OnePlus, the famed Chinese smartphone manufacturer faced backlash after it was revealed that the company is collecting user data without permission, back in October last year. At the time, the company explained that it was using that data to improve its product and services, with the announcement of the update that will give users an option to control this unwanted feature called user’s experience program. For now, a new report has surfaced which claims that a OnePlus app (factory installed) can collect data from the phone and send it to servers in China without user’s knowledge or consent.
According to a French researcher who appeared on Twitter, by the name Elliot Alderson, OnePlus is collecting user’s data without permission through an app. The data was being sent to a popular Chinese company called TeddyMobile, which has already been working with Oppo mobile.
The file that is involved in sending users’ data is dubbed to be a “Badword.txt” which comprises of various keywords, including “Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email,” and such others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in “in an obfuscated package which seems to be an #Android library from teddymobile.”
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile
— Elliot Alderson (@fs0c131y) January 25, 2018
Meanwhile, the Chinese company is also facing another problem as the credit card info of 40,000 customers may have been stolen, and OnePlus has confirmed the earlier hack attack on its website.