OnePlus devices are, by and large, things of beauty. The Shenzen-based company produces smartphones that hew extremely closely to a stock Android build, but without the exorbitant price tags of their Google Nexus or Pixel counterparts. But there’s only one problem: OnePlus phones may be invading your privacy by sending revealing data back to Chinese servers, and while there's a fix, it may be daunting for users who aren't technically skilled.
OnePlus spotted storing the privacy:
This information comes from Chris Moore, an engineer for Redgate, a Cambridge, England-based software developer. Moore was testing his OnePlus 2 phone for unrelated security research when he found something interesting: His phone was directing traffic back to a domain called “open.oneplus.net.”
A little bit of additional digging revealed that the server was one of OnePlus’s own. (While Moore tested this on a OnePlus 2 phone, other users have replicated it on a OnePlus 3; it likely affects a variety of phones from the manufacturer running the company's OxygenOS fork of Android.)
How to Stop OnePlus Data Collection:
If you want a surefire way of preventing your OnePlus phone from sharing plain-text data with its parent company, you’ll have to do a bit of Android programming legwork — but you won’t have to root your phone, as Moore initially thought you might.
If this is your first time using ADB, there will be some trial-and-error as you ensure everything is configured correctly, but if you follow the instructions on the ADB website, you should be good to go. Then, simply copy, paste and execute the following commands from the Hacker News forum, which will uninstall the OnePlus trackers manually:
What informations does OnePlus hack from your smartphone?
OnePlus server would periodically collect data about his phone, including the IMEI and IMSI (the handset and SIM card unique identifiers, respectively), the phone number, MAC addresses (unique identifiers for network ports), mobile network names and wireless network names. These are all potential security and privacy risks, but they're also the kind of thing that phone makers regularly collect in case they need to remotely troubleshoot problems with a handset.
To be fair, as long as this data stays with OnePlus, there’s no risk to the end user. What’s unsettling, however, is that Moore discovered that the data was not anonymized at all. A malicious actor who got his or her hand on the data could easily see everything about a user's smartphone usage (assuming that OnePlus does not implement additional security protocols after it collects the data, that is).
More information will probably come out over the next few days, as security researchers attempt OnePlus’s fix for themselves and see how it affects data transmission. In the meantime, you might want to run the ADB script. OnePlus is almost certainly not going to do anything nefarious with your data, but as we’ve seen before, no manufacturer’s security is ironclad.