OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

Root Phone

[rtb61]

It seems that regulations are required to ensure end users can readily gain root control of their phones to enable a full range of settings to be altered to ensure their digital right to privacy and control of their property. All phone manufacturers should be required to provide software to enable any customer to gain root control of their phone, else that phone can not be connected to networks in the country.

who pays the shills?

[Reverend+Green]

Only 30 comments so far, and over half of them are from painfully obvious anti-Linux shills. Which leaves me wondering - who exactly bankrolls this particular battalion of the 50 Cent Army?

Microsoft? No, can't be. I think they've given up on phones.

Apple? Now this one is fairly believable. Deep pockets, Silicon Valley ethics (read: no ethics at all), and mindless brainwashed cult followers... okay, sounds plausible. But it's so crass & crude & obvious. Doesn't really feel like an Apple-backed operation.

Russian/Chinese/Nork/USSA state-affiliated organizations? Well sure, they infest Slashdot like the regular vermin they are. But why would they give a fuck about an obscure cellphone?

Global dystopian-progressive NGOs backed by financial oligarchs? Well, they do hate freedom, so it stands to reason they would also hate Linux. The smarmy tone of the shill comments does match their supporters. Not sure why they'd care about a cellphone. But maybe their shills are on salary. They've already finished polluting the political articles, so they're just chilling out here. Shitting all over the place while trying to figure out how they can blame this on Trump colluding with the rooskies. I rate this possibility as plausible but lacking in evidence.

RMS? The shills both draw attention to the evil practice of commercial surveillance, as well as making anti-freedom proponents look like toxic fucktards. Subtle & brilliant. Alas, I don't think RMS has the funds to hire a troll army, so this one's not too plausible.