OnePlus goes too far collecting private user data without proper warning

Pablo Tucker
October 11, 2017

He observed that there was an unusual amount of incoming and outgoing internet traffic from his device to open.oneplus.net, a server owned by OnePlus.

The data collected by the OnePlus device includes IMEI, serial number, MAC address, IMSI prefix, phone number, wireless ESSID., and more. However, questions are being raised on why would the company want to collect phone numbers, IMEI numbers, MAC addresses, and also IMSI prefix codes.


OnePlus told Android Police, "We securely transmit analytics in two different streams over HTTPS to an Amazon server".

At the heart of the issue is the telemetry data OnePlus is collecting, the expansiveness of which some people feel is too great, plus the fact that certain bits of data could theoretically make it possible for the company to connect the particular user with the particular data collected. What Moore considered excessive however is collecting data related to when users lock and unlock their phones. In doing so, he noticed that his phone was connected to a OnePlus domain and transmitting incredibly detailed - and often very revealing - data back to the company. Although the security researcher contacted OnePlus early this year, he was led down the usual path of troubleshooting suggestions after which communication has been cut completely. They said that a bulk of this analytics information can be turned off by excluding from the User Experience Program.


Android Authority was able to speak to a OnePlus representative about this issue, but received an unsatisfactory response.

The Shenzhen based Chinese smartphone manufacturer OnePlus allegedly has been collecting sensitive information on users without their consent from their devices. The representative didn't provide an explanation as to why OnePlus didn't simply have users opt-in for this instead of having it covertly happening in the background. Meanwhile, you can use the above methods to stop the collection and transmission of data. Thankfully, Twitter user Jakub Czekanski, tweeted that the data transmission can be disabled permanently using ADB tool with USB debugging enabled on the device. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what goal (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation. Users will have to run this command [ pm uninstall -k -user 0 net.oneplus.odm ] to remove the OnePlus Device Manager permanently.


Other reports by iNewsToday

FOLLOW OUR NEWSPAPER