OnePlus to fix backdoor root access issue via a software patch

By Shubham Sharma | Published on 15 Nov 2017
OnePlus to fix backdoor root access issue via a software patch
HIGHLIGHTS

The Engineering Mode app on the OnePlus 5, Oneplus 3 and 3T smartphones can be used to obtain root access without unlocking the bootloader. The company says its not a threat but will remove the root method from the app

Advertisements

Looking for a simpler way to upgrade your applications?

IBM helps you develop and modernize all your applications with Java open systems. Get all the tools, guidance and training that is required to speed up development.

Click here to know more

A few days ago, OnePlus was accused of intentionally leaving a backdoor root access (via the EngineerMode apk) on the OnePlus 5, OnePlus 3 and the OnePlus 3T, which can be exploited to obtain root access to the devices. The company’s CEO Carl Pei responded to the issue saying that the company would look into it. Now though, the company has confirmed in a blog post that gaining root access functionality via EngineerMode apk will be removed from the aforementioned OnePlus phones through an upcoming OTA update.

In the blog post, OnePlus explains the EngineerMode apk, and states that it is a diagnostic tool, which is mainly used for “factory production line functionality testing” and after sales support. The company claims that even though the EngineerMode app grants escalated privileges using adb commands, it will not allow full root privileges to third party apps. 

The post further clarifies that obtaining root access via adb is only possible through USB debugging mode turned on. This is turned off by default. It adds that obtaining root privileges will require physical access to the device. OnePlus believes it's not a major issue, but they have promised to remove the adb root function from EngineerMode in the upcoming OTA update. 

To recall, the issue started when a developer discovered that certain OnePlus phones can be rooted without even unlocking the bootloader. The developer claims that launching 'DiagEnabled' activity associated with the Engineering Mode app with the correct password grants root privileges to users. The ‘Engineering Mode’ is meant for factory testing devices and ensuring that they are working properly. The app is reportedly pre-installed on the OnePlus 3, OnePlus 3T and the Oneplus 5. 

Last month, OnePlus also faced user backlash for collecting their personal data like IMEI numbers, serial numbers, app usage statistics and more. The company responded by saying that the collected data is used for improving their services and users have an option of opting out. 

logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status