OnePlus is always known for affordable smartphones and fully optimized software. However, it appears the company has missed the security of the users’ data. According to a recent report by 9to5Google, the ‘Shot on OnePlus’ app allegedly revealed important user data, including emails associated with photo submissions.
The API used by the app to transfer data from device to server does not carry any authentication or encryption for security. The API transfers all the data back and forth between the user device and the server. The unencrypted key is required to access the individual’s email address. OnePlus was made aware of the flaw in May, and now it has rectified with a fix which was rolled out last month.
The users can easily access the Shot on OnePlus app on their OnePlus devices. It allows the user to change the wallpaper on their smartphones automatically. It even allows photography enthusiasts to submit the photos taken by OnePlus smartphones after registering with Email ID. If the photo gets selected, it is made public and is applied automatically to all OnePlus devices via the Shot on OnePlus Wallpaper.
The report cites that, “It is unclear for how long this leak was happening, but because OnePlus had no reason to make this data public after the application was out, we believe is was leaking data since its release — multiple years, at least.”
The Chinese smartphone manufacturer recently launched OnePlus 7 and OnePlus 7 Pro carrying Snapdragon 855 SoC and other high-end hardware.
Up next: OnePlus 7 Pro Almond color edition to go on sale in India today
(source)
