OnePlus 3

In today’s world, smartphones act as a daily driver for millions of users worldwide. In recent time, the smartphones usability attributes have been bumped up to a significant extent. The mobile OEM ensure to offers their consumer’s high-quality hardware with data encryption benefits. Moreover, if you discovered that your OEM is indulged in extracting data from your device, then it may become a serious concern.

A recent analysis has shown that smartphone maker OnePlus has been collecting massive amounts of analytics data from their phone owners. The company is collecting IMEI numbers, MAC addresses, mobile network names and IMSI prefixes, serial numbers, and more important data on a regular basis.

OnePlus user data

OnePlus data collection was detected by Christopher Moore, a software engineer who began to sift through the internet traffic from his OnePlus 2 smartphone using OWASP ZAP. OWASP ZAP is a free security tool which helps the user to find security vulnerabilities in their web applications when developing and testing applications.

Nonetheless, after detailed inspection, Moore found that his phone was frequently sending data to the open.oneplus.net server over HTTPS. Moreover, Mr. Moore was able to decrypt the data which revealed that his handset was sending time-stamped information about locks, unlocks, and unexpected reboots. He also found that some of the data being sent to OnePlus servers included the phone’s IMEI number, phone number, MAC addresses, mobile network names and IMSI prefixes, Wi-Fi connection info, and the phone’s serial number.

However, when this issue was reported to OnePlus, the company confirmed that they transmit analytics data in two different streams over HTTPS to an Amazon server. All the data transfers are done to improve services by fine-tuning the software. The company also mention that users can also switch off data transmission activity by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’.

At the time of this writing, it is not clear if this data collection is specific to the OnePlus 2 that was used for testing this. For its part, OnePlus says that the data collection can be disabled,