Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

A OnePlus app is supposedly collecting user data without consent. Again.

mona

By mona
in Security & Privacy News

Recommended Posts

mona

mona

Posted
Posted

A OnePlus app is supposedly collecting user data without consent. Again.

 

A few months ago, OnePlus’s extensive data collection practices came into the limelight, but the Chinese phone maker explained that it was using that data to improve its product and services. At the time, OnePlus promised an update that would allow users to opt-out of this unwanted user experience program, and the clamor eventually died down.

Well, a new report now says that there’s still a OnePlus app that can grab data from the phone and send it to servers in China without a user’s knowledge or express consent.

 

The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus’s data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app.

 

 
Badword.txt file contains various keywords, including “Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email,” and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in “in an obfuscated package which seems to be an #Android library from teddymobile.”
 
 
Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages.
 
 
And OnePlus is apparently sending your phone’s IMEI number to a TeddyMobile server, too.
 
 
It looks like the TeddyMobile package might be able to grab all sorts of data from a phone.
 
 
 
Even bank numbers are apparently recognized.
 
 

Does that mean that a third party can get access to everything you copy and paste on OnePlus devices? We have no idea, and we won’t know for sure until OnePlus sheds some light on the situation. It’s also unclear why OnePlus clipboard data would be shared with any company to begin with, let alone a third party.

 

UPDATE: OnePlus reached out to BGR to say that the claim that the Clipboard app is sending user data to a server is false, and that the code is “entirely inactive” in the open beta for Oxygen OS. The company says that no user data is sent to any server without consent.

In the open beta for HydrogenOS, which is the OS for China, the folder exists “to filter out what data to not upload,” OnePlus added. Local data in the folder is skipped and not sent to any server.

 
 
 
SORRY FOR INCONVENIENCE WITH LINKS ABOVE, BUT I'M EXPERIENCING NOT YET RESOLVED PROBLEM WITH POSTING PICS ON NSANE. STAFF WORKS ON IT.
 
Link to comment
Share on other sites
  • Replies 3
  • Views 759
  • Created
  • Last Reply
SacredCultivator

SacredCultivator

Posted
Posted

And here I am still with a OnePlus One.... Not even sure what my next upgrade is gonna be as anything new would be a huge one compared to this OPO.

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

Well mona, Twitter works in a certain way which makes it harder for people to link the images hosted there.

 

As for the issue. Yes it's debunked. But time and again issues are appearing of this manufacturer here. Also, even if debunked, I'm not too convinced about it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...