OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Windows 10 telemetry

Windows 10 telemetry... anonymized... oh, the horrors!
Android (Linux) telemetry... not anonymized... it's okay, we'll look the other way

It's way too easy to insert spyware into open source software, yet it gets a pass. How about we criticize Lunux, too, and own up to the inherent vulnerability in open source software.

Re:Flash Phone. Lineage OS.

You're welcome

Re:The elephant in the room ....

[Hal_Porter]

The SoC has a Wifi MAC and maybe a PHY. However as the OP pointed out 'Generally, the wifi chips donâ(TM)t even have network stacks on them. They operate at layer 1/2, and just forward packets back and forth to the hostâ(TM)s network stack'. Spying needs to sit on top of the network stack.

So on an Android device you've got a Linux kernel with TCP/IP sending packets to a network device in the SoC. The spyware is probably running up in user mode where the GPL doesn't apply anymore. Google went to great lengths to avoid user mode code having to be written in Java byte code - they have their own VM - presumably to avoid paying royalties to Sun or Oracle or whoever owns Java.

https://en.wikipedia.org/wiki/...

And they alway went to great lengths to avoid user code being subject to the GPL - they use their own C library not GLIBC.

https://en.wikipedia.org/wiki/...

That means when OEMs write user mode code in C or Java they can keep it closed source and not pay for a Java licence from Sun/Oracle.

It would be tricky to implement spyware in an NIC driver because it runs at the MAC level. And since the Linux kernel is GPL you'd theoretically have to release the source code to said spyware which would lead to you being ridiculed. Doing it in user mode on top of the Linux TCP/IP stack is trivial and you can keep the code closed source.

tl;dr - don't worry about the SoC drivers, worry about all the crap the OEMs add to closed source user mode code.

As the article shows

[p51d007]

Just turn on developer options, run ADB... adb start-server adb shell pm uninstall -k --user 0 net.oneplus.odm