Smartphone maker OnePlus has been accused of setting its devices up to send sensitive user data back to the company - without seeking their consent or being upfront about its data-slurping activities.
The accusations were detailed in a blog post by security researcher Christopher Moore. After setting up a security tool called OWASP ZAP on his OnePlus 2 handset, he noticed HTTPS requests being sent to a domain called open.oneplus.net, which further redirected the traffic to a US-based Amazon AWS server.
As well as hoovering up details such as users' phone and IMEI numbers, MAC addresses and mobile network names, Moore revealed that OnePlus was collecting timestamped details such as when the user locked the device and when apps were opened and closed.
"They're collecting time-stamped metrics on certain events, some of which I understand - from a development point of view, wanting to know about abnormal reboots seems legitimate - but the screen on/off and unlock activities feel excessive, he claimed in his blog.
"At least these are anonymised, right? Well, not really - taking a closer look at the ID field, it seems familiar; this is my phone's serial number."
Moore states that the code responsible for this data collection is part of the OnePlus Device Manager and OnePlus Device Manager Provider. Thankfully, Twitter user Jakub Czekanski, tweeted that the data transmission can be disabled permanently using ADB tool with USB debugging enabled on the device.
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k --user 0 pkg— Jakub Czekański (@JaCzekanski) October 10, 2017
However, there's a chance that doing this could break other functionality of the system, since Device Manager could be responsible for other tasks.
OnePlus doesn't seem to consider its unconsented data collection a big issue and shrugged off the accusations in a statement.
"We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behaviour," the firm said.
"This transmission of usage activity can be turned off by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support."
Researchers claim first in race to manufacture a component able to host Majorana particles
Japanese researchers develop a flexible screen worn on the skin that they claim can monitor patients' heart rate and other vitals
ZenFone 5 Pro appears to boast a Snapdragon 845 SOC, an Adreno 630 GPU and 6GB of RAM
Pilot project will serve 300 homes to start with