This article is more than 1 year old

OnePlus privacy shock: So, the cool Chinese smartphones slurp an alarming amount of data

Are we shocked? *Cough* Google, Apple *Cough*

OnePlus mobiles are phoning home rather detailed information about handsets without any obvious permission or warnings, setting off another debate about what information our smartphones are emitting.

Software engineer Christopher Moore discovered that the information collected included the phone's International Mobile Equipment Identity, phone numbers, MAC addresses, and mobile network among other things. Moore further found that his OnePlus 2 was sending information about when he opened and closed applications or unlocked his phone to a domain at net.oneplus.odm.

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

READ MORE

OnePlus, for the uninitiated, is a Chinese smartphone manufacturer that specialises in developing and marketing Android phones, recently launching a higher-end model. Its earlier models gained a lot of cachet from their by-invitation-only status.

Responding to queries from The Register, OnePlus offered a statement explaining that it was collecting "analytics" not shared with third parties:

We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' > 'Advanced' > 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.

The code responsible for this data collection is part of the OnePlus Device Manager and the OnePlus Device Manager Provider.

Privacy-focused users have the option of stopping these data collecting system services every time they boot the phone or removing these via ADB (Android Debug Bridge utility), a process that wouldn't require an initial rooting of the device.

Apple dodges data privacy sueball: Fanbois didn't RTFM*, says judge

READ MORE

But OnePlus is not alone in this kind of thing. Google collects hardware model, operating system version, unique device identifiers, and mobile network information (including phone number). The Chocolate Factory may associate your device identifiers or phone number with your Google Account. It also logs metadata on calls and SMS messages as well as device event information such as crashes and system activity, as explained in its privacy policy.

Apple, meanwhile, has successfully fought off several privacy lawsuits. According to a 2011 complaint, it had been continuing to send Wi-Fi hotspot and mobile tower data even after location services had been switched off, a "bug" which Apple fixed in the 4.3.3 version of iOS early that same year. But the suit was dismissed after the users failed to convince a judge they knew about Apple's privacy policies before they bought their iPhones. (We recommend a browse of "What personal information we collect" in its Privacy Policy for the RTFM crowd.)

Moore first published his findings months ago, but the issue touched off a public debate this week on the Android subreddit. ®

More about

TIP US OFF

Send us news


Other stories you might like