OnePlus Android mobes' clipboard app caught phoning home to China
Sorry! that was a test feature for Chinese users, company claims
Update OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China.
Someone running the latest test version of OnePlus's Oreo-based operating system revealed in its support forums that unusual activity from the builtin clipboard manager had been detected by a firewall tool.
Upon closer inspection, the punter found that the app had been transmitting information to a block of IP addresses registered to Alibaba, the Chinese e-commerce and cloud hosting giant.
While extra logging and telemetry are to be expected from beta software – so that developers get an idea of any problems with their code prior to an official release – the fact that data was being siphoned off without warning from a clipboard manager raised eyebrows, leading some to fear their copy-paste actions were being snooped on and question the privacy protections on their OnePlus handsets.
OnePlus has yet to respond to our request for comment, although a rep told Android Police that this was a feature destined for handsets in China, and will be removed from, presumably, mobes outside the Middle Kingdom.
"Our OnePlus beta program is designed to test new features with a selection of our community. This particular feature was intended for HydrogenOS, our operating system for the China market," a OnePlus spokesperson was quoted as saying. "We will be updating our global OxygenOS beta to remove this feature."
This should not come as much of a shock to those who follow the China-based OnePlus. In October last year, researchers discovered that OnePlus handsets were collecting unusually detailed reports on user activities, although the manufacturer said at the time it was only hoarding the data for its internal analytics. One month later, it was discovered that some phones had apparently been shipped with a developer kit left active, resulting in the phones sporting a hidden backdoor.
And lest we forget, today's desktop and mobile operating systems are pretty gung-ho in phoning home information about their users, with Microsoft catching flak for Windows 10 telemetry in particular. ®
Updated to add on January 15
OnePlus has been in touch with the following statement:
We apologize to our beta test users, for the confusion over an experimental HydrogenOS feature appearing in the global OxygenOS beta, which is being updated to remove it. The experimental HydrogenOS feature is designed specifically for the Chinese market, where a unique competitive situation between two major web service providers has led to some ecommerce weblinks being blocked. A workaround developed by one of the parties involved sending a token so that link sharing would function fully. We were testing a similar feature in the HydrogenOS beta.
Sponsored: Becoming a Pragmatic Security Leader