OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Where's the outrage?

Oh, that's right, Android is Linux, and Linux can do no wrong. If this was was Windows or Mac OS, the outrage here would be massive.

Re:Where's the outrage?

If this was Windows, you wouldn't have a choice of a million other manufacturers and ROMs.

Re:Where's the outrage?

As no one uses Android on a desktop? Nice goalpost moving though.

Re:Where's the outrage?

What do desktops have to do with spyware-laden Android phone ROMs? How can ai be shifting goalposts?

Re:Where's the outrage?

Literacy isn't your strong point, is it? The fact that you forget that you were the one to originally compare not only Windows but MacOS to Android discredits you more than anything I can say. Your goalpost shifting and attempts to backpedal only make you look like more of a tool.

Re:Where's the outrage?

[jarle.aase]

Android is designed to spy on you. It is it's sole purpose. So the fact that an android variant collects data about you and call home is not an issue. People who value privacy don't use android. It's that simple.

Re:Where's the outrage?

Android is open source. If you don't trust any of the firmwares out there, go put your own together.

Now, where is the source code for Windows 10 so I can strip out all of that spyware, adware, bloatware and crippleware that Microsoft put in there?

Re:Where's the outrage?

[geekmux]

Oh, that's right, Android is Linux, and Linux can do no wrong. If this was was Windows or Mac OS, the outrage here would be massive.

Not only is privacy dead, but the demand for privacy is as well.

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

This has fuck-all to do with the OS.

Re:Where's the outrage?

Oh, that's right, Android is Linux, and Linux can do no wrong. If this was was Windows or Mac OS, the outrage here would be massive.

What an idiot post. Oversimplify what it is. OxygenOS is just one of many many OS out there. You could just install another Android OS. It is not a lock-in like Windows or Mac.

Re:Where's the outrage?

This is deliberate. It's brainwashing, that they've done to achieve this.

Removing the demand for privacy takes years if not DECADES of making sure. It is a concentrated, overwhelming effort by governments and corporations of all kinds. It's not even some shadowy conspiracy; every one of them just actively works against their 'lessers' having privacy, all for their own reasons (most of them money and power).

Re:Where's the outrage?

Great, so if I've bought a spyware laden device that never gets updates, all I have to do is roll the dice on buying potentially another spyware laden device that will never get updates, and I get the privilege of paying multiple hundred dollars each time.

Yay, Android!

Re:Where's the outrage?

[MachineShedFred]

Yeah, because that's something that I'm going to expect my mother to do. And fandroids can't figure out why millions of people line up to buy iPhones.

Re:Where's the outrage?

[MachineShedFred]

Can you? It's specifically talking about that OS and the phone hardware. Is the phone hardware rootable so that installing another OS image can be done? Is it a burdensome task to do, which a non-IT person could easily do?

"Just install another OS" is a great dismissal of a problem if it's actually something most normal people can figure out without bricking their phone or getting frustrated at having to type in multiple long commands. Most anyone around here already knows that you can root and install another OS, but most phone buyers would look at you like you asked them to crack the atom if you started talking about rooting.

That's why these problems are so insidious - not because it can't be solved, but because the technical barrier to solving it is high for a layman. It's about the same as if someone was complaining about a clunking sound coming from a wheel well when they go over small bumps in their car and I tell them "Oh, you just need to replace the worn sway bar end link." It's probably two bolts, but most people wouldn't have a fucking clue how to do that, or have the necessary tools. For anyone with a bit of mechanical experience and an impact gun, it's child's play.

Re: Where's the outrage?

Not sure what your point is. Everything has a technical barrier. Nothing has NO barriers. For proprietary software you cannot do things for legal reasons. You cannot, not matter how much knowledge you could hope to have, recompile it without features. You can with Foss. Taking about no barriers at all is an extreme fallacy.

Re: Where's the outrage?

your peoblem is with the âoereasonable personâ argument. You suggest that because it can be done, it is something anyone can do. The reasonable person, however, is not as skilled as you are. They have a baseline skill level which is generally pretty low. Thatâ(TM)s why people keep talking about how incapable their mothers/fathers are. If your childâ(TM)s elementary school teacherâ(TM)s parents are -likely- to have troubles with it, we have to assume itâ(TM)s too difficult for most people.

Re:Where's the outrage?

[Gr8Apes]

Not only is privacy dead, but the demand for privacy is as well.

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

This has fuck-all to do with the OS.

It's a goal of the 1984 blueprint.

Re:Where's the outrage?

We already know that it's because of environmental lock-in and Keeping Up With the Jones'. People seem to forget that iOS still has plenty of security issues and that Apple collects nearly as much data as Google does.

Re:Where's the outrage?

[Ol+Olsoc]

Not only is privacy dead, but the demand for privacy is as well.

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

This has fuck-all to do with the OS.

Some people don't care, but a lot of people do. And while the internet is an inherently non-private place, even the over-sharers are not expecting their credit card information to be exposed for the world to see. Or that bulk pack of dildos they ordered.

Regardless, these over-sharers were not created by social media, it merely gave them a fine outlet, and hey, who wouldn't be interested in your relative's new clit ring or ostomy bag? I have one relative on FB who approaches that level of oversharing. But I digress, and am creeping myself out here.

If privacy is utmost, we shouldn't be on the internet period. There is certainly a difference between knowing your data is shared, and finding out it isn't anonymized. Anonymization doesn't completely work either, but at least they have to work at it.

Re:Where's the outrage?

Can you? It's specifically talking about that OS and the phone hardware. Is the phone hardware rootable so that installing another OS image can be done?

Not that this takes away from the seriousness of the tracking issue, but on this one specific point not only can you root OnePlus phones, OnePlus provide information on how to do so.

Re: Where's the outrage?

Just run LineageOS, the stock oxygen OS is a glitchy piece of junk. All your apps crash the Google stuff is glitchy nothing works right. The damn camera app craps out every other time you run it. I don't know why they waste their time making their own OS, LineageOS 14.1nightly builds runs so much better. Oh now it makes sense so they can track you and sell the data LoL, just another Facebook. OxygenOS=P.O.S. / OnePlus Hardware = Exceptable
I just hope my OnePlus3T last until my Libre5 Phone comes :)

Re:Where's the outrage?

Android has as much crapware as you want. Don't like the ROM you're running, then stop whining and change it (other people I mean, I can't expect someone with your mental handicap to follow instructions).

Too bad you can't do the same with Windows because it's proprietary, limited and Microsoft is ashamed to let anyone see the amateur mess that the source code must be.

Re:Where's the outrage?

I don't give a shit what your mother does, I wasn't talking about her so I don't know why you'd bring her up.

And seriously, if you can't follow some very basic instructions for getting a new firmware on your phone, then you're probably already brain dead. Your mother sounds like an idiot too.

Re:Where's the outrage?

And fandroids can't figure out why millions of people line up to buy iPhones.

Because they want to be ghetto fabulous like all the other drones?

Re: Where's the outrage?

Citation needed. I keep seeing people say this in android threads but never any citations to back it up. My iPhone doesn't collect any information on me. Cloud is disabled, Siri disabled.

Re:Where's the outrage?

[geekmux]

Not only is privacy dead, but the demand for privacy is as well.

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

This has fuck-all to do with the OS.

Some people don't care, but a lot of people do.

I challenge you to find even 10 people you know who don't carry around a personal tracking device (smartphone), and refuse to use free (in exchange for privacy) apps. There are far less people than you assume who still care about privacy.

And while the internet is an inherently non-private place, even the over-sharers are not expecting their credit card information to be exposed for the world to see. Or that bulk pack of dildos they ordered.

The utter lack of action that victims take once their credit card or purchasing detail is exposed says a lot as to just how much the over-sharers don't give a shit about privacy. Victims hardly ever change their habits as a result of being a victim. They get pissed when you ask them to change a password they've used since grade school.

Regardless, these over-sharers were not created by social media...

Yes, they were. Social media has turned narcissism into a paid profession. There are far too many idiots on YouTube earning a ridiculous living as a professional narcissist to validate this point. And that's but one social media channel. There are many others now.

If privacy is utmost, we shouldn't be on the internet period. There is certainly a difference between knowing your data is shared, and finding out it isn't anonymized. Anonymization doesn't completely work either, but at least they have to work at it.

Anonymization is in many cases security by obscurity, which isn't really security at all. And the masses would never leave the internet, and will gladly exchange both privacy and security for access to the internet regardless of risk, which re-affirms my initial statements.

Re:Where's the outrage?

[MachineShedFred]

Good job completely missing the point.

Re:Where's the outrage?

I was the one making the point and you came along an erected a strawman. Go fuck yourself.

Re: Where's the outrage?

It's 2017. There is no excuse for anybody to not be able to learn about anything any more. Stop being such a lazy and entitled piece of shit.

Re:Where's the outrage?

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

That is because the "inherent risk or impact" is mostly imagined or confined to the almost non-existent percentage of actual real cases. Yes people share pictures of themselves and their friends, mundane cat pictures and memes, so what?

Why are you so averse to sharing information? What are these "inherent risks" and "inherent impacts" that actually occur in any significant amount of cases? The "oh don't share the photo of you on holidays because then a burglar knows that you aren't home and can rob your house" is the nonsense of the paranoid delusional, it is not something to really live in fear of.

Re:Where's the outrage?

I challenge you to find even 10 people you know who don't carry around a personal tracking device (smartphone)

Big deal, you know why that is? Because the privacy brigade comes out with all these whacked out conspiracy theories because the reality doesn't make their narrative particularly compelling.

There are far less people than you assume who still care about privacy.

What is it you actually mean by "privacy"? Because there is an incredibly broad range things encompassed in that, suggesting that people do or don't care about "privacy" as a general thing is just moronic.

The utter lack of action that victims take once their credit card or purchasing detail is exposed says a lot as to just how much the over-sharers don't give a shit about privacy.

Citation? What is the specific situation you are talking about and the action you expect to be taken? Compromised payment terminals exposed credit card details so you should never use payment terminals?
Somewhere along the line when I was travelling I must have used my credit card at some dodgy outlet, the bank called me up to say they detected fraud, reversed the transactions and cancelled my card so I just picked up a travel card and continued on. A minor inconvenience and yes the bank knows where I travelled, also I was of course using my passport so governments knew where I travelled and I had my phone with me (which was very useful) so some companies knew where I travelled...and what exactly was the consequence that I suffered for this massive privacy violation? I suppose I should have just stayed at home and psuedonymously posted on the internet about how bad it would have been.

Yes, they were. Social media has turned narcissism into a paid profession. There are far too many idiots on YouTube earning a ridiculous living as a professional narcissist to validate this point.

Now you just sound bitter. I don't know why you're trying to make a connection between people who portray (real or acting) narcissistic tendencies on the internet with not caring about whatever you are terming privacy to mean in this context. Likely they aren't idiots at all, just people that act out a persona and are a lot smarter than you.

And the masses would never leave the internet, and will gladly exchange both privacy and security for access to the internet regardless of risk, which re-affirms my initial statements.

What specifically is it you're so afraid of? Fear of the internet is not new, we have been hearing this same fear-mongering for decades.

Re: Where's the outrage?

Not sure what your point is. Everything has a technical barrier. Nothing has NO barriers. For proprietary software you cannot do things for legal reasons. You cannot, not matter how much knowledge you could hope to have, recompile it without features. You can with Foss. Taking about no barriers at all is an extreme fallacy.

You can scream that Android is open source all you want but the reality is any actual functional version of Android that you can use on hardware requires proprietary software:
AOSP cannot be used from pure source code only and requires additional hardware-related proprietary libraries to run, such as for hardware graphics acceleration.
Preparing to build

The elephant in the room ....

[thesjaakspoiler]

... is Broadcomm. With their chips in all major manufacturers devices, they are receiving more data to 'optimize' than any other industry player.

Re:The elephant in the room ....

Say what? Do you have proof that Broadcom wifi chips are making connections (without host involvement) back to Broadcom servers? I’m pretty sure that would have been spotted by now.

Generally, the wifi chips don’t even have network stacks on them. They operate at layer 1/2, and just forward packets back and forth to the host’s network stack.

Re:The elephant in the room ....

[Desler]

And your proof is where exactly?

Re: The elephant in the room ....

[Reverend+Green]

The vigorous response you got from the 50 Cent Army suggests you may need right about the elephant in the room.

Re:The elephant in the room ....

It is not Linux. It isn't Broadcom... I worry about the SoC chips that require special drivers that are not available to anyone outside of the device maker. Those worry me.

Re: The elephant in the room ....

[Reverend+Green]

I wrote some free software yesterday, as part of my paid job. Because it's easier, faster, and cheaper for us to use Free Software than to roll our own. And when we need to fix/improve something, we contribute it back. Not only because it's the morally right thing to do. But also because maintaining unsupported private forks is a security nightmare.

