OnePlus Collect Unauthorized Customer Data

Analytic data can help software developers know what features users use the most, bugs they have to fix, or set their target customers. No wonder if OnePlus collects user data. However, they do not collect data anonymously. In addition, they also do not ask permission to the user first. Data collected such as IMEI number, MAC address, mobile network name, serial number, and so forth.

Christopher Moore, a software developer has revealed his findings related to data collection practices conducted by OnePlus. In Hack Challenge, Moore uses OWASP ZAP to view internet traffic from his OnePlus 2 phone. From this data, he is aware of traffic to in large numbers.

When he investigates further, he discovers that the domain name goes to the Amazon AWS server under OnePlus. He also later learned that his cell phone continuously sends data to the server via HTTPS.

He successfully decrypted the data using an authentication key on his phone and found that his OnePlus 2 sent information, such as when the phone rebooted unexpectedly, also when the phone locked and unlocked.

Collecting reboot-related data does make sense it will help developers to fix bugs. However, as mentioned by Moore in the blog, recording how many times the user locks the phone and unlocks the phone is overkill.

Not only that he found that his cell phone also send information such as IMEI number, mobile number, MAC address, mobile network name, WiFi information and phone serial number. All this data is sent each user opens an app.

When asked for comments related to this, OnePlus said, "We send analytical data, divided into 2 types, securely via HTTPS to Amazon servers.The first type is the usage analytics, which we collect to fix our software according to user habits.

"Transmission of this usage activity can be turned off through Settings -> Advanced -> Join user experience program." While the second type is device information, we gather to provide better after-sales support. "

Read Also: