OnePlus root ‘backdoor’: What it is, what it isn’t, and what you need to know
OnePlus needs to fix this (and quickly) but you don’t have much to worry about until they do.
You might have heard that OnePlus left a backdoor in the OnePlus 3, the OnePlus 3T, and OnePlus 5 that could be used to root a phone without unlocking the bootloader. If you’re the type of person who thinks this is great news, you already know where to look for instructions and downloads to play with it yourself. But if you’re not into all this sort of thing you probably have some questions, especially if you have a OnePlus phone yourself. As well you should, since there’s a good chance you have a lot of your personal information stored on your phone and would like to keep much of it private.
So let’s talk about what it is we’re seeing and everything you need to know about it.
The “Backdoor”
Backdoor is a great description of what’s going on because that really is what’s happening. There is a piece of software on the affected OnePlus phones that can be used to gain control of the system. But it was never meant to be there once the phone went up for sale.
Yes, there is an app on some OnePlus phones that has an admin function. And it shouldn’t be there.
The app in question comes from Qualcomm, which makes the SoC for all the OnePlus phones. It’s a special app (yes, it’s basically just an app) provided by Qualcomm that a company that makes phones using Qualcomm hardware can use to test features and functions of that Qualcomm hardware during development.
Qualcomm provides the app to every company who buys their hardware, though it’s tailored to the chipset version a good bit so it can be different from phone to phone. Normally, it is removed when the final shipping software is built and flashed on to retail phones, but sometimes it gets forgotten and left behind. That’s what happened here, and a fellow by the name of Elliot Alderson found it in a OnePlus device.
<Thread> Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…π€¦ββοΈThis app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6
β Elliot Alderson (@fs0c131y) November 13, 2017
As an aside, it’s also been found in one of the ASUS Zenfones, inside an MIUI ROM, in the Redmi 3S and the OnePlus 5T that doesn’t officially exist, but everyone already knows has been shown to at least a few people. So seeing it on a retail phone isn’t exactly unheard of.
An Android app is like a Zip file
You might already know this, but an Android .apk file is a compressed folder and can be opened with a program like 7 Zip, or even by changing the file extension to .zip and using a regular file browser. Alderson did just that to the engineering app he found, and that gave access to the components of the app including some compiled bytecode β the kind that’s pretty easy to decompile. And that’s what he did.
A few tools and the right pair of eyes is all it takes to see exactly how most Android apps work.
He found a couple functions of the app that were interesting from a security point of view. One specifically that would give a user admin privileges (root) through the Android Debug Bridge. You’ll find the decompiled source of the app here, but the method that’s causing all the fuss is labeled as “escalatedup” and you use it by calling it true or false, then providing a password.
If you can provide the right string for the password when you call the method, it sets the system properties “persist.sys.adbroot” and “oem.selinux.reload_policy” to true, which means you have a persistent root access through adb and can change the file system to physically root the device.
And the internet quickly ran with this, because it’s awesome and terrifying all at once. Awesome for people who want to root their OnePlus phone without unlocking the bootloader, and terrifying for people who see the word “backdoor” tied to their phone.
The password
Finding an encrypted password isn’t easy. But without that password, this app and the method that would grant root access doesn’t really do anything. After a bit of work over the weekend, Alderson and some other researchers found it. It’s “angela.”
With the password in hand, it was as easy as sending the right command and Alderson was then able to do anything he wanted, including adding the files necessary to permanently root the phone. Alderson says he will be releasing a tool so you can do this easily with your own OnePlus phone soon.
What does this mean for people who don’t want a rooted phone?
Luckily, not much. It uses ADB so it’s very unlikely someone can hack your phone without you knowing. But there is always a chance that someone will be able to exploit this remotely or through another app without you knowing. The fix is easy β OnePlus sends out an update right away that removes the factory engineering app. As in, do it right now.
Another question is why the app was left in the software and if there was any malicious intent behind it. OnePlus has come under fire recently for some unethical data collection. Could they also have placed a backdoor so the can spy on users? Anything’s possible, but as mentioned, this isn’t the only time we’ve seen this app get left behind. Still, if this was unintentional it’s very sloppy work from the company β and if intentional, calls for tar and feathers sound reasonable.
