OnePlus" Secretly Spying On User & How to Disable It
"OnePlus" Secretly Spying On User & How to Disable It
Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires.
A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing that OxygenOS built-in analytics is regularly sending users' telemetry data to OnePlus' servers.
Collecting basic telemetry device data is a usual practice that every software maker and device manufacturers do to identify, analyse and fix software issues and help improve the quality of their products, but OnePlus found collecting user identification information as well.
Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included:
- User’ phone number
- MAC addresses
- IMEI and IMSI code
- Mobile network(s) names
- Wireless network ESSID and BSSID
- Device serial number
- Timestamp when a user locks or unlocks the device
- Timestamp when a user opens and closes an application on his phone
- Timestamp when a user turns his phone screen on or off
- It is clear that above information is enough to identify any OnePlus user.
This same issue was also publicly reported to OnePlus in July last year by another security researcher and software engineer, who goes by the online moniker "Tux," but the problem got ignored by OnePlus as well as others.
Moore also reported this issue to OnePlus support, but the team did not provide any solution to address it, while OnePlus did not yet respond.
However, the good news is that Jakub Czekański, an Android developer, today introduced a permanent solution to disable telemetry tracking practice even without rooting your smartphone.
You can directly connect your OnePlus device in USB debugging mode to a computer, open adb shell and enter this command — pm uninstall -k --user 0 net.oneplus.odm — in order to get rid of OnePlus' excess data collecting practice.
Post a Comment