OxygenOS caught collecting users data without permission

OnePlus devices are taking data from their users and sending it to the company's private servers.
By Vicky Webb | Oct 13, 2017
OnePlus devices are taking sensitive personal data from its users and sending it to the company's servers.

This new report states that the company's OxygenOS may be tracking personally identifiable information, including IMEI numbers, MAC addresses, mobile network names, and the phone's serial number.

The accusation first came from blogger Chris Moore, who noticed a strange occurrence after installing a security tool that tracked the inflow and outflow of data from his phone. He found that, beyond the usual network activity, there were a large amount of requests toopen.oneplus.net. Upon further investigation, he discovered that site directedtraffic to a US-based Amazon AWS server.

Moore also noticed the device tracksthe locks and unlocks of the smartphone, both of which are stamped with the device's serial number.

Many users may not want such information sent across the web, but OnePlus has confirmed this feature is built into numerous models, including OnePlus 3T and OnePlus 5.

"We securely transmit analytics in two different streams over HTTPS to an Amazon server," the company explained in a statement, according to Business Today. "The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support."

The data collection has been sourced to a system application known as "OnePlus System Service." Though the data transmission cannot be turned off, it can be disabled every time someone turns on their phone. However, that is something people may not want to constantly deal with.

"These event data contain timestamps of which activities were fired up in which applications, again stamped with the phone's serial number," Moore explained, according to International Business Times. "I took to Twitter to ask OnePlus on Twitter how this could be turned off, which disappointingly led down the usual path of 'troubleshooting' suggestions, before being met with radio silence."

The company has not yet announced any plan to fix the tracking in future updates. Though OnePlus claims the feature helps them, there is no doubt people will want to know what their device is sharing about them.


Have something to say? Let us know in the comments section or send an email to the author. You can share ideas for stories by contacting us here.

Comments should take into account that readers may hold different opinions. With that in mind, please make sure comments are respectful, insightful, and remain focused on the article topic.