OnePlus OxygenOS Caught Collecting Sensitive User Data Without Permission

Isaac Cain
October 12, 2017

OxygenOS, which is company's operating software that runs on top of Android, is said to be facilitating data transmission without a user's prior permission.

@chrisdcmoore I've read your article about OnePlus Analytics.

OnePlus' behavior isn't exactly out of the ordinary, but the real issue lies with the way it's conducting its data collection. At least these are anonymized, right? The data in question range from the phone's IMEI, serial and even the cellular number, mobile network name, MAC address, IMSI prefix, wireless network ESSID and BSSID as well as other user data such as charging, rebooting, application and screen timestamps. Instead, the transferred data includes your phone's serial number making it known who you are. After the launch of the OnePlus 5, the company had to deal with claims of faking benchmarks as well as criticisms over its copy-pasting of Apple's iPhone 7 Plus design and sooner than later, the company was also in hot soup after it was discovered that dialing 911 on the phone was not possible.

However, when this issue was reported to OnePlus, the company confirmed that they transmit analytics data in two different streams over HTTPS to an Amazon server. OnePlus has said that the data only contains "usage analytics" which is used to "fine tune our software".

More news: Ophelia becomes 10th consecutive hurricane this season

For what it's worth, you can turn off the "transmission of usage activity" by unjoining the "user experience program" in your advanced settings menu.

The code that's responsible for collecting users' private data is part of the OnePlus Device Manager and OnePlus Device Manager Provider. This is a bad look for OnePlus, and it is equally concerning that the company does not really consider this to be a big deal. First, you need to enable USB debugging in your phone's settings (it's under Developer Options). In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what objective (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation. There is also no clarity on how switching off this functionality permanently would affect the performance of the device and users are advised to tread with caution in choosing to disable it.

Incidentally, Moore has already found a way to kill the OnePlus Device Manager, the offending app that sends out the data, via a reply from one of his Twitter followers.

Other reports by LeisureTravelAid

Discuss This Article