Re:The elephant in the room ....

And if Microsoft really were stealing your data rather than just collecting telemetry I'm sure that would have been spotted by now, but that wont stop the conspiracy theorists jumping up and down.

Re: The elephant in the room ....

What kind of reply is "A lot of people questioned the accuracy of your response so you might be right?"

That's not how facts work

Re: The elephant in the room ....

Open Source can be a security nightmare too. The simple fact is it is much easier to find and fix but also to exploit bugs when you have the source code. You simply cannot argue that it's better because it's easier to find and fix bugs while ignoring the fact that it is equally easy to find and exploit them. Yes in a perfect world where all hackers are white hat hackers, everybody is vetting everybody else's code and there's nobody malicious then open source would unquestionably be the right choice but the problem is that the evangelists like to pretend they live in this ideal world and get all upset when people point out reality.

You can argue there's no security through obscurity and again in the idealized world where you say nothing is safe because some malicious state-sponsored actor with infinite resources can hack it that might be true but again we don't live in that idealized world, reality is simply not like that.

All this isn't to say Open Source is bad or to say that Open Source is worse the Closed Source but just to point out that Open Source is not all secure fairies farting rainbows like many Open Source evangelists pretend it to be.

Re:The elephant in the room ....

And if Microsoft really were stealing your data rather than just collecting telemetry

False dichotomy. Metadata is data.

Re:The elephant in the room ....

Collecting telemetry _is_ stealing your data, dipshit. Microsoft wants to turn all of their customers into a free workforce. They are a deadbeat company riding on the work and data produced by users to make themselves richer without compensating anyone.

You want my data? You can pay cash money for it or you can fuck off.

Re:The elephant in the room ....

[Hal_Porter]

The SoC has a Wifi MAC and maybe a PHY. However as the OP pointed out 'Generally, the wifi chips donâ(TM)t even have network stacks on them. They operate at layer 1/2, and just forward packets back and forth to the hostâ(TM)s network stack'. Spying needs to sit on top of the network stack.

So on an Android device you've got a Linux kernel with TCP/IP sending packets to a network device in the SoC. The spyware is probably running up in user mode where the GPL doesn't apply anymore. Google went to great lengths to avoid user mode code having to be written in Java byte code - they have their own VM - presumably to avoid paying royalties to Sun or Oracle or whoever owns Java.

https://en.wikipedia.org/wiki/...

And they alway went to great lengths to avoid user code being subject to the GPL - they use their own C library not GLIBC.

https://en.wikipedia.org/wiki/...

That means when OEMs write user mode code in C or Java they can keep it closed source and not pay for a Java licence from Sun/Oracle.

It would be tricky to implement spyware in an NIC driver because it runs at the MAC level. And since the Linux kernel is GPL you'd theoretically have to release the source code to said spyware which would lead to you being ridiculed. Doing it in user mode on top of the Linux TCP/IP stack is trivial and you can keep the code closed source.

tl;dr - don't worry about the SoC drivers, worry about all the crap the OEMs add to closed source user mode code.

Re: The elephant in the room ....

I don't know, this response does seem to be somewhat overwhelming. I have no proof of anything with Broadcom, but having had the unfortunate circumstance of having to work with them once, they are the worst company to try to work with I've ever had the misfortune of having to deal with. (Seriously, they wouldn't give us datasheets to evaluate if their product would work for us unless we expressed interest in purchasing a million units, we're a small company and don't make a million of anything, seriously, they're secretive about datasheets).

Toss in that for as much as people say they only provide the hardware, this is factually incorrect. Their hardware is inoperable without a kernel driver inserted into the Linux kernel within Android. Also, Broadcoms drivers are all strictly closed source. See above about how secretive they are about datasheets.

Re: The elephant in the room ....

Citation needed for the claim that security through obscurity works. If you are a security expert, you really need to make yourself known.

Re:The elephant in the room ....

[omnichad]

Everyone's already jumped in, but I'll also add that collecting telemetry data can sometimes slow things down to a crawl. I'm personally more worried about unnecessary use of computing resources than collecting metadata - it directly impacts my bottom line in buying more powerful hardware to compensate.

Re: The elephant in the room ....

[omnichad]

Citation needed for the claim that security through obscurity works.

No citation needed, just common sense. It works, but only relatively better and not absolutely. If you can literally look at the code and find the bugs, it's easier to find an exploit bugs - without the code, you have to guess and check at where bugs might be.

Re:The elephant in the room ....

FYI, Broadcom merged with Avago. Avago (formerly HP Agilent) purchased LSI. LSI bought AMI (American Megatrend's) RAID division (MegaRAID) in 2001. LSI (and now Broadcom) makes SCSI and SAS raid controllers for pretty much every major vendor out there. IBM M-series RAID (cut down versions, not BIOS locked), HP RAID (BIOS locked to HP), Dell PERC (???). The only other company that makes RAID controllers is AMCC, and, from what I gather, they have LSI/Avago/Broadcom SoC internals anyway. All the RAID code appears to be identical in a certain family, like SAS3108 (MPT?), SAS2008 (MPT SAS), SAS2208 (MPT2SAS), SAS2308 (MPT3SAS), and so on (

Cisco is complaining to the Gov't that Broadcom has access to their trade secrets - I guess a portion of Avago/Broadcom is in a shared building and Cisco is getting nervous that Broadcom might move into their market. One company to make network gear, routers, storage controllers, wireless technology ... So when is Broadcom going to purchase AMD? Then we could have CPU, networking, wireless, routing, and storage controllers all on a single die. With TrustZone. Wouldn't that be just fantastic?

Re: The elephant in the room ....

[bluefoxlucid]

I have never found a security bug in someone else's code by looking at code--everyone else is a better programmer than I.

A great many security researchers find their bugs by fuzzing. EternalBlue amazes some folks in the exploit development sphere but, even as a non-exploit-developer, it's pretty simple to me: the researchers looked at a thing they could make happen and, given other things that they could make happen, worked out what information they could derive from each part. Then they had tools which they could assemble into a complete machine. It wasn't built by digging a straight line from A to B; it was built by saying, "I can do X, but can't get further because I'm missing Y and Z; but here is a thing that reveals Y and Z, and with X ..."

