OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Everyone else does it

[WaffleMonster]

This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws

The reason this is not a concern is because everyone else does it. Absolutely priceless reasoning.

If I had a penny for every instance of this nonsense uttered in my lifetime I would be a trillionaire.

Flash Phone. Lineage OS.

[Zombie+Ryushu]

Flash the Phone with Lineage OS. Thats what I do with my Phones.

i'm concerned

> This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws.

Umm... yes it is?

Re: who pays the shills?

Criticism of Linux? Oh, no, must be shills! Mod to -1 troll!

Criticism of Microsoft and Apple? Yay, +5 insightful!

Got it.

Re:Where's the outrage?

[Ol+Olsoc]

Not only is privacy dead, but the demand for privacy is as well.

Social media addiction has created a world full of narcissists who will gladly share every detail of their lives, and not care at all about inherent risk or impact.

This has fuck-all to do with the OS.

Some people don't care, but a lot of people do. And while the internet is an inherently non-private place, even the over-sharers are not expecting their credit card information to be exposed for the world to see. Or that bulk pack of dildos they ordered.

Regardless, these over-sharers were not created by social media, it merely gave them a fine outlet, and hey, who wouldn't be interested in your relative's new clit ring or ostomy bag? I have one relative on FB who approaches that level of oversharing. But I digress, and am creeping myself out here.

If privacy is utmost, we shouldn't be on the internet period. There is certainly a difference between knowing your data is shared, and finding out it isn't anonymized. Anonymization doesn't completely work either, but at least they have to work at it.