OnePlus Found Collecting Identifiable Analytics Data From Its Users

James Marshall
October 13, 2017

If you haven't rooted your phone ever, we will recommend proceeding with a lot of caution. Unfortunately, the company's words didn't really inspire confidence.

OnePlus has become the latest smartphone maker to be accused of "slurping" excessive amounts of users' personal data, without seeking their consent. Twitter user Jakub Czekański explained how to block the transmissions using ADB with USB debugging enabled on the device, but this could cause other problems.

Chris Moore, the owner of a security and technology blog, published an article in January proving that OnePlus has been collecting private data from users, such as the phone's International Mobile Equipment Identity (IMEI) number, serial number, cellular number, MAC address, mobile network name, International Mobile Subscriber Identity (IMSI) prefix and wireless connection service set identifiers (SSIDs). He came across this unfamiliar domain while completing the SANS Holiday Hack Challenge, which he chose to investigate further. The company who successfully managed to anger and frustrate many of its users due to lack of after-sales support is now trying to justify its secret data collection because it is for after-sales support.

Upon decoding the data, Moore found his device was sending timestamp details of certain events to the server, such as when specific apps were opened and closed, when the screen was on, locks and unlocks, and charging times.

Although this information might not be anything new, especially for the current generation of smartphones, what made it more alarming to fans was the fact that it also harvests that phone's IMEI, number, mobile network names, all of which makes it easy to attach a single user to a OnePlus device.

@chrisdcmoore I've read your article about OnePlus Analytics.

In a statement provided to Android Police, OnePlus said, "We securely transmit analytics in two different streams over HTTPS to an Amazon server".

He added he later found a few other mentions about the issue on Reddit and OnePlus' online user forums, but was unable to find a way to permanently disable such data collection on his phone. Its failure to provide adequate device support has brought down the brand with heavy criticism from its users in the past year or two.

After a brief meeting with a representative from the company, a satisfactory explanation wasn't obtained as to why the company does not merely allow the users to opt to share their data to help future updates. This transmission of usage activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program". While providing justification for the unauthorized data collection as a means of fine-tuning its software and gathering after-sales information, the company confirmed that this part of the phone can't be completely disabled.

Other reports by Click Lancashire

Discuss This Article