Slashdot Mirror

← Back to Stories (view on slashdot.org)

OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com)

Posted by BeauHD on from the here-we-go-again dept.

In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.

5 of 152 comments (clear)

  1. Why? by Brett+Buck · · Score: 1, Insightful

    Why are we still surprised at these stories? This is SOP, if you don't do something to stop it, you can just presume that it is being done.

  2. Re:Android, therefore to be expected... by fluffernutter · · Score: 4, Insightful

    Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  3. Re:Little late on this eh? by Anonymous Coward · · Score: 2, Insightful

    So run a packet trace and show us that this is actually happening. Don't take the word of some shitty pseudo-news site.

  4. China vs America by Anonymous Coward · · Score: 3, Insightful

    Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.

  5. Re:Debunked by Luthair · · Score: 4, Insightful

    This isn't actually debunking, this is the manufacturer issuing a statement claiming differently. We need independent verification.