OnePlus CEO Carl Pei has responded, though it’s as non-committal as you’d imagine.
Thanks for the heads up, we’re looking into it.
β Carl Pei (@getpeid) November 13, 2017
Blaming Qualcomm here is misguided. It simply provides a software test suite that a manufacturer needs to build a phone using their stuff. Hate on Qualcomm for the way its SEPs are priced if you need a reason to hate, not for this.
What to do if you find this app on your phone
Look in the app list on your phone by opening the Settings, tapping Apps then tapping Show system apps and see if EngineerMode is on the list. If so, you have this app on your phone and you have two options.
Get in touch with Alderson through Twitter if you want to help see if your phone can be rooted with the engineering app.
Contact the company you bought your phone from so they know that need to do something about it if you’d rather not have a possible exploit in your app list.
There is no guarantee either of these choices will be effective. Encrypted passwords are tough to crack and companies who make and sell Android phones hate to update them. Advanced users could (in theory) use any root exploit to gain elevated privileges then remove the offending app, but all sorts of chaos could happen if not done just the right way. And probably even if you did do it the right way. Unfortunately, this is the only advice we can give.
This isn’t something anyone wants to see, especially Google. Expect a fix … eventually.
The final bit of good news is that Google is surely more unhappy about this than anyone else involved. This is exactly the type of exploit that gets patched every month, and allowing root without unlocking the bootloader defeats several layers of security that Google demands stay intact. Google will certainly pressure OnePlus and others to address this (and likely assist any way they can, because the security team is cool like that). And Google might even make some changes so these kinds of loopholes will stop working in future versions.
For now, though, enjoy this if you want to root your phone. If you don’t, be careful what you install and don’t panic. At least not yet.
OnePlus 5
- Complete OnePlus 5 review
- OnePlus 5 specs
- Which OnePlus 5 model should you buy?
- Camera comparison: OnePlus 5 vs. Galaxy S8
- The latest OnePlus 5 news
- Join the discussion in the forums
OnePlus
Amazon
Best Android Phones Under $300
- Best overall
- Best for navel-gazing
- Best for really tight budgets
Best overall
Moto G5S Plus
See at Motorola
The Moto G5 Plus was already one of our favorite phones in the sub-$300 price range, but the newer Moto G5S Plus (the ‘S’ stands for “Special Edition”) makes some small improvements that lead to an even better phone that still won’t break the bank.
With the Moto G5S Plus, you get terrific build quality, an eye-catching new Blush Gold finish, and a new dual camera system βΒ on top of all the other benefits the Moto G5 Plus already included, like a large 1080p display, a fast fingerprint sensor, and the useful Moto Actions gestures. Better yet, if you can’t front the cost, Motorola offers financing through Affirm when you order from its online store.
Bottom line: The Moto G5S Plus offers the best value for a phone under $300 and sets a new standard for powerful, inexpensive phones moving forward.
One more thing: Best Buy has the Moto G5S Plus for $40 off, so you can pick up our top recommendation for just $239.99.
Why the Moto G5S Plus is the best
In our review of the G5S Plus, we still recommended the standard Moto G5 Plus over the special edition because the difference in price didn’t quite justify the latter option’s minor improvements, but with Best Buy’s discounted price, it’s a different story.
The Moto G5S Plus has just about everything you could ask of a phone at this price. The design is attractive and well-built, the software is clean yet clever with the addition of Moto Actions and Moto Display, and the speaker sounds great. The best part? The Moto G5S Plus works on all U.S. carriers β yes, even Sprint and Verizon.
Best for navel-gazing
Honor 6X
See at Amazon
If your lifestyle is living loudly, wildly, and all over the internet, the Honor 6X should be your first choice for a budget smartphone. It’s equipped with all the necessities, including a dual rear-facing 12-megapixel and 2-megapixel camera that’s packed with a bevy of camera modes, a substantial 3000mAh batter pack, and a 1080p display for editing all those photos before posting them online.
Bottom line: The Honor 6X is truly a smartphone made for the kids: It has great battery life, camera hardware that’s substantial for social media, and a non-partisan design that will blend in with the rest of ’em.
One more thing: The Honor 6X is not compatible with the major CDMA networks in the U.S.
Best for really tight budgets
Nokia 6
See at Amazon
At just $229, the Nokia 6 falls well below our $300 guideline, and it has a lot to offer for that low cost. The aluminum unibody design feels premium, its 5.5″ 1080p LCD display looks great, and it has one of the better cameras in its segment. On top of that, the Nokia 6 runs a close-to-stock build of Android 7.1.2, and Nokia releases monthly security updates β a rarity for low-cost phones.
Bottom line: You’d be hard-pressed to find a better-made phone at this price point, and the regular software updates are icing on the cake.
One more thing: If you can live with the occasional ad on your lock screen and in your notifications, the Prime-exclusive Nokia 6 is even cheaper, at just $179.99. There’s simply no better option at that price.
Best overall
Moto G5S Plus
See at Motorola
The Moto G5 Plus was already one of our favorite phones in the sub-$300 price range, but the newer Moto G5S Plus (the ‘S’ stands for “Special Edition”) makes some small improvements that lead to an even better phone that still won’t break the bank.
With the Moto G5S Plus, you get terrific build quality, an eye-catching new Blush Gold finish, and a new dual camera system βΒ on top of all the other benefits the Moto G5 Plus already included, like a large 1080p display, a fast fingerprint sensor, and the useful Moto Actions gestures. Better yet, if you can’t front the cost upfront, Motorola offers financing through Affirm when you order from its online store.
Bottom line: The Moto G5S Plus offers the best value for a phone under $300, and sets a new standard for powerful, inexpensive phones moving forward.
One more thing: Best Buy has the Moto G5S Plus for $40, so you can pick up our top recommendation for just $239.99.
Update November 2017: Replaced the ZTE Axon 7 Mini with the Moto G5S Plus as the best overall option, and swapped the Moto G5 Plus out with the Nokia 6 for tight budgets.
Enter to win the HTC U11 Life from Android Central!
HTC U11 Life gives you the best innovations from HTC U11 and we’re giving one away!
It all starts with HTC’s latest innovation, Edge Sense. A simple squeeze lets you do things faster! And there’s so much more. HTC USonic for audio that’s adapted to you, with Active Noise Cancellation so you can truly lose yourself in the moment. A camera that captures stunningly clear photos and videos. A phone with a weather-resistant IP67 rating that can handle and maintain high-level performance in rough weather. All it takes is one squeeze to fall in love with HTC U11 Life.
On to the giveaway!
THE PRIZE: One Android Central reader will be taking home a brand new HTC U11 Life in Sapphire Blue, which will work on T-Mobile and AT&T networks!
THE GIVEAWAY: Head down to the widget at the bottom of this page. There are multiple ways to enter, each with varying point values. Complete all of the tasks for maximum entries and your best shot at winning! Keep in mind that all winning entries are verified and if the task was not completed or cannot be verified, a new winner will be chosen. The prize does not include service, and due to sponsor restrictions is only open to residents of the U.S. and its territories.
The giveaway is open until November 27th, and the winner will be announced right here shortly after the close date. Good luck!
Android Central is giving away an HTC U11 Life!
HTC U11
- HTC U11 review
- HTC U11 specs
- Manufacturing the U11: Behind the scenes
- Join our U11 forums
- HTC U11 vs Galaxy S8
- HTC U11 vs LG G6
Amazon
Sprint
HTC
Qualcomm’s Snapdragon platform is 10 years old today
November 14, 2017, marks Snapdragon’s 10th birthday.
If you own an Android phone, there’s a good chance it’s powered by a Qualcomm Snapdragon processor. Companies like Samsung and MediaTek manufacture their own silicon that’s used in certain handsets, but Qualcomm’s lead in the mobile space with its Snapdragon platform is undeniable.
