Technology

OnePlus Said to Be Collecting Unanonymised User Data, Company Responds

OnePlus Said to Be Collecting Unanonymised User Data, Company Responds

After analyzing the data the phone was sending to open.oneplus.net domain, he learned that it contained information about the screen, device unlock events, abnormal reboots, serial number, IMPEI, phone numbers, MAC address, mobile network names, IMSI prefixes, as well as wireless network ESSID and BSSID.

After some further investigation, Moore discovered that the code responsible for collecting the data was part of the OnePlus Device Manager and the OnePlus Device Manager Provider.

Otherwise, you might have to put up with this data collection, though given the attention it's got we wouldn't be surprised if OnePlus soon changes it to an opt-in process, since this isn't the sort of publicity it needs. He found that his OnePlus 2 was constantly reaching out to open.oneplus.net, which in turn diverted traffic to an Amazon server in the US.

OnePlus did not address the privacy concerns with its data collection activities, and a representative also failed to explain why users are not asked for permission over this.

A little bit of additional digging revealed that the server was one of OnePlus's own.

More news: Hurricane Season 2017 has proven to be one for the books
More news: Fire department advises two fire escape routes
More news: Dominique Rodgers-Cromartie suspended by Giants

"Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone. Well, not really - taking a closer look at the ID field, it seems familiar; this is my phone's serial number", he said in the blog.

While OnePlus says that the bulk of the data transmission can be turned off with the above instructions, Twitter user @JaCzekanski pointed out that the app sending the data (OnePlus Device Manager) can be removed via ADB, root not required. Actually, you can disable it permanently: "pm uninstall -k -user 0 pkg", Czekanski wrote on Twitter, in response to Moore's blog post. There is also no clarity on how switching off this functionality permanently would affect the performance of the device and users are advised to tread with caution in choosing to disable it.

OnePlus told Android Police, "We securely transmit analytics in two different streams over HTTPS to an Amazon server". However, they claimed that the data analytics is put to use in order to finetune their software to match the user behavior and the other stream is meant to offer better after-sales-service to their customers. This transmission of user activity can be turned off by navigating to Settings Advanced Join User Experience Program.

OnePlus is no stranger when it comes to being embroiled in some form of controversy. Moore contacted OnePlus earlier this year asking for clarification only to be led into a rabbit hole.