenOS—the company’s custom version of the Android operating system, is collecting way more data on its users than it requires.

A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing that OxygenOS built-in analytics is regularly sending users’ telemetry data to OnePlus’ servers.

Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included:

  • User’ phone number
  • MAC addresses
  • IMEI and IMSI code
  • Mobile network(s) names
  • Wireless network ESSID and BSSID
  • Device serial number
  • Timestamp when a user locks or unlocks the device
  • Timestamp when a user opens and closes an application on his phone
  • Timestamp when a user turns his phone screen on or off

It is clear that above information is enough to identify any OnePlus user.

OnePlus Caught Spying On Users, Here Is How To Disable It

It can be turned off by visiting Settings > Advanced > Join user experience program

IT Security Professional – Security Researcher & Consultant for the Government, Enthusiast, Malware Analyst, Penetration Tester.

Leave your thought