The issue was first noticed by a UK-based security researcher named Chris Moore. He accidentally discovered an unfamiliar domain (open.oneplus.net) while he was busy with the SANS Holiday Hack Challenge.
Moore has described the data collection in his blog post; the data was being transferred to an Amazon AWS instance from his OnePlus 2 device.
The data collected by the OnePlus device includes IMEI, serial number, MAC address, IMSI prefix, phone number, wireless ESSID., and more. It also monitors usage habits, such as, which apps are opened or closed, for how long they are used, etc.
With that much amount of data, it would be easy to connect the dots to an individual user. However, the “feature” can be disabled permanently via adb, according to a Twitter user Jakub Czekański.
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k --user 0 pkg
In their defense, OnePlus said the data collection happens over secure connections. It’s used to fine-tune their software for better user experience and to improve their “after-sales support.” It can be turned off by visiting Settings > Advanced > Join user experience program.
Whatever it may be, the data collection is done without the users’ permission. Many companies collect user data to improve their products. The problem in the case of OnePlus is they never asked for it. At least, if there were some option to opt-in for the user experience program, the situation would have been better, if not worse.
Comments
Post a Comment