As difficult as it is to believe, today, November 14, 2017, marks the 10-year anniversary of when the first Qualcomm Snapdragon processor was unveiled to the world.
The Snapdragon S1 was Qualcomm’s first shot at mobile processors, and a year later in 2008, the HTC Dream was not only the first phone to ship with Android but also the first one powered by a Snapdragon CPU. The S1 was a 65nm processor, and while that was quite impressive at the time, it’s six times larger than the 10nm design of the latest Snapdragon 835.
The Snapdragon 835 in all of its tiny glory.
Throughout its 10-year history, Qualcomm’s Snapdragon platform has gone through a lot of milestones and changes. 2010 saw Qualcomm test its first-ever dual-core system in a Snapdragon processor, the world’s first VoLTE call was made in 2012 using a Snapdragon chip, and just this year Qualcomm’s Snapdragon tech was used to achieve the world’s first 5G data connection.
It’s crazy to think about how much mobile processors have changed in the past decade, and it’s even harder to imagine where we’ll be in another 10 years.
Happy birthday, Snapdragon! π
Qualcomm officially rejects Broadcom’s deal to buy the chip-maker
Can Tesla avoid becoming the BlackBerry of electric cars?
It wasn’t that long ago that the idea of a semi-autonomous, or even an electric car driving on public roads was incredibly far-fetched. Sure, there were hybrids from companies like Toyota and Honda, but nothing that anyone with a straight face would call cool. Tesla changed all that, first with its roadster but then (more importantly) with its Model S and Autopilot. Its cars had an EV range over 200 miles and made caring about the environment and driving “the future” a status symbol. Tesla changed everything in the automotive world and now, well now, the industry has caught up and Elon Musk’s company is mired in what he calls “production hell.”
Tesla — even with all its faults — has been incredibly important to the auto industry. In 2006 Musk dropped his master plan to sell high-end EVs to the well off to help create an electric car for everyone. Car startups, even from established automakers, tend to die a sad long death (anyone remember Saturn or more recently Scion?). But Tesla had hype and a grand vision on its side. It took a while though — 11 years before the company delivered the first of its affordable Model 3s to customers.
During that time though other automakers paid attention to the Silicon Valley company as it gained attention for its cars and Autopilot (its semi-autonomous feature). This is especially true on the high end of the market. “I think that Tesla has been very influential in motivating the luxury brands to offer similar capabilities,” Gartner lead automotive analyst Mike Ramsey told Engadget.
It was more than the fear of missing out on the self-driving future that lit a fire under automakers. With the Model S, Tesla demonstrated that people actually wanted an electric car. So, while it was working on generating the capital and buzz for its Model 3, automakers like GM pounced, and introduced their own electric cars. The result is the Bolt. A long-range EV with a price tag of just under $30,000 with tax credits applied. Detroit took Tesla’s plan and beat it to market.
Meanwhile Tesla is struggling to get its Model 3 out of its factory. “The problem is its popularity has risen so much that scale has become a bigger and bigger part of its business and it is no longer in reality a tech company, it is a manufacturing company for better or for worse,” Ramsey said.
Innovation is important to any industry and Tesla does that. But where does it go from here? Even if it hits its production goals, it’ll be over a year before anyone that orders a Model 3 today will have it delivered to their garage. In the automotive world, that’s not a win and the long lead time could affect the company’s health long term which could impact the battery and solar panel portions of the company.
If Tesla wants to get those cars on the road, it needs to focus less on car innovation and more on improving its manufacturing. People want to get behind the wheel of Musk’s master plan.
Tesla doesn’t consider itself a car company in the traditional sense. In addition to cars, SUVs and an upcoming semi, it also has the Energy portion of the business. The Powerwall and Powerpack help keep electricity flowing to homes, offices and more importantly, the grid. It’s solar panels and Solar Roof help homeowners reduce their electric bill and carbon footprint. Everything the company does is centered around a goal of reducing the filth we push into the air. It’s a lofty and commendable mission.
