OnePlus OxygenOS is Sending Your Private Info Back to OnePlus

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
54,849
It seems that owners of OnePlus phones are getting a lot of their activity spied on by OnePlus and the kicker is that none of this data is sanitized for your protection. Its seems to be watching just about everything you do with your phone, and of course it is not asking if it is OK to send this data. There does however seem to be a way to remove the OnePlus Device Manager without rooting the phone in order to turn off all those prying eyes. Thanks grtitan.


OK, so it looks like they’re collecting timestamped metrics on certain events, some of which I understand - from a development point of view, wanting to know about abnormal reboots seems legitimate - but the screen on/off and unlock activities feel excessive. At least these are anonymised, right? Well, not really - taking a closer look at the ID field, it seems familiar; this is my phone’s serial number. This I’m less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose).

I leave the traffic proxied for some time, to see what other information is collected, and boy am I in for a shock…
 
Probably going to go with a v20 anyways as I'm sick of batteries not being replaceable without tools.
 
I think that LineageOS supports their devices nicely, so grab the hardware, dump their software!
 
I keep saying not to trust Chinese designed phones, but does anyone listen? No.

All they do is argue.

I wouldn't touch any OnePlus, Huaiwei, Honor, etc. etc. phone with a proverbial 39.5ft pole.

It's bad enough that pretty much every phone is manufactured in that wretched dictatorship these days, but that doesn't mean we have to give up the control of the design of the hardware or the software. That's just idiotic.
 
King of Heroes said:
The great thing about OnePlus devices is that you can change the OS fairly easily. Poster above mentioned switching to LineageOS. Do that.
Click to expand...

For all we know, there is firmware on the handset that injects this spyware into any image you install onto it.

(This is the that difficult to do. Lenovo has already been doing it with Laptops)
 
Zarathustra[H] said:
For all we know, there is firmware on the handset that injects this spyware into any image you install onto it.

(This is the that difficult to do. Lenovo has already been doing it with Laptops)
Click to expand...

Source?

Only thing I saw lenovo doing was installing a trusted self signed cert on OEM installs to inject their own ads.
 
Zarathustra[H] said:
I was going from memory, but a quick Google search for the terms: Lenovo, EFI and malware found me this:

https://www.techdirt.com/articles/2...rapware-via-bios-fresh-windows-installs.shtml

Bear with me though. I'm on my phone and only have a few secs between meetings to post, so I haven't had a chance to read it yet.
Click to expand...

For what it's worth, Lenovo leveraged a technology made available by Microsoft. If that didn't exist, blowing away the crapware would be easy game.

I'm not sure if this is something android cell mfgs could do but I certainly wouldn't put it past them.
 
Zarathustra[H] said:
I keep saying not to trust Chinese designed phones, but does anyone listen? No.

All they do is argue.

I wouldn't touch any OnePlus, Huaiwei, Honor, etc. etc. phone with a proverbial 39.5ft pole.

It's bad enough that pretty much every phone is manufactured in that wretched dictatorship these days, but that doesn't mean we have to give up the control of the design of the hardware or the software. That's just idiotic.
Click to expand...
It's funny to see how Chinese people favour foreign brands like Apple and Samsung because they want something better, while many westerners buy into these Chinese craps and believe they're the "smart consumers" getting good value.
 
Last edited:
That's exactly what I have been saying, they are much cheaper for a very good reason.

I might not have ANY proof as to why they are cheaper, but the cheaper-MSRP-for-similar-spec phone HAS to be made up from somewhere else, since the Android phone market margins are EXTREMELY thin, and companies do not make products to make a loss, they must have made their profit from somewhere else.

The proverb, what you pay is what you get rings true here.
 
While I've not done any thorough digging, fwiw I have a OnePlus 3t and I don't see any of the apps/services listed in the article installed on my phone anywhere. The articles author using a OnePlus 2 on quite an old version of OxygenOS.

I'll put a network activity monitor on outside of the default android one, but right now I'm not seeing anything to be alarmed about when it comes to my device.
 
As an update to my last post, I installed a packet sniffer on my phone and saw 0 hits from anything OnePlus related. Had 200+ from "Google Account Manager,Google Backup Transport,Google Play services,Google Services Framework" a couple from my weather trying to update, 1 from Podbean, few from the Play Store, but nothing from OnePlus anything.
 
rgMekanic said:
As an update to my last post, I installed a packet sniffer on my phone and saw 0 hits from anything OnePlus related. Had 200+ from "Google Account Manager,Google Backup Transport,Google Play services,Google Services Framework" a couple from my weather trying to update, 1 from Podbean, few from the Play Store, but nothing from OnePlus anything.
Click to expand...
Which app you used? I've searched there seems to be tons.
 
Uvaman2 said:
Which app you used? I've searched there seems to be tons.
Click to expand...

I was using "Packet Capture" it intercepts all data going in and out and logs it, so you won't be able to use your phone while it's running heh. Doesn't require root
 
Well, glad I'm still running CM on my original 1+1. Likely rules out their newer product as a replacement though.
 
You must log in or register to reply here.
Back
Top