Published On: Wed, Oct 11th, 2017

Gimme Your Data!! OnePlus Goes Greedy with Data Collection; Forgets to Anonymize It Too

OnePlus might have been tracking a users as a researcher has suggested how a tradition Android handling system, OxygenOS, has been collecting large amounts of analytics information but anonymizing it. Potentially joining any phone to a user and their data, Christopher Moore, a confidence researcher has suggested that a OxygenOS is promulgation a association an extreme volume of privately identifiable data.

The Shenzhen based Chinese smartphone association is collecting a prolonged list of information that is afterwards tied to particular OnePlus users, including:

oneplus-3t-6Related Android 8.0 Oreo Closed Beta Available For Select OnePlus 3 Owners, Public Beta For OnePlus 3T/3 OnePlus 5 To Debut Before October

  • IMEI numbers
  • Phone numbers
  • MAC addresses
  • IMSI prefixes
  • Serial numbers
  • Mobile network name(s)
  • When user launched/closed an app
  • Screen on/off time
  • Time when user sealed or unbarred their phone
  • And some-more such information that could be deliberate intrusive.

Telemetry and some-more telemetry – OnePlus caught collecting large amounts of privately identifiable data

After doing some digging in a code, going by OnePlus forums and Reddit threads, Moore detected that the formula obliged for this information collection is partial of a OnePlus Device Manager and a OnePlus Device Manager Provider, that run a OneplusAnalyticsJobService underneath a OnePlus System Service.

“In my case, these services had sent 16MB of information in approximately 10 hours,” he pronounced creation a ban revelation.

While companies collect analytics information frequently to debug problems, they are approaching to during slightest anonymize that data, if not to make this an opt-in process. Currently, OnePlus doesn’t seem to be charity any approach to a users to get out of this routine and hasn’t responded as to because it needs to lane shade on/off and phone clear time.

oneplus-3-2-5Related OxygenOS Open Beta 23/14 for a OnePlus 3/3T Brings Slew of Changes

Jakub Czekański, a web developer, has common how tech savvy users can stop their inclination from promulgation telemetry information to a association but rooting their devices.

  1. Enable USB debugging
  2. Connect your phone to computer
  3. Use Android Debug Bridge (adb) to run a following commands:
    1. $ adb start-server
    2. $ adb shell
    3. pm uninstall -k –user 0 net.oneplus.odm

In a response, OnePlus has pronounced that it “securely broadcast analytics in dual opposite streams over HTTPS to an Amazon server.” The initial is use analytics that users can opt out of from: Settings Advanced  Join user knowledge program.

“The second tide is device information, that we collect to yield improved after-sales support,” and doesn’t seem to be something from that we can opt out of. Nevertheless, we can use Czekański’s tip to stop information collection on your OnePlus devices.

– More information on a company’s extreme information collection is accessible in Moore’s blog post; some-more sum on forcing your OnePlus phone to stop promulgation your information can be found here.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>