(FinancialPress) — Popular chinese phone manufacturer OnePlus finds itself under heavy scrutiny due to security concerns. A blog post by Chris Moore, a security researcher, demonstrates how their OxygenOS records and transmits data pertaining to user‘s usage habits in a way that makes it easy to correlate with the individuals who operate the devices. The blog entry was originally posted back in January, but has recently experienced newfound attention.
While the information logged – which includes locking and unlocking habits, apps opening, usage and closing, and wi-fi networks joined – seems pretty standard, it has a problematic tone to it, as all information is transmitted along with the phone‘s IMEI and phone numbers, as well as the name of the network being used. This makes it extremely easy to correlate to individual device owners.
Moore further states that the code responsible for the data collection for this is part of the OnePlus Device Manager and OnePlus Device Manager Provider. In Moore‘s case, the phone had transmitted 16mb of data over the course of 10 hours logged.
While the HTTPS protocol used to transmit the data ensures its safety (as long as you‘re in a secure network), users were left wondering what it is that the company is doing with the data collected. OnePlus, on its part, released the following explanation:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
OxygenOS is the only operating system that is actively collecting data, so users with custom AOSP-based ROMs installed, such as LineageOS, are safe from the data-mining.
You can read Moore‘s entire blog post here.