Business

OnePlus has been collecting very specific usage data

Chris D Moore has released a comprehensive post that details his own discoveries. First of all, this was all demonstrated with Moores OnePlus 2. So we dont currently know if the same thing is occurring in the more current OnePlus 3T or OnePlus 5 models. Im sure well find out soon. (Update: the statement below pretty much affirms that all OnePlus models are collecting usage data)

Moore first discovered this when he set up a security tool on his OnePlus 2, but to his surprise, the tool found traffic requests to open.oneplus.net, which directed traffic to a US-based Amazon AWS server.

Anyway, without getting too in depth, Moore found out more of what was being sent to this domain: IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phones serial number. He even discovered that time stamps were signaling when apps were opened and closed – stamped with the serial number of his device.

This is eerily too much information to be collecting, particularly when it can be traced back to a phones serial number.

Back in January, he asked OnePlus support how to disable the data collection, to which OnePlus gave unproductive answers like wiping the cache and performing a factory reset. Thats when another user on Twitter suggested he dig around on the OnePlus forums to see what he could find.

Hey @OnePlus_Support, it’s none of your business when I turn my screen on/off or unlock my phone – how do I turn this off? /cc:@troyhunt pic.twitter.com/VihaIDI6wP

Christopher Moore (@chrisdcmoore) January 13, 2017

After deeper investigation, the culprit responsible for data collection is a system app called OnePlus System Service. The app cant be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.

A better, more permanent alternative would be to run an adb command to disable the app. Jakub Czekanski gave the suggestion early this morning, which is likely what caused the post to regain traction. here’s the command: pm uninstall -k –user 0 net.oneplus.odm

@chrisdcmoore I’ve read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k –user 0 pkg

Jakub Czekański (@JaCzekanski) October 10, 2017

OnePlus did give a statement regarding the information collected to which is had the following to say:

We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to Settings -> Advanced -> Join user experience program. The second stream is device information, which we collect to provide better after-sales support.

Granted, were sure OnePlus isnt the only company collecting usage information. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what purpose (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation.

Source | Via 1 | Via 2