Chinese smartphone maker OnePlus was found to be collecting data that don't keep the user anonymous, according to security researcher Chris Moore in a blog post.
The hype around OnePlus is real: the next so-called flagship killer from the company is expected to feature a bigger display with a new aspect ratio and minimal bezels, and there are already multiple reports out there creating an online buzz. After the launch of the OnePlus five more reports of issues like benchmark manipulation, wrongly-mounted displays and users being unable to dial 911 in emergency situations surfaced.
Among the information being passed along was non-anonymized data, including his phone number, IMEI (International Mobile Equipment Identity), MAC address, mobile network names, and device serial number.
Moore discovered the security breach as he was completing the SANS Holiday Hack Challenge 2016. Using the the on-device key, Moore was able to see all of the data being sent back to OnePlus' AWS servers.
The data that OnePlus is accessing ranges from device information like the phone's IMEI and serial number to user data like reboot, charging, screen timestamps as well as application timestamps.Читайте также: Actor James Van Der Beek revealed that he had been sexually assaulted
Moore revealed that the data collection is tied to the OnePlus Device Manager and OnePlus Device Manager Provider.
@chrisdcmoore I've read your article about OnePlus Analytics.
When asked for comment, the company said: "We securely transmit analytics in two different streams over HTTPS to an Amazon server". It's common practice today among tech brands to make sure that they get explicit user permission first before collecting data from users. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour. The second stream is device information, which we collect to provide better after-sales support.
After a brief meeting with a representative from the company, a satisfactory explanation wasn't obtained as to why the company does not merely allow the users to opt to share their data to help future updates. Though OnePlus claims it's doing this to provide better after-sales support, most users might not be happy about being kept out of the loop all this while. This transmission of usage activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program".
"Collecting basic telemetry data is quite a standard-fare but the problem arises when the data is precise enough to identify a user based on the information collected".При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог
- JPMorgan earnings are coming - here's what Wall Street expects
- Small explosion in suspect's vehicle during OR traffic stop, police say
- Gucci CEO Says the Luxury Brand Is Done Selling Fur
- England can't win Ashes without Ben Stokes, says Steve Waugh
- Oculus Rift now available for just $399 in USA
- Lufthansa signera ce jeudi l'accord avec Air Berlin-Spohr
- Drone attempted to lure children from OH school playground, district says
- Western Digital Announces 'Breakthrough' In Disk-Drive Storage
- Lava Helium 12 laptop with Windows 10 Home launched at Rs. 12999
- Nokia 9 renders with curved glass and bezel-less design surface online