It looks like Chinese smartphone maker, OnePlus is collecting a host of device-level and personal data from users and transmitting it to a server. UK-based security and tech blogger, Christopher Moore found that his OnePlus 2 is collecting private device-level data such as the phone’s IMEI number, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID, as well as personal user data such as reboot, charging, screen and application timestamps. This was first reported by AndroidAuthority. The domain (open.oneplus.net) that is responsible for the data collection is in the OnePlus Device Manager and OnePlus Device Manager Provider. Moore discovered this while completing the SANS Holiday Hack Challenge 2016: Whilst completing the SANS Holiday Hack Challenge 2016, I had cause to proxy the internet traffic from my phone, a OnePlus 2, through OWASP ZAP, a security tool for attacking web applications. Amidst the traffic, I noticed requests to a domain which I’d not seen before, open.oneplus.net, and decided to examine them a little closer. What does OnePlus gain by accessing, say for example, application timestamps from your phone? From this data we can see that on Tuesday, 10th Jan 2017, I had Slack open between 20:25:40 UTC and 20:25:52 UTC, and the Microsoft Outlook app open between 21:38:41 UTC and 21:38:53 UTC, to take just two examples, again stamped with my phone’s serial number. A Twitter user believes this can be permanently disabled. Read the thread for more information about how to get it done. @chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm…
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...