OnePlus Secretly Gathers Sensitive User Information, Security Researcher Reveals

Many people believe that one of the most dangerous situations in life is when a person experienced a serious identity theft. This is actually a very wide spreading concern these days, especially hitting millions of innocent folks out there who often expose their personal information over the Internet. There are countless of unlawful strategies that professional criminals and hackers can do to victimize their targets.

This is the exact reason why a person needs to secure all personal information against these types of intruders or abusive individuals. In most cases, they target details such as Social Security Numbers, Credit Cards, Bank Accounts, Phone Numbers and other data about the identity of the victim.

From the latest reported news online, there is now a spreading issue about OnePlus and it is gathering sensitive information from its users without asking them permission. The revelation came from an expert security researcher who recently discovered this unknown activity of the Chinese mobile phone maker.

According to Chris Moore, he explained that OxygenOS-based handsets collect massive user data and this kind of approach is unlawful and can definitely affect the credibility or reputation of the company.

Moore is a security researcher and revealed that all the collected data are stored in a particular server, which include the serial number of the involved handsets. He actually published the issue few months ago in a blog post, but it was only lately when the readers showed interest to learning about this issue.

As detailed through The Verge, the OnePlus Smartphone units are recording the date through the OxygenOS platform such as when a user is locking or unlocking the device, using WIFI connectivity, active apps and these are actually the usual information to check. Unfortunately, the security researcher likewise revealed that the Chinese mobile phone maker is gathering data from the users such as the phone number, IMEI, MAC addresses, IMSI prefixes and mobile network names, among other important data without the knowledge of the person who is using the device.

This is when the issue arises because such activity is limited or very particular.

In addition, Moore stated that the illegal collection of the data happens through the OnePlus Device Manager Provider as well as OnePlus Device Manager, as reported online.

“From a development point of view, wanting to know about abnormal reboots seems legitimate, but the screen on/off and unlock activities feel excessive. At least these are anonymized, right? Well, not really—taking a closer look at the ID field, it seems familiar; this is my phone’s serial number,” said Moore as quoted by hothardware.com. “This I’m less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose),” he continued.

Aside from being a professional security researcher from UK, Chris Moore owns a tech blog online and a Cyber Security Challenge UK’s finalist.

In line with this issue, the Chinese-based phone manufacturer admitted that it is transmitting analytics to a server from Amazon (2-way streams as it call). Firstly, the purpose is for the usage analytics in fine-tuning its software. Secondly, it transmits analytics for the device information that they need to gather the data for their completing after-sales support, as detailed through The Verge.

However, OnePlus explained that it is not possible to disable the 2nd stream and a user can stop the data collection through turning off the process in the Settings of the device. Through the Settings, a user needs to open Advanced and simply deselect the “Join user experience program” option.

Although the company offers reasonable and good quality handsets to its valued users, it is might not be a reason if it secretly obtains personal data without the right permission or explanation from the users.

It still leads to a doubtful activity considering that the data collection is unknown.