It seems that technology companies have yet to come around to the idea that users do not want them to essentially spy on them, collecting their data and doing as they please with it afterwards.
The latest example of a company getting user privacy all wrong is OnePlus, with the revelation that its smartphones collect data on its users.
According to security researcher Chris Moore, OnePlus devices collect data including the smartphone’s serial number and then transmit it to one of the company’s servers. While some of the data that is being collected is relatively mundane, including when a device is locked or unlocked and which WiFi networks it connects to, where OnePlus really gets things wrong is by collecting things like a device’s IMEI, phone number and other characteristics that mean all of the data collected can be identified as belonging to a particular user.
Moore’s blog post is receiving renewed attention this week after originally being posted back in January. According to Moore, the code that goes about the data collection is part of OnePlus Device Manager and OnePlus Device Manager Provider. In his blog, Moore says that for his particular phone, the services had sent off 16MB of data in 10 hours. Considering what this data comprises, that’s quite a lot.
OnePlus released a statement explaining what the data is, confirming that it does indeed send data to an Amazon server.
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
The fact this can be turned off is obviously a good thing, and we strongly suggest that might be something that that you want to consider if you own one of OnePlus’ OxygenOS-powered Android phones.
(Source: Chris’s Security and Tech Blog)