I've written exploits. I had software I knew was vulnerable, cashed it, looked at it in a debugger, found where my unique string went (stack!), and then replaced that with a jump onto that part of the stack. Injected Metasploit-generated shell code and it worked. When your bug is strcpy(a[100], strUserInput), it's easy to look at source code; when it's a whole hell of a lot of complex operations which in some but not all cases allocate a[shortLength] and copy bigUserInput, the bug is non-obvious. Actually causing a crash and hunting it down is easier even than crashing it, looking at the source code, and working out why it crashes: if I'm reliably getting stuff on the stack, I can reliably inject a stack buffer overflow without understanding the complex logic that lets it happen.

This is why we have randomized XOR canaries, address space randomization, and non-executable data policies.

Re: The elephant in the room ....

Citation needed for the claim that security through obscurity works.

I didn't say it works in general, I said the claim that there is "no security through obscurity" is rubbish. Take Quake 3 for example, when the source code was released there were a number of exploits that occurred because having the source code made it much easier to find and exploit bugs, just as having the source code makes it much easier to find and fix bugs, it cuts both ways. Those vulnerabilities were always there but existed unexploited due to the relative obscurity of them compared to when the source code was released.

Root Phone

[rtb61]

It seems that regulations are required to ensure end users can readily gain root control of their phones to enable a full range of settings to be altered to ensure their digital right to privacy and control of their property. All phone manufacturers should be required to provide software to enable any customer to gain root control of their phone, else that phone can not be connected to networks in the country.

Re:Root Phone

Look at this freetard.

Re: Root Phone

[Reverend+Green]

Afaik it's illegal (under CALEA, maybe others) to sell a privacy-respecting cellphone in America.

Re: Root Phone

Afaik it's illegal (under CALEA, maybe others) to sell a privacy-respecting cellphone in America.

CALEA applies to telecommunications providers. It does not apply to manufacturers of hardware and software.

There is no requirement for telecommunications providers to provide what they don't have and can't get. (e.g. E2E encryption keys)

Re: Root Phone

[Reverend+Green]

Oh my brother, I believe you need to read the CALEA implementing regulations.

Re: Root Phone

[citation needed]

Re: Root Phone

If you're not paying for the product, you are the product.

Linux is not a "product" any more than algebra is a "product". Which corporation's "product" do you become when you use arithmetic or speak the English language? Who gets paid when you use physics formulae to compute engineering problems? What company's accounts get credited when you follow chemical recipes published in out-of-copyright chemistry books?

Also, Android is not Linux.

Linux is an OS kernel, it has no built-in telemetry. On top of the kernel one can install any set of user-space tools, to suit ones need, such as the standard GNU tool-chain which has no telemetry. Most other packages in most distributions have no telemetry also.

But since Linux based OSes are open and easily modified, one replace standard GNU tools with proprietary crap. Like for example the Java-like-VM based mess called "Android" which replaces most of GNU tools with corporate-friendly environment.

Its up to you what you make your Linux based system. If you choose to use Googles's espionage package called Android, its on you, not Linux.

Re: Root Phone

[citation needed]

And where is yours ?

Re:Root Phone

It seems that regulations are required to ensure end users can readily gain root control of their phones to enable a full range of settings to be altered to ensure their digital right to privacy and control of their property.

No, that's ridiculous and it's clearly a half-assed solution anyway. Are you familiar with hardware backdoors? PSP? AMT? You think you're secure just because you run Linux with root access? You're almost unimaginably ignorant! For all the constant whining about what other people should do when is the freedom brigade going to step up and produce something decent instead of just mindlessly buying whatever other people produce and then complaining about it?

Nobody cares about your complaining because you keep voting with your wallet.

Re: Root Phone

[omnichad]

Didn't they name the citation that you required? Go read it.

Re:Root Phone

[bluefoxlucid]

Actually, the Librarian has ordered all phones unlockable for free to install custom images. Just get a OnePlus 5 and install Resurrection Remix or LineageOS.

But it is open source

It has to be more secure than iOS since it is based on open source Android OS.

Re: But it is open source

We heard you the last 20 times you posted this horseshit, you fucking dullard.

Re: But it is open source

OSS = janitors and sysadmins get paid, while the programmers are trying to survive eating Ramen noodles.

Windows 10 telemetry

Windows 10 telemetry... anonymized... oh, the horrors!
Android (Linux) telemetry... not anonymized... it's okay, we'll look the other way

It's way too easy to insert spyware into open source software, yet it gets a pass. How about we criticize Lunux, too, and own up to the inherent vulnerability in open source software.

Re: Windows 10 telemetry

No, we will just mod you down instead.

Re: Windows 10 telemetry

Yup, censoring anyone who tells the truth about Linux... got it.

Re: Windows 10 telemetry

Linux is a kernel, what the hell are you people talking about making comparison with Windows userspace bugs and vulnerabilities ?

Re: Windows 10 telemetry

Linux is the kernel and open source. Android, parts of it, are open source. This telemetry has nothing at all to do with open source as it isn't inserted into the open source bits. It's shitty shovelware put out by a vendor with no sense of right and wrong. You are informed and have a choice. Don't buy this vendors shitty shovelware laden crap, or willingly submit. If it were inserted into the open source bits, you would have the ability to compile it yourself without the telemetry, unlike with closed source everything. But I advocate that's too much work and there's plenty of non-spyware laden phones to choose from.

Re: Windows 10 telemetry

The OS means jack shit when ARM, AMD and Intel microcode is spying on you via ME, Trusted Platform etc

Re:Windows 10 telemetry

Yeah, it's very easy, except if the project maintainers are looking at what gets submitted and not just blindly merging code, spyware gets caught and rejected.

Whoops, forgot about that little piece in your nice little FUD spew, eh?

Re:Windows 10 telemetry

[JohnFen]

Windows 10 telemetry... anonymized... oh, the horrors!
Android (Linux) telemetry... not anonymized... it's okay, we'll look the other way

Not even close. I object to telemetry you can't disable equally on all platforms. Android or Linux doesn't get a pass on this.

Which OS is involved here?

Let's make sure that we're clear to help users know what's going on. Android is Linux. These phones are Linux systems.

don't opt in in

[chromaexcursion]

Having written anonymizing algorithms, all I can do is cringe.
If you wan't privacy, don't opt in.
(At least google is giving an opt in)
Welcome to the Brave New World

A shame

[Lisandro]

OnePlus manufacture some dam nice phones, and OxygenOS was stock android with just the right amount of custom tweaks. I'm now happy i didn't pick up a OP5.

