OnePlus is soon to launch the next so-called flagship killer and is expected to feature a bigger display with a new aspect ratio and minimal bezels. However, that's not to say that all's well in paradise. The problem, however, is that OnePlus fails to provide anonymity to the data, Engadget points out in its report. Twitter user Jakub Czekański explained how to block the transmissions using ADB with USB debugging enabled on the device, but this could cause other problems. Following all these issues, this Chinese tech company is in trouble again and this one requires a good long explanation.
In an article published on his blog, Moore demonstrated how personal information coming from his phone was being transferred to OnePlus, without him having given his consent. He came across this unfamiliar domain while completing the SANS Holiday Hack Challenge, which he chose to investigate further. After setting up a security tool called OWASP ZAP on his OnePlus 2 handset, he noticed HTTPS requests being sent to a domain called open.oneplus.net, which further redirected the traffic to a US-based Amazon AWS server.
All told, OnePlus is collecting screen on, screen off, device unlock events, abnormal reboots, serial number, IMEI, phone numbers, MAC addresses, mobile network names and IMSI prefixes, as well as wireless network ESSID and BSSID.
The data that OnePlus is accessing ranges from device information like the phone's IMEI and serial number to user data like reboot, charging, screen timestamps as well as application timestamps.
"This kind of data collection, especially one containing information that can be directly tied back to me as an individual, should really be opt-in and/or have an easily accessible off switch", Moore noted in his blog post in June. "The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour", the firm said. This transmission of usage activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program". Its failure to provide adequate device support has brought down the brand with heavy criticism from its users in the past year or two.
Incidentally, OnePlus was criticized in April for not providing better customer support to its users, particularly for not delivering on their promise of an Android Nougat update. Of all the manufacturers out there, the company who managed to anger and frustrate so many users precisely due to its lack of after-sales support is trying to justify its unauthorized data collection on the grounds that it's for after-sales support.