Various well-companies like Google, Apple and Microsoft are known for collecting user data in order to deliver improved user experience. These companies do not collect user data without the consent of the user. In the recent past, OnePlus has been accused for manipulating benchmarks, incorrectly mounting displays, incompetency in providing adequate device support and now the company has been reportedly found guilty of collecting user data without their knowledge.
Christopher Moore, a software engineer has mentioned on his tech blog how OnePlus is collecting information from its users without their permission. Moore began monitoring the internet traffic from his OnePlus 2 using a free security tool called OWASP ZAP during the SANS Holiday Hack Challenge 2016. This tool can automatically find security problems in web applications.
Moore has found that various user information such as IMEI number, service provider names, MAC addresses, serial numbers, IMSI prefixes and things of that nature were collected by his device by open.oneplus.net, a site hosted on Amazon AWS. On investigating further, Moore found that his OnePlus 2 was also sending some other information on locks and unlocks, reboot, screen timestamps, and charging.
This can possibly help the Chinese manufacturer to release more stable builds of its OxygenOS. However, it is unethical to fetch user information without permission. Moore has also found that OnePlus Device Manager and OnePlus Device Manager Provider are the two items that are unfairly collecting user data.
OnePlus has released the following statement on the issue:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
The above statement suggests that OnePlus does not consider it as a major problem as it is only collecting information for user support. Also, the statement does not address privacy concerns. It appears that the Chinese manufacturer is breaking consumers trust in a bid to provide them with improved after-sales support.
Since OnePlus Device Manager and OnePlus Device Manager Provider are system services, they can be manually disabled every time after restarting the OnePlus device. However, Jakub Czekański has provided a suggestion on how to disable them permanently. Here is the command that can be used to permanently prevent OnePlus devices from collecting user data: pm uninstall -k –user 0 net.oneplus.odm. Users can visit the source link to see detailed information shared by Moore
OnePlus is not the only company that has been caught collecting user information. Other Chinese OEMs like OPPO, Vivo and Xiaomi have also been accused in the previous year for sending sensitive user information to Chinese servers at regular intervals. Today, the security of user data is becoming important than ever. Hence, companies should be very transparent on letting it consumers know what information they are collecting from the user and the purpose behind doing so. Also, they should provide an option to opt out of such sort of data collection.