Big companies collecting users’ data without their permission is no longer a surprise, and turns out, OnePlus is doing just that. Owner of a UK-based security and tech blog, Chris D Moore recently revealed in an article that the Chinese electronics company, OnePlus has been gathering his personal information and transmitting them without his permission.
D Moore noticed an unfamiliar domain while completing the SANS Holiday Hack Challenge and when he further examined it, he found that the domain – open.oneplus.net – had been collecting his usage data and transmitting them to an Amazon AWS instance.
Way back in January this year, Moore also tweeted this image:
— Christopher Moore (@chrisdcmoore) January 13, 2017
Moore states that the code responsible for the data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider. Upon decrypting the data, he found out the company is collecting IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phone’s serial number.
OnePlus has admitted collecting the data, and doesn’t seem to consider it a big issue. The company following to say about this scenario:
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ → ‘Advanced’ → ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k –user 0 pkg
— Jakub Czekański (@JaCzekanski) October 10, 2017
Follow us on twitter to stay updated: @compgeek_