Update (October 16, 13:30 pm IST): The company later reach out to their forum (via The Verge) and gave further explanation on the privacy matter. OnePlus emphasized on the fact that they never “shared this information with outside parties.”
Now, taking their defense to the next level, OnePlus has promised to make the data collection process more visible.
“By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics,” the company said.
“In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.”The recent news might make you loose trust on your beloved OnePlus device. Apparently, its makers have been sucking up personal information and other device-related data without the user knowing.
The issue was first noticed by a UK-based security researcher named Chris Moore. He accidentally discovered an unfamiliar domain (open.oneplus.net) while he was busy with the SANS Holiday Hack Challenge.
Moore has described the data collection in his blog post; the data was being transferred to an Amazon AWS instance from his OnePlus 2 device.
The data collected by the OnePlus device includes IMEI, serial number, MAC address, IMSI prefix, phone number, wireless ESSID., and more. It also monitors usage habits, such as, which apps are opened or closed, for how long they are used, etc.
With that much amount of data, it would be easy to connect the dots to an individual user. However, the “feature” can be disabled permanently via adb, according to a Twitter user Jakub Czekański.
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k –user 0 pkg
— Jakub Czekański (@JaCzekanski) October 10, 2017
In their defense, OnePlus said the data collection happens over secure connections. It’s used to fine-tune their software for better user experience and to improve their “after-sales support.” It can be turned off by visiting Settings > Advanced > Join user experience program.
Whatever it may be, the data collection is done without the users’ permission. Many companies collect user data to improve their products. The problem in the case of OnePlus is they never asked for it. At least, if there were some option to opt-in for the user experience program, the situation would have been better, if not worse.