Every phone collects information of its users. This is true for Apple's iPhone and it's also partly true for Android phones as well. But how much is too much? While the answer is not clear, a software engineer has accused OnePlus of collecting too much user data, including details that can identify users. The company, responding to the engineer's allegations, says that the data is collected for analytics and aftersales support.
According to a report, engineer Christopher Moore found the about the OnePlus software collecting user data on the OnePlus 2 during a Hack Challenge. After probing further, Moore wrote about it on his blog.
During the Hack Challenge, Moore started to proxy the internet traffic from his OnePlus 2 using OWASP ZAP, which is a free security tool used for finding security vulnerabilities in any web applications. Moore then discovered that OnePlus was collecting user data such as IMEI numbers, mobile network names, IMSI prefixes, MAC address and serial numbers.
After the report went viral on the internet, OnePlus in a statement to the Android Police, a tech news website, says that the company does collect the information from phones. But, notes the company, this is to understand the problems that the users are facing and solve them in the forthcoming update.
The company says, "We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behavior. This transmission of user activity can be turned off by navigating to Settings > Advanced > Join User Experience Program. The second stream is device information, which we collect to provide better aftersales support."
Moore adds that the domain where the data was going was owned by OnePlus, and hosted on Amazon AWS. He also claims that his OnePlus 2 was sending information about locks and unlocks and unexpected reboots. But then, OnePlus says that the information that they collect is safe on their servers.
This is not the first time that a smartphone manufacturer has been accused of collecting user information without their permission. Recently some Chinese phone makers were in news after it was found that they were collecting user data. In one case, researchers found some code related to ad-ware on the phones made by one particular smartphone company.
Of late, the data that phone companies collect from their users has become a touchy point, particularly in India where most of the phones sold are made by Chinese companies. This probably prompted the Ministry of Electronics and Information Technology to recently issue a directive details of what all data that phone companies were collecting from users. The information has been sought from all major phone makers, including Apple and Samsung.