Slashdot Mirror
OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com)
In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.
Not to mention all the private information the phones send to Google.
At some point, end-users need to be responsible too. No one is forcing them to buy an Android phone or use Google products.
I r00ted my OnePlus and installed hosts.apk and now China doesn't know nothing.
When Google does it, it's all good. When someone else does it it's a bad thing. Would the problem really be resolved if this Chinese company put out a vague, designed to be hard to read, privacy policy?
would u buy a phone from china?
Why are we still surprised at these stories? This is SOP, if you don't do something to stop it, you can just presume that it is being done.
The CIA is upset that they don't get your OnePlus data. They recommend you stick to Apple.
Nobody who cares about security or privacy should buy a Chinese company's android device. What a joke.
OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.
For best phones look at the European makers. No, fishy stuff there. Old school Nokia where are you?
I was looking at a OnePlus phone when I bought a different one. They have good features at a very good price. But I prefer dealing with a non Chinese company that has their phones made in China, than a Chinese company. I am so glad of the choice I made.
No, I didn't buy an Apple, Samsung, Google, or Motorola. I bought a different well made off brand, and will not advertise for them.
If they are a phone company, the headline is correct. If they are an intelligence collection company, their user has absolutely given consent. The "customers" are actually the product.
Sadly, this isn't unusual today. By looking the other way repeatedly, we have allowed ourselves to become the product for many, many businesses that we believe we are customers of. In our sickness, we believe ourselves to be the customers even when we don't pay.
Companies that cannot sell clean phones need to be put out of business.
All phones need a 'shutup' button or app, or better an app that feeds marketing crap/bullshit to the modern day Nigerian bank letter scam.
New laws are needed to enforce digital hygiene, backed with actual real defined fines per user.
I can imagine some company saying oh these are just extra blobs, not actually used, as if a vaccine that also contains some other harmful pathogens is still good to go. Yeah right.
One expects reputation harm from behind your back practices, but this is not the case yet. Just a matter of time before software receivers get good enough to harvest all you office colleagues, and harvest what they gave permission to give away.
This comes from BGR? They are less credible than Trump...
http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/
Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)
And most of them have no security to speak of. Root keys on dozens of systems, legacy employees with SSH keys scattered passphrase free on dozens of machines, S3 backups with root passkeys to all other AWS images and the list goes on and on.
China is an ally and a thriving democracy, unlike the R-country.
Teddymobile is definitely there, and a quick check on them says they're a datamining company with apps to 'upgrade address book security'... i.e. they install malware that spies on you while offering bogus services:
"2017 is a real year for big data. The business model of big data realization is getting clearer. High-valuation companies are fulfilling expectations. Big data mining, analysis, visualization and other technical links are also being integrated with all walks of life. The potential companies continue Appear, especially the rapid development of industry applications.
"According to the forecast compiled by the Ministry of Industry and Information Technology, the scale of China's big data industry in 2017 will be nearly 2 trillion yuan, up to 5 trillion in 2020 and a compound annual growth rate of 35.7%.
"The first platform for Internet research and development - Love Analytics tracks the market and continually updates the China Big Data Enterprise Valuation List. This year's latest list covers 72 companies in five major areas: basic platform, general technology, data trading, industrial applications and data security. List shows the fastest growing industry applications, the largest list, into the biggest winner, the top ten in the list of 9 is the industry application. Teddy Bear set up only three years of mobile debut list, a label is an industry application, two labels belong to marketing big data."
http://teddymobile.cn/page/tedst.do
Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.
And to think I once almost bought one of this shitcompany phones.
Apple or Samsung, afraid of their long-gone domination?
Because this kind of spying has always been built into any iOS/Android/MS device or even OS, and even though it's just as evil and harmful, they're openly advertising it like it's a feature. Which seems to be the style of today, following the NSA's doubling down after the Snowden leaks.
Or because OMGCHINA?
Because, you know, we here in Europe are really more afraid of the USA than of China. Even if you just use at the budgets alone. Or the amount of wars since '45. Or the number of nukes actually dropped on humans. (China might have more concentration camps though. But it's not like the US has no "black sites".)
(And no, I don't hate Americans per se. You can thank John Steward and Silas Nacita for that, just to name two. It's more a problem with your psychopathic world-destroying corporate oligarchy that illegitimately calls itself your "government", and the apparent amount of the population not opposing it, that reminds me of when we had a similarly evil leadership around here.)
Time to admit that the entire Android ecosystem and App Store model is a raging dumpster fire, and it's millions of users are unwittingly being burned to death every single day.
Whine all you want about iOS' "Walled Garden" (which has been demonstrably untrue since iOS 8 allowed "sideloading" of Apps), but there is something fundamentally broken with the whole OS, that it allows this shitstorm on an almost daily basis for years on end.
If Google wanted to stop this, they could. But they obviously couldn't give less of a shit about their millions of victims, er, users, if they tried.
If you were dumb enough to think you were going to buy from one of these Chinese companies and get a secure device that doesn't spy on you then you deserve it.
http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/
The allegations are wrong. How long will it take slashdot to update. It is almost like slashdot doesn't care they have false and misleading and sensationalist story as it helps them get page views and ad views and info on readers browsing habits.
I don't see any mention of which devices and/or firmware releases are affected, or even in which this was discovered.
Boy are you naive.
Some drink at the fountain of knowledge. Others just gargle.
That is a denial, not a debunking. And it's not only a denial, it's a denial by an interested party.
A debunking would require validatable evidence substantiating claims made.
I think we've pushed this "anyone can grow up to be president" thing too far.
Google, China, ATT & Verizon have same spy intents. You have the same cure again this year. Install Lineage OS sans gapps. Do the steps to verify all original OS, crapware &spyware are gone, then install Lineage again. Do not install Google 'wares, unless you want spying and the grossly decreased battery time. Lineage is current name of cyanogenmod OS.
So, a corporation is stealing people's data, personal info.
Boy am I shocked. Soooo shocked. Really- just look at my shocked face. See how shocked I am? Shocked, shocked, shocked.
Just cruising through this digital world at 33 1/3 rpm...
Yet you're totally ok with being Google's product to sell to advertisers. If nothing else, with Apple you are the customer. And like most Hatebois, you probably spend a hard days work whining about Cupertino's "walled garden", before spending a nice relaxing night of playing a game console, watching a movie on a Blue Ray player, or taking a drive in a car with an infotainment system. None of which allow root access or running a single application not approved by the manufacturer.
I have a OnePlus Three.... fuck!!!!!!!