/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2017/06/gsmarena_001.jpg)
Chinese smartphone maker, OnePlus is being accused of collecting private user data and sending it to company’s server without their permission, according to a security researcher, Christopher Moore.
Moore recently published a blog revealing that OnePlus has been gathering his personal information and transmitting them without his permission. He noticed an unfamiliar domain while completing the SANS Holiday Hack Challenge and decided to further examine it. He found that the domain – open.oneplus.net – had essentially been collecting his private device and user data and transmitting them to an Amazon AWS instance, all without his permission.
While some of the data-gathering is standard practice, including how often you unlock your phone, the apps you open and use, and the Wi-Fi networks you connect to, the problem is the lack of anonymity. Apparently, OnePlus is transferring this info along with your phone's serial number, meaning that your activity is personally identifiable.
The data that OnePlus is accessing ranges from device information like the phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID to user data like reboot, charging, screen timestamps as well as application timestamps.
Though OnePlus admitted to the charge but said it does so for user support. "We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support."