But it’s the cars that get the press, and that makes them an important part of the company’s bottom line and brand. Even if absolutely everything goes wrong for the company, Musk’s 11 year old manifesto will still come true. Automakers are onboard for an electrified future with many promising EV or hybrid models in 2019. And it’s tough to find a company that’s not working on an autonomous car. So even if Tesla loses, it still won.
Uber drivers the focus of class action suit alleging sexual assault
Uber is facing yet another lawsuit, this time in response to alleged rapes two unidentified women suffered when taking an Uber. According to a report at Recode, the plaintiffs of this class action suit seek compensation for the sexual assaults as well as an injunction to force the ride-sharing company to improve its background checks.
As Recode reports, the complaint states that the plaintiffs were misled to believing that Uber drivers would safely take them to their destinations, and that the company engaged in “unlawful” and “fraudulent” conduct to misrepresent the safety of such transport. Focusing on background checks, the lawsuit argues that Uber has created a system within which “bad actors can gain access to vulnerable victims.” It further says that Uber targets intoxicated passengers as a safe ride for riders who have been drinking.
Complaints about the validity of Uber’s background checks is nothing new, of course. Los Angeles and San Francisco sued the company a couple of years back, alleging that Uber missed criminal records for drivers with serious crimes in their past. The company was banned in New Delhi as a result of an alleged rape in that Indian city, and Massachusetts denied licenses to more than 8.000 Uber (and Lyft) drivers based on more stringent guidelines in the state.
The latest lawsuit argues Uber’s screenings for drivers only goes back seven years, reports Recode, mostly because the system Uber uses relies primarily on credit reporting systems. Other background checks, like fingerprinting, says the complaint, would go further back. Recode says that the plaintiffs are also asking for Uber to perform six month criminal checks, bar registered sex offenders and people with rape or assault convictions from driving for the company, no matter how far back the records go.
Update: An Uber spokesperson responded to our request for comment with the following statement:
“Uber received this complaint today and we are in the process of reviewing it. These allegations are important to us and we take them very seriously.”
Source: Recode
FCC will vote on viewer-tracking broadcast standard this week
On Thursday, the FCC will vote on a new broadcast standard that stands to have a big impact on both consumers and broadcasters. Next Gen TV, also known as ATSC 3.0, will bring with it sharper images and video as well as the ability for TV broadcasters to get more detailed data about consumers’ viewing habits. Rather than just broad demographics, those broadcasters will be able to collect viewing data similar to how cable providers do with set-top boxes and how websites track browsing history. That information could then be used to more specifically target ads to viewers. The FCC is expected to approve the new standard but many are voicing concern over privacy issues and lack of regulation.
Jessica Rosenworcel, an FCC commissioner, doesn’t think the current plan for the Next Gen TV rollout is adequate and has urged the FCC to start over, Broadcasting & Cable reports. She says that unlike the digital TV transition that occurred in 2009, the current Next Gen TV transition plan doesn’t have a congressional mandate, any subsidies for new equipment that will be required with the new standard and no test market. In a speech given at the Open Technology Institute, she said, “Before we authorize billions for patent holders and saddle consumers with the bills, we better understand how these rights holders will not take advantage of the special status conferred upon them by the FCC.”
Further, in a comment on the FCC’s proposal, the Consumers Union, Public Knowledge and New America’s Open Technology Institute said, “We agree with the comments filed by the original Petitioners that the Next Gen TV standard potentially offers ‘compelling public interest benefits, including stunning video and more immersive audio, as well as the opportunity for revolutionary features that will significantly enhance the viewing experience.’ But achieving those benefits should not come at the expense of consumers, which could occur if the transition to ATSC 3.0 is approved by the Commission without adoption of appropriate, common sense safeguards.” It also said, “Consumers are being asked to take a leap of faith without the benefit of a regulatory safety net.”
