OnePlus is collecting user data without permission
A Twitter user, Chris D Moore has tweeted a comprehensive report in which it is confirmed that OnePlus has been collecting user data without even asking them and that is totally not OK.
The data collection was found on OnePlus 2 first of all but later it was found that all of the OnePlus models are sending user data to the company including the newer OnePlus 5 and OnePlus 3T. The phones are collecting data and sending them to open.oneplus.net which is hosted on US-based Amazon AWS server owned by OnePlus.
Moore was able to decrypt the data using the authentication key on the phone and through deeper inspection, he found out which data is being sent to OnePlus. The company is collecting IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phone’s serial number. Moreover, it is collecting the data about unexpected reboots of devices. It is even collecting the time stamps of when the screen was locked and unlocked and even when the apps are opened and closed. That is too much of data to collect from users and company can always track it back to phone’s serial number.
Users even asked OnePlus about how they can disable the collection of data about which the company gave unproductive answers like wiping cache and restarting the phone.
Here is the Tweet from Moore:
— Christopher Moore (@chrisdcmoore) January 13, 2017
The app which collects data is a system service called “OnePlus System Service”. The app can be disabled manually by going to the app list. But you have to disable it everytime you restart your phone.
OnePlus had a statement to give about this scenario:
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ → ‘Advanced’ → ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
What are your views on this scenario?