OnePlus to fix backdoor root access issue via a software patch

By Shubham Sharma | Published on Nov 15 2017
OnePlus to fix backdoor root access issue via a software patch

Get Redmi 8 4GB+64 GB @ RS.7,999

With 12MP+2MP AI Dual camera, 5000mAh battery, fast charging, Fingerprint sensor + AI Face unlock

Click here to know more

HIGHLIGHTS

The Engineering Mode app on the OnePlus 5, Oneplus 3 and 3T smartphones can be used to obtain root access without unlocking the bootloader. The company says its not a threat but will remove the root method from the app

A few days ago, OnePlus was accused of intentionally leaving a backdoor root access (via the EngineerMode apk) on the OnePlus 5, OnePlus 3 and the OnePlus 3T, which can be exploited to obtain root access to the devices. The company’s CEO Carl Pei responded to the issue saying that the company would look into it. Now though, the company has confirmed in a blog post that gaining root access functionality via EngineerMode apk will be removed from the aforementioned OnePlus phones through an upcoming OTA update.

In the blog post, OnePlus explains the EngineerMode apk, and states that it is a diagnostic tool, which is mainly used for “factory production line functionality testing” and after sales support. The company claims that even though the EngineerMode app grants escalated privileges using adb commands, it will not allow full root privileges to third party apps. 

The post further clarifies that obtaining root access via adb is only possible through USB debugging mode turned on. This is turned off by default. It adds that obtaining root privileges will require physical access to the device. OnePlus believes it's not a major issue, but they have promised to remove the adb root function from EngineerMode in the upcoming OTA update. 

To recall, the issue started when a developer discovered that certain OnePlus phones can be rooted without even unlocking the bootloader. The developer claims that launching 'DiagEnabled' activity associated with the Engineering Mode app with the correct password grants root privileges to users. The ‘Engineering Mode’ is meant for factory testing devices and ensuring that they are working properly. The app is reportedly pre-installed on the OnePlus 3, OnePlus 3T and the Oneplus 5. 

Last month, OnePlus also faced user backlash for collecting their personal data like IMEI numbers, serial numbers, app usage statistics and more. The company responded by saying that the collected data is used for improving their services and users have an option of opting out. 

Videos

OnePlus 5 Review  Digitin
logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.