OnePlus is collecting your private data without permission
OnePlus is mainly known as the little upstart that took on the big guns with the help of its solid, yet affordable, handsets. But, its in-house version of Android, dubbed OxygenOS, is once again threatening to dent its hard-fought for credibility. The problem lies with the company’s approach to data-sharing, which is problematic (to say the least). As security researcher Chris Moore has repeatedly pointed out, the manufacturer’s OxygenOS-based devices not only gather a ton of user data, but they also tie this info to individual devices, and user accounts in particular.
Some of the data-gathering is pretty standard fare, including how often you unlock your phone, the apps you open and use, and the Wi-Fi networks you connect to. The problem lies with the lack of anonymity. It turns out, OnePlus is transferring this info along with your phone’s serial number, meaning that your activity is personally identifiable.
As part of its response to the controversy, the company revealed it collects two “streams” of data (you can read its statement in full below). The first is termed “usage analytics,” which helps it to improve its software. It also adds that this type of data-sharing can be turned off by going into settings, selecting “advanced,” and turning off “join user experience program.” The same doesn’t apply to the second stream, pertaining to device info.
OnePlus’ behavior isn’t exactly out of the ordinary, but the real issue lies with the way it’s conducting its data collection. The company isn’t explcitly asking for user permission to amass this type of info, and we’d wager that not all of its customers are aware of the type of data they’re offering up. We reached out to OnePlus, but didn’t immediately receive a response.
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
Source: Chris’s Security and Tech Blog