Re:A shame

[Teun]

You're right, I own a One+3 and it is a great phone.
I have been thinking about getting the next model but this news certainly drives me back to Nexus/Pixel or better, the Purism phone.
Among others it promises pure open source Debian-derived Linux and hardware switches on the camera and microphone.

As a matter of fact, now I'll contribute to it's development: https://puri.sm/shop/librem-5/

Oh yes, about the 'Linux is to blame' troll(s), it's not the Linux part that's at fault here, it is One+ their OxygenOS shell that does the spying.

Re:A shame

[BessBeysanmak]

votre article est magnifique. Merci de visite notre article via ce lien machine a parpaing

Re:A shame

[Qzukk]

I own a OP3 as well, and this is definitely the steel beam that broke the camel's back. It'll be the only one I buy.

At this rate, though, I'm thinking my next phone will be a cheap candybar if I can find one (didn't someone say they were bringing back the Nokias?). I got into One+ because of the promises of (almost) stock android and getting timely updates and now that I've had it for a while, I've come to the conclusion that I was honestly happier with my previous HTC Evo that never got an upgrade past android 2 or so. At least I could pick up the phone and answer a call without having to guess what the fuck the gesture is this week. I hung up on the boss last night because suddenly I am now supposed to drag down to answer a call, instead of drag to the side like last week. Two updates before that, it was drag up to answer, one before it was drag up to hang up and send an "I'm busy" text message. Further, in the last several versions, touching the white spot to answer would display icons that clearly identified where I should drag to answer or hang up the phone. Now, there's a tiny green arrow below the icon pointing down (obscured by my thumb).

Re:A shame

OnePlus manufacture some dam nice phones

So not only do you not need to be concerned with getting one of these wet, but you can even use them to block running water? Impressive.

Re:A shame

[danbert8]

I'm still rocking a OP1 and still running Cyanogen. It sucks that development is sort of dead for it, but I still have control over pretty much everything. I like being able to block individual apps from sharing data and boy once you disable it, you'd be surprised how many apps complain or refuse to work over data they don't need.

Uber especially is one I have to block location access and then re-enable it when I want to use the app. It will try to track you all the time whether you are actively using the app or not.

Everyone else does it

[WaffleMonster]

This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws

The reason this is not a concern is because everyone else does it. Absolutely priceless reasoning.

If I had a penny for every instance of this nonsense uttered in my lifetime I would be a trillionaire.

Re: Everyone else does it

[amalcolm]

Wrong. The problem is in the Android userland. Nothing to do with Linux

Re:Everyone else does it

[Teun]

Indeed a flawed 'logic'.

I can accept a certain form of Opt-In telemetry but there is no need to include ESSID's and WIFI identifiers.

Re:Everyone else does it

Why are you all still using so-called smartphones at all? Do you not care who is digging through your virtual underwear drawer when you're not looking?

I have nothing to hide, therefore I have nothing to fear!

Retarded.

Only CRIMINALS need privacy!

Short-sighted; literally can't see past the end of you own noses.

B-b-b-but I NEED my smartphone!

LOL no you don't, you're ADDICTED to your smartphone. Seek help for that, get a dumbphone that doesn't spy on you.

My job REQUIRES me to have a smartphone

Then get a dumbphone for your non-work and make sure your job is paying for the other one -- and DON'T USE IT FOR ANYTHING PERSONAL!

I need to keep track of my kids!

Put the helicopter back in the hangar and STOP OBSESSIVELY SPYING ON YOUR KIDS! Or do you want them to get a complex, knowing they're not trusted?

I need to keep tabs on my spouse!

Nope. You need marriage counseling. Or perhaps a divorce attorney.

I'm bored and need entertainment with me at all times!

GO READ A BOOK!

It's my money and my choice and I don't have to listen to ANYONE, I'm an adult and make my own decisions!

In other words you have no valid excuse for carrying around a SURVEILLANCE AND TRACKING DEVICE with you 24/7/365, like you're on House Arrest with an ankle monitor (and that's what your smartphone is, basically), you just have it because it's SHINY and a STATUS SYMBOL and you don't want your peers to LAUGH AT YOU for having a serviceable, basic cellphone, which is all you really have a use for in the first place. I suggest you re-examine your priorities in life, and perhaps your level of emotional maturity, and adjust your life accordingly.

Seriously, people, in all the years since there was such a thing as a 'smartphone', I've yet to see a real valid need for them for 99% of anyone. True, for some people they need constant connectivity (although I shudder at the hell their lives must be because of that), but everyone else has just been so thoroughly indoctrinated by wireless companies, the media, and clueless people who buy things just to buy things, that they don't even know WHY they have one. To make matters worse wireless companies push them on you and make you feel like you're a senior citizen, almost literally ridiculing you to your face, if you don't want a smartphone. Why do you think that is? It's because they suck more money out of your pocket EVERY GODDAMNED MONTH because you have one. Then, like in TFA, they're violating your privacy flagrantly so they can sell that data to someone else, making MORE money off you. Do you enjoy being used like a toilet? If you do there may be no hope for you. For the rest of you, get a clue, get rid of your smartphone NOW, save money and stop being spied on!

The choice is yours; choose wisely.

Flash Phone. Lineage OS.

[Zombie+Ryushu]

Flash the Phone with Lineage OS. Thats what I do with my Phones.

Re:Flash Phone. Lineage OS.

Cool how do I do that with my Verizon Google Pixel by Google?

Re:Flash Phone. Lineage OS.

You're welcome

Re:Flash Phone. Lineage OS.

Are there any stable builds for Lineage OS? All I see for my phones are nightly builds. I've tried nightly builds of other Android alternates before, and due to my experiences I'm not really comfortable running a nightly build on my phone.

Re:Flash Phone. Lineage OS.

If that's how you feel, then custom ROMs aren't for you. Just stick with what your phone maker drip feeds you.

i'm concerned

> This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws.

Umm... yes it is?

Re: i'm concerned

Seriously, what is your freakin major malfunction? Did you blue screen?

Re: i'm concerned

If you don't know how Linux is paid for, then you need to get out of the basement occasionally. Hundreds of companies pay developers full time to develop Linux because it's cheaper to pay developers to add features to Linux that they need specifically for their product line than it is to develop a full OS on their own. I used to work for a major company that had some 100 full time developers dedicated full time to Linux kernel development. They were feeding into one of the embedded sub-variants similar to I think WindRiver, can't remember exactly as it was over a decade ago.

Make a law

These data collection will go on till there is a law which explicitly forbids and fines the cost of phone for each voilation. Live with it.

