OMG! OnePlus Is Collecting User Data Without Permission

in #technology7 years ago (edited)

oneplus.png

Recently, a security researcher has revealed that the well-known Chinese smartphone manufacturer, OnePlus would be collecting all the private data of its users without their consent, and without offering alternatives or options to disable or prevent such transfer.

Chris Moore, the owner of a UK-based security and tech blog, recently published an article demonstrating that OnePlus has been gathering his personal information and transmitting them without his permission. He noticed an unfamiliar domain while completing the SANS Holiday Hack Challenge and decided to further examine it. He found that the domain – open.oneplus.net – had essentially been collecting his private device and user data and transmitting them to an Amazon AWS instance, all without his permission.

The data that OnePlus is accessing ranges from device information like the phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID to user data like reboot, charging, screen timestamps as well as application timestamps.

one one.PNG

According to Chris Moore, who published an in-depth article on his Security and Tech Blog, his OnePlus device is harvesting and uploading quite of bit of personal information without his consent. While this is certainly a bit upsetting, it looks like the "feature" can be disabled even though it is a component of the OnePlus Device Manager without requiring root.

Android Authority reached out to OnePlus for clarification and received the statement below.

"We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behavior. This transmission of user activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support."

one.PNG

It’s concerning that a major Android manufacturer has been collecting and transmitting user data without permission, but it’s even more concerning that OnePlus doesn’t seem to consider it a big issue.

#Thank you so much for spending time to read this. See you soon in my next post.

Coin Marketplace

STEEM 0.19
TRX 0.25
JST 0.038
BTC 97484.70
ETH 3417.93
USDT 1.00
SBD 3.04