On the other side of the issue, FCC Chairman Ajit Pai, who proposed approving the new standard shortly after being nominated to the position by President Trump, has been a vocal supporter of Next Gen TV from the start. In a recent speech he said opponents wanted “to impose extensive government regulation that could strangle Next Gen TV in its infancy.” In regards to privacy concerns surrounding the expanded access to viewer data he said that the FCC was only looking at the technical aspects as of now and might look into privacy concerns later.
But many want privacy concerns to be addressed before the standard is approved. Jonathan Schwantes, senior policy counsel for Consumers Union, told Bloomberg, “If the new standard allows broadcasters to collect data in a way they haven’t before, I think consumers should know about that. What privacy protections will apply to that data, and what security protections?”
Via: Bloomberg
Source: FCC
Nintendo might be making an animated ‘Super Mario Bros.’ movie
Nintendo’s plans to return to movies appear to include its most beloved franchise. Wall Street Journal sources understand that Nintendo is close to a deal for an animated Super Mario Bros. movie from Illumination Entertainment, the Universal-backed studio behind the Despicable Me series. While the exact terms aren’t clear, the pact would theoretically allow multiple movies. Nintendo has also been bending over backwards to maintain creative involvement, and Mario creator Shigeru Miyamoto is expected to be a producer.
Neither Nintendo nor Illusion is commenting on the apparent leak. The movie is believed to be in the very early stages, so it might be years before it reaches theaters.
It’s easy to be wary of the movie. There’s a whole generation that remembers the mess that was the live-action Super Mario Bros. movie from 1993, and few other game-based movies live up to expectations. They tend to be quick cash-ins that have little to recommend them beyond a familiar name.
Illumination does have a knack for appealing animated movies, though, and Nintendo’s determination to maintain some creative input suggests that the project won’t take any odd turns. As it stands, Nintendo has plenty of motivation to get a movie off the ground. Nintendo’s fortunes are back on the rise, and Super Mario Odyssey is widely regarded as one of the series’ best games for a long time — the movie might be late to the party, but it’d still take advantage of a massive amount of good will.
Via: Kotaku
Source: Wall Street Journal
Toshiba sells its TV unit to Hisense
Toshiba has been shedding its departments for a few years to streamline operations and recoup losses after its 2015 accounting scandal. Sony bought out its sensor business in 2015 for $155 million and Bain Capital (of all entities) just purchased its NAND flash memory department for $18 billion. Today, Toshiba announced the sale of its TV division to Hisense for about $113 million, which fits the company trajectory.
Reports noted that Toshiba is likely making the sale to recoup from massive losses to its nuclear business. The company had been building reactors in the US, but higher safety regulations in the wake of the 2011 Fukushima disaster have severely impeded progress. Toshiba’s US-based nuclear operations filed for bankruptcy earlier this year.
Toshiba isn’t the first Japanese tech company to sell off its TV division elsewhere. In a long-protracted deal, Taiwanese electronics manufacturer Foxconn formally acquired Sharp for $3.5 billion in March 2016. But the year before, Sharp sold its Mexican factory for a song ($23.7 million) and the rights to produce TVs under its name in North America… to Hisense. (The Foxconn-owned Sharp is now trying to get those rights back due to Hisense’s reportedly shoddy televisions ruining its good name.)
Via: Phys.org
Source: Toshiba
Hulu’s Live TV service is now much easier to browse on the web
Hulu has been working on some new features for its Live TV service. The changes are specifically geared towards improving navigation and browsing in the web version of Hulu Live TV. First, the new version has a Live TV button right at the top of the home page and there are also more curated collections of shows and movies. Web users will now see collections like Keep Watching, Lineup and Fall TV. Hulu has also changed how to access title details by making them easier to get to and having them show up as an overlay so you can easily return to browsing. And there’s also now a dedicated Browse menu.
Hulu revamped its user interface when Live TV launched earlier this year and it has been rolling out both to additional devices over the last few months. It also announced it was bringing a channel guide for the web last month.
If you’re a Hulu Live TV subscriber, you can see the new features by going to beta.hulu.com and the company is encouraging users to give them feedback on the changes here.
Image: Hulu
Source: Hulu
AIVAnet 