OnePlus privacy shock: So, the cool Chinese smartphones slurp an alarming amount of data
Are we shocked? *Cough* Google, Apple *Cough*
OnePlus mobiles are phoning home rather detailed information about handsets without any obvious permission or warnings, setting off another debate about what information our smartphones are emitting.
Software engineer Christopher Moore discovered that the information collected included the phone's International Mobile Equipment Identity, phone numbers, MAC addresses, and mobile network among other things. Moore further found that his OnePlus 2 was sending information about when he opened and closed applications or unlocked his phone to a domain at net.oneplus.odm.
MAC randomization: A massive failure that leaves iPhones, Android mobes open to trackingREAD MORE
OnePlus, for the uninitiated, is a Chinese smartphone manufacturer that specialises in developing and marketing Android phones, recently launching a higher-end model. Its earlier models gained a lot of cachet from their by-invitation-only status.
Responding to queries from The Register, OnePlus offered a statement explaining that it was collecting "analytics" not shared with third parties:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' > 'Advanced' > 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.
The code responsible for this data collection is part of the OnePlus Device Manager and the OnePlus Device Manager Provider.
Privacy-focused users have the option of stopping these data collecting system services every time they boot the phone or removing these via ADB (Android Debug Bridge utility), a process that wouldn't require an initial rooting of the device.
Apple dodges data privacy sueball: Fanbois didn't RTFM*, says judgeREAD MORE
Moore first published his findings months ago, but the issue touched off a public debate this week on the Android subreddit. ®
Sponsored: Becoming a Pragmatic Security Leader