If you're not paying your money for the software..

If you're not paying your own money for the software, you're paying some other way. This has proven to be correct over and over. Android is Linux. It's free. If you're not paying your money for it, because it's free, you're paying for it some other way. This is obvious to anyone who's paying attention.

Guess I'm not going to buy a one plus phone

[chromaexcursion]

15 years ago, I worked for a well known company, and wrote an innovative set of privacy algorithms.
Didn't happen, long story; but sadly typical This is, to my mind, stupid. But the current generation doesn't seem to mind.
Need hearts and minds to effect change

Re:Guess I'm not going to buy a one plus phone

[Anonymous+Brave+Guy]

But the current generation doesn't seem to mind.

Doesn't mind, doesn't know, or just doesn't think they can do anything about it so tolerate it despite minding because they need a phone to live a normal life these days?

Those are three quite different scenarios, and in two of the three it appears there is a market failure where purchasers of these (or other) smartphones don't get a choice they could reasonably be offered and so can't express their preference with their wallets.

That sort of market failure is what regulation is for. Europe is going to have a party with this one, particularly if it isn't fixed before the new EU privacy regulations come in next year.

Re:Guess I'm not going to buy a one plus phone

It's not doing anyone any harm

Re:Guess I'm not going to buy a one plus phone

[JohnFen]

Doesn't mind, doesn't know, or just doesn't think they can do anything about it so tolerate it

With my kids, it's that latter thing.

None of them are OK with it, but equally as much, none of them think there's anything they can do about it.

Re:If you're not paying your money for the softwar

ya dat wut i kep tellin peeps cuz tha xbox comp. wuz givin win10 away 4 FREE pers. i dunt care becuz i got nuthin 2 hide da comps. + gov cood C it all i aint got nuthin 2 hide i 3 win10 best comter 4 gamerZ + smart peeps linix is 4 dum nerds an mac is 4 fags

win10 4ever!!!1!

uhoh

[n3r0.m4dski11z]

I know someone with a one plus 3t and it seemed like the perfect device. I am not sure what effect disabling those applications might have, so ill wait a few days before advising her to do that. Hopefully this is big news, but sadly everyone is doing it.

If you are a smartphone user and you think google and apple don't have the complete picture of you as an individual you are dreaming! This is just the chinese not giving even the slightest fuck, while american companies still have to pretend to care about privacy somewhat.

Advertising, marketing and databases. Isn't it great what all this technology has become! A worthless extension of 20th century consumerism.

Re:uhoh

[Teun]

The way I read it it's not a 'certain application' that does the spying, it is the OxygenOS layer One+ has put on top of the otherwise pretty stock Android.

who pays the shills?

[Reverend+Green]

Only 30 comments so far, and over half of them are from painfully obvious anti-Linux shills. Which leaves me wondering - who exactly bankrolls this particular battalion of the 50 Cent Army?

Microsoft? No, can't be. I think they've given up on phones.

Apple? Now this one is fairly believable. Deep pockets, Silicon Valley ethics (read: no ethics at all), and mindless brainwashed cult followers... okay, sounds plausible. But it's so crass & crude & obvious. Doesn't really feel like an Apple-backed operation.

Russian/Chinese/Nork/USSA state-affiliated organizations? Well sure, they infest Slashdot like the regular vermin they are. But why would they give a fuck about an obscure cellphone?

Global dystopian-progressive NGOs backed by financial oligarchs? Well, they do hate freedom, so it stands to reason they would also hate Linux. The smarmy tone of the shill comments does match their supporters. Not sure why they'd care about a cellphone. But maybe their shills are on salary. They've already finished polluting the political articles, so they're just chilling out here. Shitting all over the place while trying to figure out how they can blame this on Trump colluding with the rooskies. I rate this possibility as plausible but lacking in evidence.

RMS? The shills both draw attention to the evil practice of commercial surveillance, as well as making anti-freedom proponents look like toxic fucktards. Subtle & brilliant. Alas, I don't think RMS has the funds to hire a troll army, so this one's not too plausible.

Re:who pays the shills?

Chi.com vermin on Trotsky SJW infested /. ?? Mebby so, then time to clean clocks & take-names ...

Re: who pays the shills?

Anyone who doesn't agree with you must be a paid shill? There are two words to describe you: paranoid delusional. In your mind, anyone who criticizes Linux must be a paid shill, yet you made no attempt to refute them. If you could have addressed the concerns raised about Linux, you undoubtedly would have done so. That indicates you are unable to do so. By your logic, you're likely a paid pro-Linux shill, perhaps funded by someone with deep pockets such as Red Hat or IBM. Linux also includes SELinux code contributed by the NSA, which is snooping both on Americans and foreigners. Perhaps you're a paid NSA shill, encouraging you to use their code that might have backdoors.

Re: who pays the shills?

Criticism of Linux? Oh, no, must be shills! Mod to -1 troll!

Criticism of Microsoft and Apple? Yay, +5 insightful!

Got it.

Re:who pays the shills?

[kamapuaa]

You have mental problems. Seriously, your recent post history also has you posting 20 times in anotehr thread accusing people of being Chinese shills (and Hillary Clinton shills) and now this long rambling post about people being paid to talk bad about Linux on an obscure website frequented by old IT professionals...

Get off the site (which is feeding your paranoia) and get help.

Re:who pays the shills?

The funny part is, when there's a positive Android story Android isn't Linux, but when there's a negative Android story all of a sudden Android is definitely Linux.
Hard to keep up.

Re: who pays the shills?

Trolligula is responsible for all of the trolling in this article. We are a consortium of Slashdot trolls that are nearly as old as Slashdot itself. We are not a paid organization, just a bunch of trolls who enjoy when tinfoil hat buffoons such as yourself get all wound up over our posts. You can find more information about us at goatse.cx.

Re: who pays the shills?

[iggymanz]

you are a false prophet and not the true anon, for in only mentioning the goat hole you have not mentioned the complete holy trinity which also includes tub girl and two girls & 1 cup,

Re:who pays the shills?

[rat_herder]

Thanks for that moronic, delusional diatribe. Oneplus is the entity abusing linux. Undermining the privacy of their users is the issue at hand not some poorly reasoned consiperacy of corporate shills. I feel stupider having read that. This guy Chris Moore appears to have done some transparent, reproducible legitimate and quite shocking analysis on sensitve data being sent from his home to this corporation. Yet somehow from this you find a way to make this Apples fault. The only company that has actually show they are interested in protecting the privacy of it's users. Grade A+ stupidity.

