If you are a OnePlus mobile owner. Read this privacy issue.
Earlier this month, software engineer Christopher Moore discovered that Shenzen, China-based phone manufacturer OnePlus was secretly collecting a trove of data about users without their consent and communicating it to company servers. Moore had routed his OnePlus 2's internet traffic through security tool OWASP ZAP for a holiday hack challenge, but noticed his device was regularly transmitting large amounts of data to a server at open.oneplus.net.
According to Moore’s analysis, captured information included his phone’s IMEI and serial number, phone numbers, MAC addresses, mobile network names and IMSI prefixes, and wireless network data. OnePlus was also collecting data on when its users were opening applications and what they were doing in those apps, including Outlook and Slack. With the cat out of the bag, OnePlus admitted to the non-consensual snooping in a post to its customer service forum on Friday, but said the intent of the program was improving user experience on its OxygenOS software.
“The reason we collect some device information is to better provide after-sales support,” OnePlus wrote. “If you opt out of the user experience program, your usage analytics will not be tied to your device information.”
“We’d like to emphasize that at no point have we shared this information with outside parties,” the company added. “The analytics we’re discussing in this post, which we only look at in aggregate, are collected with the intention of improving our product and service offerings.”
According to OnePlus, it will also stop collecting “telephone numbers, MAC Addresses and WiFi information,” and by the end of October, the company will clearly prompt all users on how and why it collects data and provide users with an option to not participate in its “user experience program.”
Multiple users responded by saying their concerns were not resolved, as some of the data collected—like telephone numbers and wireless network information—was of limited use from a support perspective and instead could have been mined for its value to marketers.