OnePlus Goes Greedy with Data Collection; Forgets to Anonymize It Too
OnePlus may have been tracking its users as a researcher has revealed how its custom Android operating system, OxygenOS, has been collecting massive amounts of analytics information without anonymizing it. Potentially connecting each phone to its user and their data, Christopher Moore, a security researcher has revealed that the OxygenOS is sending the company an excessive amount of personally identifiable data.
The Shenzhen based Chinese smartphone visitor is collecting a long list of data that is then tied to individual OnePlus users, including:
- IMEI numbers
- Telephone numbers
- MAC addresses
- IMSI prefixes
- Serial numbers
- Mobile network name(southward)
- When user launched/closed an app
- Screen on/off time
- Fourth dimension when user locked or unlocked their phone
- And more such information that could be considered intrusive.
Hey @OnePlus_Support, information technology's none of your concern when I plow my screen on/off or unlock my phone - how do I turn this off? /cc:@troyhunt pic.twitter.com/VihaIDI6wP
— Christopher Moore (@chrisdcmoore) January 13, 2017
Telemetry and more telemetry - OnePlus caught collecting massive amounts of personally identifiable data
After doing some digging in the code, going through OnePlus forums and Reddit threads, Moore discovered that the lawmaking responsible for this information drove is part of the OnePlus Device Director and the OnePlus Device Manager Provider, which run the OneplusAnalyticsJobService under the OnePlus Organization Service.
"In my case, these services had sent 16MB of data in approximately 10 hours," he said making the damning revelation.
While companies collect analytics data regularly to debug problems, they are expected to at least anonymize that data, if non to make this an opt-in process. Currently, OnePlus doesn't appear to be offering whatever way to the users to become out of this procedure and hasn't responded equally to why it needs to rail screen on/off and phone unlock time.
Jakub Czekański, a web developer, has shared how tech savvy users can stop their devices from sending telemetry data to the company without rooting their devices.
- Enable USB debugging
- Connect your phone to figurer
- Utilise Android Debug Bridge (adb) to run the following commands:
- $ adb showtime-server
- $ adb vanquish
- > pm uninstall -k --user 0 net.oneplus.odm
In its response, OnePlus has said that it "securely transmit analytics in two different streams over HTTPS to an Amazon server." The get-go is usage analytics that users tin opt out of from: Settings > Avant-garde >Join user experience plan.
"The second stream is device information, which we collect to provide meliorate after-sales support," and doesn't seem to be something from which you tin opt out of. Nevertheless, yous can utilize Czekański's tip to terminate information collection on your OnePlus devices.
- More than data on the visitor's excessive information drove is available in Moore's weblog post; more details on forcing your OnePlus phone to stop sending your data tin can be found here.
Source: https://wccftech.com/oneplus-data-collection-no-anonymizing/
Posted by: martincalloseven.blogspot.com
0 Response to "OnePlus Goes Greedy with Data Collection; Forgets to Anonymize It Too"
Post a Comment