Re: who pays the shills?

It is Apple's fault because the way they have monetized the mobile market has sucked the money out in a waybthat has made it impossible for an honest and ethical vendor to thrive, or even subsist.

Your fucking fruitfones have made freedom near impossible.

Re:who pays the shills?

Its very simple. Android is a corporate set of applications running on top of Linux. Linux, the kernel, has no telemetry whatsoever and is simply a foundation. A very effective and powerful foundation, hence the credit given to it, irrespective of what someone else put on top of it.

Think a building where the foundations and the first few floors were constructed by volunteers and have free hospice in them but the the top few were added on by an evil corporation which runs unethical scientific experiments on children in them. Are the volunteers at fault for building the foundations? Right next door they did the same and the top floors were completed by a charity that gives free medical care to the needy. Next building, the same volunteer foundations and free soup kitchen on top... and so on.

Re:who pays the shills?

[Teun]

The trolls gave away their provenance by repeatedly claiming a 'walled garden' would be better, that's newspeak for Apple.

Re:who pays the shills?

Be quiet kid, adults are talking.

Re: who pays the shills?

Slashdot accepts smart and valid criticism. I assume you're most of the anti-Linux ACs here, meaning you're blathering without a clue what you're talking about.

Re: who pays the shills?

"Feeling cranky..?" Oh the irony...

yeah, apple pays people to post on slashdot. You're a special kind of moron.

Re: who pays the shills?

He also missed "hot grits", GNAA, and Netcraft confirming it.

Damn, if I had been playing Slashdot bingo I would have just carried myself to victory.

Re:who pays the shills?

The problem is there actually are real paid shills now, go google all the PR firms out there. The problem is actually growing and is becoming noticeable. Just look at game reviews and commenters. This crap is spreading into our daily lives.

Re: who pays the shills?

The Reverend is a Russian troll. His current job is to make us believe that Slashdot is being manipulated by Chinese trolls. Read his posts with that in mind and it will make more sense.

Re: who pays the shills?

[WizMorgan]

"Slashdot accepts smart and valid criticism"

Yes, the WEBSITE does. The readers, well, your mileage WILL vary. I see Apple Fanboys, Microsoft Fanboys and Linux Fanboys who refuse to accept smart and valid criticism. Often it's treated like a personal attack. And it is responded to as such, using far less smart and valid criticism.

I just thought I should point that out.

Re: who pays the shills?

[Reverend+Green]

Goddamit, I already told you - I'm a NORKBOT. Great Leader Kim Il-sung personally programmed me, shortly after he invented the Internet. Yes, Pyongyang is in fact lovely this time of year. Not that it matters to me, since I'm a bot, but hey just sayin'...

Anyways, I blame the Rooskies AND the Chicoms. And just for good measure, I blame Canada too. Fuck those polite, hockey-loving, maple-syrup-swilling anti-American Nazis. They're literally Hitler, all of them.

Remember boys & girls: Whenever someone disagrees with you about politics, IT'S BECAUSE THEY'RE A RUSSIAN, CHINESE, and/or CANADIAN AGENT!

Re: who pays the shills?

When you say 'monentized' do you mean via private enterprise, they employed a bunch of skilled engineers and programmers to create a product and sell it on the free market that people apparently want to buy? Sure. How you conclude this makes 'freedom impossible' is some more industrial illogic.

equal-sign_equal-sign

to each their own

The Moral Of The Story

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all ...

This is SlashDot. While that means that the most worthless crap can be posted, it also strangely means that intelligent people will read and comment about it. Of course it's a concern if your friends are jumping off of a cliff, not a reason to follow them. It's only an issue of no concern if the product isn't being marketed as needing to be as secure as possible. Threat surface is threat surface.

The Shenzhen-based Chinese smartphone company is collecting a long list of details,

Oh, so this is a story about products sold by those under direct command of those who ordered the Tiananmen Square Massacre. Now I see why the story Really doesn't matter.

The data collection process cannot be disabled from anywhere in the phone's settings.

But is it very difficult for a competent computer programmer to inspect the open source software and add this feature? Oh, you say it's a mountain of fucking work that wouldn't matter because there are thousands of other equally unnecessary threat surfaces that are baked in, and no effort made to make product owners empowered enough to easily patch as many as they can and share those patches with the community of product owners resulting in a massively more useful, robust, and secure product. Now I understand why this story Really Really Doesn't Matter.

When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Moore didn't do his homework about where the post-Snowden state of cybersecurity is. Moore wasted his time. That's the moral of this story.

So why is anyone surprised?

I don't care what OS is on the phone. It is both designed and manufactured in China by a Chinese company. The government has total control on what it does. They've obviously taken the opportunity to clandestinely track the location and usage data from everyone worldwide with a OnePlus phone. It is most certainly feeding into a government intelligence database for permanent storage.

This is no different than Kaspersky. As far back as 2000 a company I worked for considered Kaspersky and quickly rejected it due to the security implications of its connections with the Russian intelligence community.

China has a history of demanding assistance with data collection from those doing tech business in their country. You have to expect as a consumer of anything they make that has data collection potential, they've made their demands and the demands were granted. Otherwise, the company would not be in business.

Sony's new noise cancelling heaphones

Btw, I Sony's new bluetooth noise canceling headphones has some kind of telemetry built into them, as it supposedly measures or at least reacts to air pressure (to be used on flights). I don't like this kind of tech that seemingly has telemetry built into it. I don't care if the battery lasts longer, or if it is cheaper with this newer model.

Model: Sony WH-1000XM2

"It includes the noise-cancellation features together with the “Atmospheric Pressure Optimising” found in WI-1000X."

https://www.headphonesty.com/2017/09/sony-announces-4-new-headphone-ifa-2017/

"as almost all applications these days collect..."

THIS is the problem. It starts somewhere, innocently, and now its EVERYWHERE with NO LIMITS.

Regulators should pick up this topic and do something.

Market opportunity?

[Hal_Porter]

Stories like this and fscking Samsung ruining Galaxies by removing removable batteries, switching from Qualcomm to Exynos etc makes me wonder if there's a gap in the market for a new phone. It would be like this

1) Qualcomm reference design
2) Removable battery
3) SD card slot
4) Enough onboard flash and SDRAM that people won't complain
5) Headphone jack
6) IP67 or better

Incidentally all this was possible when Samsung build the Galaxy S5. And in fact the Galaxy's 1080p display is fine for most people. Though I suspect you'd go for IPS rather than OLED because more people sell decent IPS displays than sell decent OLED ones.

