OnePlus has been found collecting very comprehensive data of customers using its smartphones. While most smartphone manufacturers collect user data for analytics, OnePlus has been found collecting data that includes IMEI numbers, MAC addresses, mobile network names and IMSI prefixes, phone's serial number, wireless network ESSID, and more.
Christopher Moore, a software engineer, has written a blog post detailing the data collected by the Chinese smartphone maker. Moore discovered OnePlus collecting this data during a Hack Challenge while setting up his OnePlus 2 smartphone. He set up a security tool called OWASP ZAP on his OnePlus 2 and found traffic requests to open.oneplus.net, which further redirected the traffic to a US-based Amazon AWS server. Apart from finding out what data is being collected, Moore also noticed time stamps of when apps were opened and closed along with the serial number of the device.
While collecting data like unexpected reboots would help developers fix the bug at the earliest, the collection of data like when the phone is locked or unlocked seems unnecessary. In fact, Moore left the system running for an extended period of time to understand what other data OnePlus collected from its user.
Back in January, Moore highlighted the issue on Twitter and asked OnePlus how to disable data collection on his device. The company replied with usual troubleshooting options like wiping the cache and performing a factory reset. Yesterday, a Twitter user found the app responsible for collecting user data on a OnePlus smartphone.
Hey @OnePlus_Support, it's none of your business when I turn my screen on/off or unlock my phone - how do I turn this off? /cc:@troyhuntpic.twitter.com/VihaIDI6wP — Christopher Moore (@chrisdcmoore) January 13, 2017
A deeper access to file system has revealed that the data is being collected by a system app called "OnePlus System Service." Since its part of the system, OnePlus users can't turn it off. However, they can manually disable it every time the phone is restarted by running an ADB command.
Twitter user Jakub Czekanski noted that OnePlus' System Service can be permanently disabled by running the command: pm uninstall -k --user 0 pkg and substituting net.oneplus.odm for pkg. In a statement released to Android Police, OnePlus says "We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support."
While every device manufacturer collects some form of data for analytics and seeks user consent for acquiring these data, OnePlus seems to be collecting data that affects the privacy of the user. The company should be more transparent about what data it collects from its device user and even offer an option at the time of setting up the device to opt out of such data collection.
Other Popular Deals
- Best smartphones to buy under Rs. 7,000 in India right now14 upcoming mobile phones you should expect in India in 2016
- 10 smartphone sequels to look forward to in 201510 best smartphones between Rs. 10,000 to Rs. 20,000...
- Best smartphones under Rs. 15,000 with great battery backup26 upcoming & latest smartphones to check-out
- Slimmest phones you can buy in India [November 2015]The best upgrade options for 10 classic smartphones
- Huawei P8: First LookXiaomi Mi4i vs Asus Zenfone 2 (2GB): Quick Comparison
- LG G4: First LookAsus Zenfone 2 and Zenfone Selfie: In Pictures
- Sony's current & upcoming Xperia phones: An OverviewMicromax Canvas Sliver 5: First Look
- Sony Xperia C4: First LookCoolpad Dazen X7 and Dazen 1: In pictures