A few days ago, OnePlus was accused of intentionally leaving a backdoor root access (via the EngineerMode apk) on the OnePlus 5, OnePlus 3 and the OnePlus 3T, which can be exploited to obtain root access to the devices. The company’s CEO Carl Pei responded to the issue saying that the company would look into it. Now though, the company has confirmed in a blog post that gaining root access functionality via EngineerMode apk will be removed from the aforementioned OnePlus phones through an upcoming OTA update.
In the blog post, OnePlus explains the EngineerMode apk, and states that it is a diagnostic tool, which is mainly used for “factory production line functionality testing” and after sales support. The company claims that even though the EngineerMode app grants escalated privileges using adb commands, it will not allow full root privileges to third party apps.
The post further clarifies that obtaining root access via adb is only possible through USB debugging mode turned on. This is turned off by default. It adds that obtaining root privileges will require physical access to the device. OnePlus believes it's not a major issue, but they have promised to remove the adb root function from EngineerMode in the upcoming OTA update.
To recall, the issue started when a developer discovered that certain OnePlus phones can be rooted without even unlocking the bootloader. The developer claims that launching 'DiagEnabled' activity associated with the Engineering Mode app with the correct password grants root privileges to users. The ‘Engineering Mode’ is meant for factory testing devices and ensuring that they are working properly. The app is reportedly pre-installed on the OnePlus 3, OnePlus 3T and the Oneplus 5.
Last month, OnePlus also faced user backlash for collecting their personal data like IMEI numbers, serial numbers, app usage statistics and more. The company responded by saying that the collected data is used for improving their services and users have an option of opting out.