/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2017/05/Oneplus.jpg)
OnePlus smartphones have been quite popular thanks to their performance and affordability compared to other Android handsets. But recently, the Chinese company is struggling with privacy and security issues, including a recent admission that it was collecting user data on its corporate server without permission.
Mobile security researcher Robert Baptiste, who goes by the pseudonym Elliot Alderson (a nod to the main character in the Mr. Robot series) discovered that OnePlus smartphones have been apparently shipping for years with a hidden backdoor. It makes it easy for a clever hacker with physical access to root a OnePlus phone with just a few lines of code.
According to Alderson, OnePlus had accidentally left behind EngineerMode APK, an app which has been made by Qualcomm for device manufacturers to test hardware components. He claimed that the app is installed on some OnePlus devices though XDA-Developers points out that it comes pre-installed on OnePlus 3, OnePlus 3T, and OnePlus 5 smartphones.
Hey @OnePlus! I don't think this EngineerMode APK must be in an user build...🤦♂️
This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6— Elliot Alderson (@fs0c131y) November 13, 2017
The app can diagnose GPS, check the root status, perform a series of automated tests, and more. The developer found that by launching the 'DiagEnabled' activity found in the APK with a specified password, the device could actually be rooted.
For OnePlus 3, 3T, and 5 users, Alderson suggested checking apps list to find the EngineerMode app. "If you have a OnePlus device, I'm pretty sure you have this app pre-installed. To check open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the app list to check," the user wrote in a tweet. Another Twitter user pointed out that OnePlus One with CyanogenMod build doesn't come with any such app, though the smartphone's OxygenOS build does.
Carl Pei, co-founder of OnePlus, wrote on Twitter that the company is looking into the matter- "Thanks for the heads up, we're looking into it."
The Chinese company not long ago faced public backlash after a researcher discovered that OnePlus devices were collecting unanonymised user data without user consent.