akshayprabhu
Member
- Joined
- 23 Dec 2016
- Messages
- 440
- Reaction score
- 249
OnePlus has been discovered collecting massive amounts of analytics data from phone owners. The collected data includes IMEI numbers, MAC addresses, mobile network names and IMSI prefixes, serial numbers, and more. Christopher Moore, a software engineer, made a post on his personal blog showing his discoveries. During a Hack Challenge, Moore began proxying the internet traffic from his OnePlus 2. Among the usual network activity, he noticed a large amount of requests to open.oneplus.net.
Through deeper inspection, he found the domain name to be an Amazon AWS instance owned by OnePlus. I'll save you the technical jargon, but essentially, he could see his phone sending data frequently to the open.oneplus.net server over HTTPS. He was able to decrypt the data (using the authentication key on the phone) which revealed that his OP2 was sending time-stamped information about locks, unlocks, and unexpected reboots.
More details: OnePlus OxygenOS built-in analytics
Through deeper inspection, he found the domain name to be an Amazon AWS instance owned by OnePlus. I'll save you the technical jargon, but essentially, he could see his phone sending data frequently to the open.oneplus.net server over HTTPS. He was able to decrypt the data (using the authentication key on the phone) which revealed that his OP2 was sending time-stamped information about locks, unlocks, and unexpected reboots.
More details: OnePlus OxygenOS built-in analytics