Personal Tech

OnePlus Android mobes' clipboard app caught phoning home to China

Sorry! that was a test feature for Chinese users, company claims

By Shaun Nichols in San Francisco

28 SHARE

UPDATE OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China.

Someone running the latest test version of OnePlus's Oreo-based operating system revealed in its support forums that unusual activity from the builtin clipboard manager had been detected by a firewall tool.

Upon closer inspection, the punter found that the app had been transmitting information to a block of IP addresses registered to Alibaba, the Chinese e-commerce and cloud hosting giant.

While extra logging and telemetry are to be expected from beta software – so that developers get an idea of any problems with their code prior to an official release – the fact that data was being siphoned off without warning from a clipboard manager raised eyebrows, leading some to fear their copy-paste actions were being snooped on and question the privacy protections on their OnePlus handsets.

OnePlus has yet to respond to our request for comment, although a rep told Android Police that this was a feature destined for handsets in China, and will be removed from, presumably, mobes outside the Middle Kingdom.

"Our OnePlus beta program is designed to test new features with a selection of our community. This particular feature was intended for HydrogenOS, our operating system for the China market," a OnePlus spokesperson was quoted as saying. "We will be updating our global OxygenOS beta to remove this feature."

Shock horror

This should not come as much of a shock to those who follow the China-based OnePlus. In October last year, researchers discovered that OnePlus handsets were collecting unusually detailed reports on user activities, although the manufacturer said at the time it was only hoarding the data for its internal analytics. One month later, it was discovered that some phones had apparently been shipped with a developer kit left active, resulting in the phones sporting a hidden backdoor.

And lest we forget, today's desktop and mobile operating systems are pretty gung-ho in phoning home information about their users, with Microsoft catching flak for Windows 10 telemetry in particular. ®

UPDATE, JAN 15th: OnePlus has been in touch with the following statement:

"We apologize to our beta test users, for the confusion over an experimental HydrogenOS feature appearing in the global OxygenOS beta, which is being updated to remove it. The experimental HydrogenOS feature is designed specifically for the Chinese market, where a unique competitive situation between two major web service providers has led to some ecommerce weblinks being blocked. A workaround developed by one of the parties involved sending a token so that link sharing would function fully. We were testing a similar feature in the HydrogenOS beta."

Sign up to our NewsletterGet IT in your inbox daily

28 Comments

More from The Register

China wins one, loses one in US trade spats

US loosens ZTE stranglehold, but China Mobile blocked from operating as virtual carrier

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

AppSec EU DARPA-funded white hat emits timeless advice

SoftBank sells off more than half of Arm China for a bargain $775.2m

Chinese investors welcome chip designs with open Arms

Evil third-party screens on smartphones are able to see all that you poke

Of course researchers added machine learning to the mix too

Europe turns nose up at new smartphones: Beancounters predict 7% sales drop

Punters wising up to expensive upgrade cycle

Baidu puts open source deep learning into smartphones

Computer vision, deep learning, and the camera in your phone

No way, RSA! Security conference's mobile app embarrassingly insecure

Sorry about the hard-coded passwords, can we sell you some crypto now?

Mobile point of sale gets a PCI security standard

Because crooks salivate when you punch a PIN into a smartmobe at a market stall

China-based hackers take an interest in Cambodia's elections

Group named 'TEMP.Periscope' releasing RATs says FireEye

Prez Donald Trump to save manufacturing jobs … in China, at ZTE

Sanctions for Chinese networks-and-smartmobe outfit one week, diplomacy the next