OnePlus Said to Be Collecting Unanonymised User Data, Company Responds
OnePlus seems to have landed in a new soup, as the company is being accused of collecting unanonymised analytics data from its users. A security researcher discovered that his OnePlus 2 was sending specific user patterns to a company server without prior user permission. The company without wasting much time responded claiming that it is collecting data to improve its service, and also added that majority of data transmission can be switched off.
According to Christopher Moore, who spotted the transmission, the Chinese company was collecting details such as phone number, IMEI number, mobile serial number, MAC address, mobile network names, and battery status more. In a blog, Moore explained that OnePlus was collecting timestamped details such as when the user locked the device, and unlocked it as well as the abnormal reboot.
“They’re collecting timestamped metrics on certain events, some of which I understand – from a development point of view, wanting to know about abnormal reboots seems legitimate – but the screen on/off and unlock activities feel excessive. At least these are anonymised, right? Well, not really – taking a closer look at the ID field, it seems familiar; this is my phone’s serial number,” he added in the blog.
After further in-depth research, Moore noticed that the company was also collecting details such as which app the user opened and when the user launched or closed an app.
The OnePlus team responded to the data collection claims, and told Android Police, “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
A Twitter user, Jakub Czekanski, said that the data transmission can be “permanently disabled.” Notably, Moore before putting out all the information did contact OnePlus Support team back in January with the concern on which OnePlus was unable to give a permanent fix. There are speculations that OxygenOS, the company’s custom version running on top of Android, could have a certain plug-in to enable the transmission but we will have to wait for a fix from the company side.
While the company may have not given a proper response to how stop all transmission, Czekanski’s fix enables the transmission to be stopped via ADB tool with USB debugging enabled. There’s a chance it could also affect the phone’s functionality, thus users are advised to go ahead at their own risk.