Some OnePlus phones appear to be mining user data – but is it as bad as it sounds? And how can you make it stop? Here’s what you need to know.
Gadget makers regularly suck up your data in a bid to improve user experience. It’s important for developers to have a good idea about what’s going on in your phone, because it helps them fix problems when things go wrong.
But excessive data mining is an easy way to get people riled up about smartphone security and data privacy – and it seems OnePlus is the latest culprit.
A software engineer by the name of Christopher Moore has published a lengthy blog post that details overzealous user data transmissions from his OnePlus 2 smartphone.
Using OWASP ZAP, Moore was able to view all incoming and outgoing internet traffic from his phone, and discovered a large amount of data being sent to the open.oneplus.net server. The data was encrypted, but he used his own phone’s authentication key to decrypt it.
The decrypted data revealed that time-stamped information about unexpected reboots – as well as every single phone lock and unlock – was being sent to OnePlus. A little odd, but nothing too extreme.
“That’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities,” said Moore.
After some further investigation, Moore discovered that the code responsible for collecting the data was part of the OnePlus Device Manager and the OnePlus Device Manager Provider.
So how do you stop it from happening? Moore writes: “Unfortunately, as a system service, there doesn’t appear to be any way of permanently disabling this data collection or removing this functionality without rooting the phone.”
He continued: “One alternative would be to stop the service every time you boot your phone (assuming it doesn’t get periodically restarted) or using an app to achieve the same effect, or perhaps prevent communication with open.oneplus.net somehow.”
However, do this at your own peril – it’s not clear what effect this will have on your core OnePlus systems.
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour.”
It goes on: “This transmission of usage activitiy can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
We’re not entirely sure how much data this will stop being transmitted, and we discovered that the feature was already turned off by default on our own OnePlus 5 model. We’ll update you once we know more.
What do you think about the OnePlus 5? Let us know via Facebook or Twitter.