OnePlus has been collecting very specific usage data
Chris D Moore has released a comprehensive post that details
his own discoveries. First of all, this was all demonstrated with
Moore’s OnePlus 2. So we don’t currently know if the same thing is
occurring in the more current OnePlus 3T or OnePlus 5 models. I’m sure
we’ll find out soon. (Update: the statement below pretty much affirms
that all OnePlus models are collecting usage data)
Moore first discovered this when he set up a security tool on his OnePlus 2, but to his surprise, the tool found traffic requests to open.oneplus.net, which directed traffic to a US-based Amazon AWS server.
Anyway, without getting too in depth, Moore found out more of what was being sent to this domain: IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phone’s serial number. He even discovered that time stamps were signaling when apps were opened and closed - stamped with the serial number of his device.
This is eerily too much information to be collecting, particularly when it can be traced back to a phone’s serial number.
Back in January, he asked OnePlus support how to disable the data collection, to which OnePlus gave unproductive answers like wiping the cache and performing a factory reset. That’s when another user on Twitter suggested he dig around on the OnePlus forums to see what he could find.
After deeper investigation, the culprit responsible for data collection is a system app called “OnePlus System Service”. The app can’t be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.
A better, more permanent alternative would be to run an adb command to disable the app. Jakub Czekanski gave the suggestion early this morning, which is likely what caused the post to regain traction. here's the command: pm uninstall -k --user 0 net.oneplus.odm
OnePlus did give a statement regarding the information collected to which is had the following to say:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
Granted, we’re sure OnePlus isn’t the only company collecting usage information. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what purpose (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation.
Source | Via 1 | Via 2
Moore first discovered this when he set up a security tool on his OnePlus 2, but to his surprise, the tool found traffic requests to open.oneplus.net, which directed traffic to a US-based Amazon AWS server.
Anyway, without getting too in depth, Moore found out more of what was being sent to this domain: IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phone’s serial number. He even discovered that time stamps were signaling when apps were opened and closed - stamped with the serial number of his device.
This is eerily too much information to be collecting, particularly when it can be traced back to a phone’s serial number.
Back in January, he asked OnePlus support how to disable the data collection, to which OnePlus gave unproductive answers like wiping the cache and performing a factory reset. That’s when another user on Twitter suggested he dig around on the OnePlus forums to see what he could find.
After deeper investigation, the culprit responsible for data collection is a system app called “OnePlus System Service”. The app can’t be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.
A better, more permanent alternative would be to run an adb command to disable the app. Jakub Czekanski gave the suggestion early this morning, which is likely what caused the post to regain traction. here's the command: pm uninstall -k --user 0 net.oneplus.odm
OnePlus did give a statement regarding the information collected to which is had the following to say:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
Granted, we’re sure OnePlus isn’t the only company collecting usage information. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what purpose (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation.
Source | Via 1 | Via 2
Comments
Post a Comment
Kindly Comment Only related to Post