OnePlus is spying on it's users secretly!

Hello everyone!

    Welcome back after a long period of time to the NewAgeInformers where the knowledge sharing is must. Apologies for being too late in posting article after a long time. So, we all know that nowadays there is the a huge competition going on in the world of smart phones. Different companies are providing various features in their smart phones giving the highest priority to the security of handsets and the data of the users. There are many leading companies in this field which are having healthy competitions like Apple, Samsung, OnePlus and so on.

    Let me ask you a question that what if I can see all the data of your smart phone? Would you like that? Most of you all will not like that and also get angry on that but the fact is the company named OnePlus has all the access to your smart phone without your knowledge. According to the recent research by a software engineer, Christopher Moore, OpnePlus is stealthily having access on the data of it's users. While doing the research, Moore came to that he can actually see the incoming and outgoing traffic of his OnePlus 2 phone using OWASP ZAP. It also includes lots of requests to open.oneplus.net.




    What is OWASP ZAP?
   ->  The full form of OWASP is Open Source Web Application Security Project and ZAP is short form of Zed Attack Proxy.  It is designed to be used more by two kind of persons including those new ones to application security and the professional penetration testers. When it is implemented as a proxy server it let the user to manipulate all of the traffic that passes through it, which includes traffic used for https.

   
    After having a large scale analysis, Moore found a field named as Amazon AWS details purchased by OnePlus. He also examined that his smart phone is regularly sending data over HTTPS to the open.oneplus.net server. By using authentication key, Moore discovered a way to decrypt the data of his OP2 samrt phone which were send including locks of the phone and many other information. Many times some of the companies will automatically records some of the information like rebooting phone for the bug fixing of the O, but recording it each time surprised him and let him know about the secret spying of OnePlus on it's users.

    Moore also observed that the phone's IMEI number, the phone number, MAC address of the device, mobile network names & IMSI prefixes, Wi-Fi connection details and the phone's serial number, all this information were send to the OnePlus' server anonymously. These data were send to the server when that application is opened, every time. When they contacted to the company (OnePlus), and asked questions regarding this analytics tracking, the below statement is the answer from the company:
-> " We securely forward analytics in two different streams over HTTPS to an Amazon server. The first current is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behavior. This communication of user activity can be turned off by navigating to 'Settings' ->'Advanced' ->'Join user experience program'. The other stream is device information, which we receive to provide better after-sales support."

    A Twitter user JaCzekanski pointed out that the app transmitting the data OnePlus Device Manager can be wiped out using ADB where root is not required. He suggested a way to eliminate this process via ADB in thee following steps. First you need to plug your phone into a processor with ADB installed and then make user USB debugging is permitted, and now you need to run the following command:
pm uninstall -k-user 0 not.oneplus.odm.

    One most important advise I would like to give you all is to make sure that the applications which do not need access to your data but still it is using then unistall it. And the another thing is to take backup of your important data regularly so that in case you lost your phone, you will have your data.

    Thank you for today and stay connected with us for more interesting and knowledgeable articles by following us here:

facebook: CLICK HERE!!!!!!!!!!
Twitter: @NewAgeInformers
Instagram: @new_age_informers_


Comments