If you own a smartphone made by Chinese manufacturer OnePlus, you can thank security researcher Chris Moore for making a discovery that the manufacturer wasn’t going to tell you about.
It turns out that OnePlus phones running the OxygenOS are recording a disturbing amount of user data and sending it back to a company server. The data being collected on users include, but are not limited to:
• Any time the user locks or unlocks the phone
• Any time the user launches, uses or closes an app
• Which WiFi networks the device connects to
• The phone’s IMEI
• The phone number tied to the phone
• Mobile network names
All of this makes it very easy for the company to personally identify users.
When Moore was conducting his tests, he noted that the phone sent more than 16MB of data back to the server in a span of just ten hours. If you’re on a data plan with tight limits, that could max out your usage in no time.
The company issued a response to the findings, confirming that it does indeed transmit analytic data to an Amazon server in two distinct streams, one designed to help them fine-tune their software and the second for sale support, but insists that nothing nefarious is going on. They further stress that users can turn off some of the data collection by going into Settings > Advanced, and then deselecting the option to “Join The User Experience Program” which is set to active by default.
Unfortunately, this only deactivates the first of the two data streams. It is apparently impossible to deactivate the second.
The company’s official explanation seems a bit thin, but unfortunately, there’s little to be done. While you can limit the amount of data collected on you, at this time, there’s no way to stop it completely. Keep this in mind if you use a OnePlus phone.