Published: Wed, October 11, 2017
Research | By Jo Caldwell

How to Prevent OnePlus Phones from Collecting User Information Without Knowledge

How to Prevent OnePlus Phones from Collecting User Information Without Knowledge

OxygenOS, the customized version of Android used by OnePlus on its smartphones, has been found to be collecting data about users - and it's not anonymized. He accidentally discovered an unfamiliar domain (open.oneplus.net) while he was busy with the SANS Holiday Hack Challenge. In doing so, he noticed that his phone was connected to a OnePlus domain and transmitting incredibly detailed - and often very revealing - data back to the company.

This is a key app which collects and transmits the data to OnePlus' servers. The company without wasting much time responded claiming that it is collecting data to improve its service, and also added that majority of data transmission can be switched off.

He continued: "One alternative would be to stop the service every time you boot your phone (assuming it doesn't get periodically restarted) or using an app to achieve the same effect, or perhaps prevent communication with open.oneplus.net somehow".

He discovered that the data being sent to OnePlus' servers included the phone's IMEI number, the phone number, MAC addresses, mobile network names and IMSI prefixes, info on Wi-Fi connection and the phone's serial number.

That a phone collects certain information about usage is not particularly unusual - it helps to identify problems and speed up software development.

"These event data contain timestamps of which activities were fired up in which applications, again stamped with the phone's serial number", Moore explained on his website.

Though Moore contacted the company regarding the privacy issue earlier this year, he was taken through the troubleshooting suggestions and the communication was terminated completely.

Android Authority was able to speak to a OnePlus representative about this issue, but received an unsatisfactory response. OnePlus seems to have been caught because it has not been using users' permission. This transmission of usage activity can be turned off by navigating to ‘Settings - ‘Advanced - ‘Join user experience program.

The code that's responsible for collecting users' private data is part of the OnePlus Device Manager and OnePlus Device Manager Provider. Even if that's the case, there's actually a way to permanently block this intrusive form of data collection. So you just hook your phone to the PC, and run the following adb command: pm uninstall -k -user 0 pkg.

The company who managed to anger and frustrate so many users precisely due to its lack of after-sales support is trying to justify its unauthorized data collection on the grounds that it's for after-sales support.

Like this: