Some Android phones and Apple iPhone’s both collect the user’s information. But the answer to the extent and the amount of information to be collected is not yet clear and known. Chinese phone manufacturing company OnePlus is known for producing great smartphones at budget prices.
But now you may have to think upon this before buying an OnePlus phone as according to Chris Moore journalist, the OnePlus smartphone’s Oxygen OS Android has silently been collecting a lot of user data and has been sending the information to the company’s server without the user’s permission.
Reportedly, during the OnePlus 2 Hack challenge, Chris Moore found that his OnePlus phone software was collecting the user’s personal data. Using the OWASP ZAP free security tool of his OnePlus 2 phone during the Hack challenge, Moore started to proxy the incoming and outgoing internet traffic from the phone.
It was then that he discovered about the phone’s Oxygen OS software collecting the user’s data quietly without the user knowing about it. He later posted regarding it in a blog article. In the blog post, Moore who is a software engineer wrote that the collected data by the phone consists of phone numbers, MAC addresses, the phone’s IMEI and serial number, mobile network names and the wireless network’s ESSID and BSSID.
The OnePlus android phone is collecting details including information which can identify users. He also detailed on how the company’s devices record data when the phone screen is locked or unlocked, when the applications are opened, used and closed by the user and the Wi-Fi network that is connected to the user’s device.
It may be noted that on January 2017, Moore had even contacted the Company to get a permanent solution to this data collection error, but got no help. Once this report went viral online, OnePlus responded to this controversy and said that the company collects two sets of data from all of its users in order to enhance its software on the basis of user behavior and also to provide a good after sales service to the users.
The company further added that the information collected by the phone is in two forms-usage analytics and device information. The usage analytics helps to improve the software of the phone which can also be turned off by the user by going on the phone Settings>Advanced>Join user experience program. However, the device information cannot be turned off by the user.
There are also previous reports of the OnePlus Company where it has been accused of cheating the synthetic benchmarks to scores. A benchmarking app was detected whenever the OnePlus 3T smartphone with Qualcomm Snapdragon 821 SoC was forced to run at a higher clock speed. While at that time the company had promised that this cheat in the synthetic benchmarks won’t happen again, there was a similar case reported in the OnePlus 5 phone.
It is acceptable if the analytics information is collected by the phone manufacturing company with consent. But gathering personal identifiable data is not acceptable. It is a matter of concern that a major Android phone manufacturing brand has done such a mistake of collecting data without permission.
But the disappointing fact is that the OnePlus Company is not considering this as a big issue. It is clear that company is breaching the users’ privacy even if it is for the company’s after sale service or for the enhancement of its software. The company has gathered many angry and frustrated users due to its unauthorized data collection based on it are after sale service.
The OnePlus Company is not the only company who has committed such an error. Other Chinese phone manufacturers such as Oppo, Vivo and Xiaomi were also found sending the user’s data to Chinese servers every 72 hours in late last year. Besides, user data was also sent to remote servers in China by the popular UC Browser.
A question as to why the company did not allow the users to share the data that the company requires for future updates was asked to one of the OnePlus representatives. However, there was not a satisfactory explanation available for the same. According to Chris Moore, there is no such way available to permanently stop this unauthorized data collection without rooting the phone.
However, he said that as an alternative method, the user can stop this service every time the phone is booted. Some app can also be used to boot the phone. But the after effects of these alternatives are not known.