For software you'd aim for stock Android. Or this

http://www.androidauthority.co...

The idea is that rather than selling a mix of hardware and software like Apple, Samsung and OnePlus you're building hardware to run industry standard software, a bit like PC OEMs do.

Which means no spyware. And no bloated crap like TouchWiz. You'd have to make sure you made money on the hardware alone.

Actually there are lot of Chinese and Taiwanese OEMs selling devices like this cheaply. The problem is that they haven't made the leap from selling mix of hardware and software to being purely hardware OEMs and depending on open source software. Well that and most of them are terrible at software.

Re:Market opportunity?

[bluefoxlucid]

I'd pass on the SD Card if they would just settle for a decent amount of flash instead of charging a premium.

64GB, $300; 128GB, $350. A 64GB MicroSD costs $15 and a SanDisk MicroSDXC 64GB Ultra costs $23, with all the circuitry in there for the flash controller (SD cards include a microcontroller--a small computer that handles IO operations and even runs its own OS). It's $8-$10 of flash chips. Your phone has a flash controller chip already; adding $10 more NAND does not cost $50 and you are not taking a loss on the smaller storage model. 256GB-320GB should cost the extra $50 over just 64GB.

You also need that USB-C port--which, honestly, means you could do a 10mm attachment that clips on an expanded battery, a USB-C data pass-through, a headphone jack, and a dual MicroSD port (the SD would stick out 1mm) if you really want. SD allows you to attach devices like a tiny PCMCIA port, so you can add NFC if your phone doesn't have it.

Re:Market opportunity?

[JohnFen]

I don't care about water resistance, but I'd buy the phone you describe in a heartbeat.

I wouldn't care if it didn't have the best display, and I wouldn't even care whether or not it had a camera.

It often seems like every new model of phone I see entering the market is less desirable than the one before it.

Re:Market opportunity?

I will always want expandable storage because it effectively means infinite storage.

My phone right now has 32GB + 256GB of space and I have numerous 128GB cards laying around.

Re:Subiaco Abbey Tours

Yeah... If you think you won't end on my shit list of places never to consider, you are sorely mistaken.

It gets worse.

Did you know your phone company not only knows your phone number, but the EMEI, your location, who you called and when you called? Something needs to be done about this invasion of privacy!

Re:It gets worse.

Did you know your phone company not only knows your phone number, but the EMEI, your location, who you called and when you called?

No they don't. They don't even know my name.

And what the fuck is an "EMEI"? You don't even know the terminology...

One question Susan.

How good are you at sucking dick? Can your pussy accomodate a 10" cock?

Where have you been???? they all do it....

apple, android, samsung those phones are all tracked etc. pseudo "randomization" is only to "comply" with compliance...

wait for it...

[yodleboy]

minds exploding as all the people bashing windows 10 for sending loads of anonymous telemetry try to wrap their heads around an open source project getting away with something even worse...

Re:wait for it...

OxygenOS isn't open source, it's proprietary.

It's not an Android problem (not really)

[Bright+Apollo]

If I make the battery non-removable, I can keep the radio on without you knowing it, so I can send packets of who-knows-what whenever I like.

If I lock it down, you won't be able to detect it, or shut it off.

Don't be distracted by the bloatware and ad notifications -- those are the result of corporate flacks that can't help themselves. Your privacy is really being eroded in the background.

Think about another phone you might have, with a non-removable battery, and a very walled garden.

--#

Re:It's not an Android problem (not really)

[JohnFen]

If I make the battery non-removable, I can keep the radio on without you knowing it, so I can send packets of who-knows-what whenever I like.

Here are some easy solutions to that problem: https://www.amazon.com/faraday...

Re:It's not an Android problem (not really)

[Bright+Apollo]

Sure, we all know about faraday cages and tinfoil hats here, but think about the trick they pulled on *everyone else*: non-removable batteries and radios you cannot really turn off. Think outside your demographic.

--#

Of course

People accepted pseudo-anonymized data collection, this is the next step. There's always a next step.

Come on, did you really think otherwise?

A Chinese phone company working for the Chinese government making a Chinese custom version of Android... did you REALLY think OxygenOS wasn't spyware?

I really think their bootloaders and firmware also deserve some close scrutiny. I am suspicious to the point of near certainty that even replacing OxygenOS with a more reputable ROM like LineageOS, the phone will still call home.

Weird

[HalAtWork]

Have they never heard the saying "if everyone else jumps off a bridge are you going to do it too?"

I always wonder that when this type of reasoning is used. At one point a lot of people were smoking cigarettes, but that didn't make the health risk any lower. Plenty litter or make a lot of waste, that doesn't help us in the effort to sustain ourselves. The number of people doing something has no bearing on whether that is beneficial or not.

This is why I don't bother with "real" identities

Nobody gives two shits about who you are or what you have done. Don't even bother trying to create a stable online identity. I know, most people would argue that's a good practice in general but there are times when you might want people to know you in order to gain respect (and maybe a job). My advice is: Just don't even try. You will be ridiculed, hounded, and strapped on the block. Not worth it. People are morons and there is nothing you can do about it so don't even try. This is regardless of the forum. Slashdot is actually not that bad in this resepect (not great but way better than the alternatives). Stick to your little hidden hole and remain happy.

Good luck with GDPR compliance next year.

... it's gonna be fun!

As the article shows

[p51d007]

Just turn on developer options, run ADB... adb start-server adb shell pm uninstall -k --user 0 net.oneplus.odm

No Concern??

[JohnFen]

From TFS:

Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws.

I beg to differ. Collecting telemetry without notifying users or allowing a way to disable it is a matter of large concern to a lot of people.

That it's quite common means absolutely nothing.

Very sad...

[XSportSeeker]

I just sent a complaint towards OnePlus, will not be recommending it anymore for anyone, and the OnePlus 3 will be my last OnePlus device.

It's not like I didn't think this could happen, I was hoping that it wouldn't because quite frankly, any business these days should be monitored for stuff like that.

But now, my relationship with this company is done. Very sad because the OnePlus 3 is a great device overall for the price. Up until now I was recommending it for people looking for high end capabilities with a fair price. Now, it's over. I will be recommending against it, just like I recommend against puchasing anything from Lenovo.

Even sadder is that privacy conscious people are getting curbed into a corner with fewer and fewer options to chose from.