Vendredi, 17 Août 2018
Dernières nouvelles
Principale » OnePlus may have been collecting user data without permission

OnePlus may have been collecting user data without permission

12 Octobre 2017

Chinese smartphone maker OnePlus was found to be collecting data that don't keep the user anonymous, according to security researcher Chris Moore in a blog post.

The hype around OnePlus is real: the next so-called flagship killer from the company is expected to feature a bigger display with a new aspect ratio and minimal bezels, and there are already multiple reports out there creating an online buzz. After the launch of the OnePlus five more reports of issues like benchmark manipulation, wrongly-mounted displays and users being unable to dial 911 in emergency situations surfaced.

Among the information being passed along was non-anonymized data, including his phone number, IMEI (International Mobile Equipment Identity), MAC address, mobile network names, and device serial number.

Moore discovered the security breach as he was completing the SANS Holiday Hack Challenge 2016. Using the the on-device key, Moore was able to see all of the data being sent back to OnePlus' AWS servers.

The data that OnePlus is accessing ranges from device information like the phone's IMEI and serial number to user data like reboot, charging, screen timestamps as well as application timestamps.

Actor James Van Der Beek revealed that he had been sexually assaulted
The encounter allegedly ended with Weinstein placing his hands on her and suggesting a massage. What Weinstein is being accused of is criminal.

Moore revealed that the data collection is tied to the OnePlus Device Manager and OnePlus Device Manager Provider.

@chrisdcmoore I've read your article about OnePlus Analytics.

When asked for comment, the company said: "We securely transmit analytics in two different streams over HTTPS to an Amazon server". It's common practice today among tech brands to make sure that they get explicit user permission first before collecting data from users. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour. The second stream is device information, which we collect to provide better after-sales support.

After a brief meeting with a representative from the company, a satisfactory explanation wasn't obtained as to why the company does not merely allow the users to opt to share their data to help future updates. Though OnePlus claims it's doing this to provide better after-sales support, most users might not be happy about being kept out of the loop all this while. This transmission of usage activity can be turned off by navigating to "Settings" - "Advanced" - "Join user experience program".

"Collecting basic telemetry data is quite a standard-fare but the problem arises when the data is precise enough to identify a user based on the information collected".

OnePlus may have been collecting user data without permission