Upstart smartphone maker OnePlus has been playing down reports that an internal testing app 'accidentally' left on the device could enable an attacker to get root-level access to the devices without even needing to unlock its bootloader.
It was revealed on Tuesday that the internal testing app, dubbed EngineerMode, could be exploited to give root access, and as we all know, that pretty much means anything goes for that device.
< Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build...🤦♂️— Elliot Alderson (@fs0c131y) November 13, 2017
This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6
The app's existence had been previously spotted, but it's only now that its full potential is being recognised. In the wrong hands - and with a good exploit behind it - it could be used to takeover someone's device. That, at least, is the fear.
However, OnePlus has responded insouciently to the news. It explained in a forum post that users don't have anything to worry about as the app won't grant third-party apps full root privileges.
"Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is," a OnePlus staffer said in the post.
"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after-sales support.
"We've seen several statements by community developers that are worried because this apk grants root privileges. While it can enable adb [Android Debug Bridge] root, which provides privileges for adb commands, it will not let third-party apps access full root privileges.
"Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device," the staff member added.
So that's all right, then.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff