The Shenzhen based Chinese smartphone manufacturer OnePlus, has been found guilty for secretly collecting user data and sending it to their personal servers. Although this doesn’t sound like a big deal, as every other smartphone company does the same. However, the reason for OnePlus’ notriery is they’re collecting much more user data than required, which gave way to more suspicions and inquiries.
This whole situation came to limelight when a security researcher named Christopher Moore posted a blog on his website. In his blog, he stated that while completing the SANS Holiday Hack Challenge 2016, he had to add a proxy while using the internet from his OnePlus 2 phone. This was done through OWASP ZAP, a security tool for hacking web applications. During the same process, he found a request from domain open.oneplus.net. Diving deeper he soon realised that OnePlus servers are trying to get way more information than required.
What Data Is Collected By OnePlus?
The data that OnePlus collects is far beyond simply tracking the user identity. Though it is a common practice followed by almost every smartphone company, the data is is only used for prepare for future updates on the device. However, the data which OnePlus is gathering is way more than what’s required for bug fixes and analysis. As per Mr. Moore, the data collected includes serial number of the device, mac address, name of mobile network used, IMEI number.
Apart from technical information, the device was also found sending general information such as when phone is locked and unlocked, when an app is opened and closed on the device and when the screen is turned on and off.
What Does OnePlus Have To Say?
In their official statement statement OnePlus admitted that they send the data in two different streams. One stream is used to improvise its software as per user behavior and other one is intended to provide better sales support. This information is sent securely via HTTPS to the Amazon servers, so it is totally confidential.
The company also states that user can anytime end this activity by going to Settings>Advanced>Join User Experience Program. However, they still didn’t really provide a solid reason why so much extra information is required. This complete scenario again raised a question mark on the legitimacy of the Chinese smartphone makers.