OnePlus One, OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 caught spying on users!!! How to disable the OnePlus spying tool
- 1 OnePlus One, OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 caught spying on users!!! How to disable the OnePlus spying tool
- 2 OnePlus’ reply to the spying concerns
- 3 How to turn of the OnePlus spying tool in your OnePlus One, OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5
If you own either OnePlus One, OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5 from the house of Shenzhen based Chinese smartphone manufacturer OnePlus, chances are it is spying on you. Dubbed as the best smartphone makers, the OnePlus guys have been snooping on you and the funny thing is that the data is not kept anonymous or secret.
Security researcher Christopher Moore found this out when he chanced upon an unknown domain – open.oneplus.net. It is well known that almost all Chinese handset makers including Xioami have some sort of tracking and snooping apps installed on their smartphones. The frustrating thing for such users is that these apps are installed at the root level and can be removed only by rooting/flashing the handset. However, OnePlus smartphones were thought to be snoop proof and user-friendly.
Not so anymore as Christopher Moore’s blog points out. He set out to test his OnePlus 2 and chanced upon the domain open.oneplus.net which intrigued him. He was taking part in the SANS Holiday Hack Challenge 2016, when he had to proxy internet traffic using his smartphone – a OnePlus 2 using the hacking tool
OWASP ZAP is used by hackers and security researchers to break into or exploit web applications. Using OWASP ZAP he discovered that his OnePlus 2 sent HTTPS requests to a domain called open.oneplus.net. He decided to explore further and found that the domain contained his tracking data.
After decrypting the data, he found that his OnePlus 2’s OxygenOS operating system’s analytics is sending user data regularly to the OnePlus’s AWS servers. On further analysis, he realized that OnePlus was collecting User’ phone number, MAC addresses, IMEI and IMSI code, Mobile network(s) names, Wireless network ESSID and BSSID, Device serial number,
Heck, he found out that OnePlus was even collecting the time he locks and unlocks his OnePlus 2. The domain contained entries of Timestamp when a user locks or unlocks the device, Timestamp when a user opens and closes an application on his phone, Timestamp when a user turns his phone screen on or off.
While such data-gathering normal and is used by smartphone makers to either improve their products or sell it to marketers who then send ads based on your usage. But most of this is done confidentially. OnePlus is spying on you in open and the problem lies with the lack of anonymity. OnePlus is transferring this info along with your phone’s serial number, meaning that your activity is personally identifiable.
For example, the domain also had your phone’s serial number, meaning personally identifiable information was public and could be misused by spammers, cybercriminals, and even terrorists.
OnePlus’ reply to the spying concerns
OnePlus agreed to Chris’ findings and said that it collects two “streams” of data. The first is termed “usage analytics,” which helps it to improve its software. It also adds that this type of data-sharing can be turned off by going into settings, selecting “advanced,” and turning off “join user experience program.”
The second stream is collected better after-sales support according to OnePlus. OnePlus doesn’t say how collecting someone’s PII could help it offer better service to its customers. Nor did it elaborate on why this data is lying in open domain which can be seen and misused by anybody. It also did not give information about how it intended to stop such personal identifiable information (PII) being misused.
How to turn of the OnePlus spying tool in your OnePlus One, OnePlus 2, OnePlus 3, OnePlus 3T and OnePlus 5
The first stream of snooping or data mining as OnePlus calls it, can be turned off by using this method.
- Go to Settings
- Go to Advanced’ (You can use the search option to find this setting or join user experience program setting)
- ‘Join user experience program’. You will find this option enabled by default.
- Disable this option
For stopping OnePlus from completely spying on your activities and accessing your personal identifiable information (PII) you need to a little bit geeky. You need to know how to use ADB. Using the adb, OnePlus spying can be disabled permanently.
Connect your device to your PC/laptop and run the adb service. Just type in the following command :
pm uninstall -k –user 0 pkg
You can also do well to disable OneplusAnalyticsJobService from the Apps. You can uninstall it unless it is rooted and it will restart once you restart your OnePlus smartphone.
However, collecting such information without notifying the consumer is a criminal offense. Earlier, there have been reports on OnePlus manipulating benchmarks and incorrect mounting displays but this OnePlus spying on your daily affairs is a serious offence.