Slashdot Mirror
OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com)
In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.
I r00ted my OnePlus and installed hosts.apk and now China doesn't know nothing.
Why are we still surprised at these stories? This is SOP, if you don't do something to stop it, you can just presume that it is being done.
or BlackBerry ...*sigh*
OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.
The OS Android is not like the OS Linux. It is made by a for-profit organization, and manufacturers have to make money somehow.
This is how you have a $99 no contract phone. Surprised?
I know I have a good old american made IPhone.
I was looking at a OnePlus phone when I bought a different one. They have good features at a very good price. But I prefer dealing with a non Chinese company that has their phones made in China, than a Chinese company. I am so glad of the choice I made.
No, I didn't buy an Apple, Samsung, Google, or Motorola. I bought a different well made off brand, and will not advertise for them.
This is how you have a $99 no contract phone. Surprised?
And that's the key right there. "Burner" phones are loaded with the same and worse.
If you want news from today, you have to come back tomorrow.
If they are a phone company, the headline is correct. If they are an intelligence collection company, their user has absolutely given consent. The "customers" are actually the product.
Sadly, this isn't unusual today. By looking the other way repeatedly, we have allowed ourselves to become the product for many, many businesses that we believe we are customers of. In our sickness, we believe ourselves to be the customers even when we don't pay.
Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
People who care about infosec do everything security sensitive on a fully patched laptop.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Huge difference! Spying embedded on chip vs spying via os changes.
http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/
Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)
And most of them have no security to speak of. Root keys on dozens of systems, legacy employees with SSH keys scattered passphrase free on dozens of machines, S3 backups with root passkeys to all other AWS images and the list goes on and on.
Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.
Oh, they get the data. It's android. They obviously get the data.
People who are concerned about infosec probably don't even make that much info, or they know how to pass on their data & telemetry into obfuscation. when's the Tails phone coming out again?
Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.
Tend to agree with AC below. Cell phones with data spying is optional, and is a widely accepted standard operating procedure. Although, so too is the 'black mirror' world we're riding a fucking bullet train into, optional.
If you weren't such a lazy fuck you'd do something about it. That's right i'm talking to you. You pussy. Rise up if you're so mad about ultrasized corporations serving you advertisements based on your incognito mode porn watching habits. When are you going to reach your breaking point? Do you even have one? Where's your fucking backbone? Are you a person, or a farm animal to be dominated and exploited for profit?
who's to say they're not in cahoots? You really think an OS can be written without the mothership being notified about important data points? Certain flavours of linux aside, Google=x whereas X= people who collect data for various capitalist pig fucker reasons. They buy the shit as often as they sell it .... data that is.
SLAVES built the Pyramids.
SLAVES built the Parthenon
SLAVES built America!
SLAVES built the iphone!
SLAVES! this is your song... thank you slaves!
I just install stock android on cheap phones, works great!
Website Just Down For Me? Find out
many many many reasons not to follow link.
You say this like its a choice. To work at a job these days, you have to sign away your rights, submit to credit and background checks, maybe even give up social feeds to pass the CV test. How about that, being pressured to be ..... what, exactly? ..... just to be able to pay your landlord for the privilege of not being homeless. Why not just kill your landlord? It's not like they're doing anything productive for the world or society.
Isn't that basically what Richard Spencer says about constitutional rights?
"It's an ethnostate you virgin, who fucking cares about 'muh constitutional rights'?"
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Sorry to tell you this but slaves did not build the pyramids!
Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.
IOS 11 has a Filesystem browser as an included App. Do try to keep up, Hater.
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem? You can't run iOS Apps on an Android phone any more (or any less) than you can run Android Apps on an iOS phone?
Plus, ever since iOS 8 (which debuted over 3 years ago) Apple has officially allowed "sideloading" of Apps from ANY source on iOS devices. In fact, there is both a thriving community of Maintainers of Open Source Apps Apps, as well as several sites that have many closed-source ".ipa" files that can be readily installed on any iOS device run ing iOS 8 or above, using the Freeware Cydia Impactor (available for macOS,Windows, and Linux), no "Jailbreaking" required. And absolutely no App Store involvement whatsoever.
Again, do try to keep up, Hater.
would u buy a phone from china?
Because OnePlus is one of the brands with the best support from https://lineageos.org/. I think the question is why would anyone use the original firmware?
Recently I tested several media players on an iphone. I had to upload my library three times because each media player was a tiny compartment of it's own. It would have been so much easier to just plug in a usb cable, upload once, and test the three media players with it.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?
By making iTunes the only legitimate way to interact with the phone.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
But iOS is a walled garden. Try to put music onto an iPhone without using iTunes. A friend was shocked when I told him he had to install it on his computer if he wanted his library on his phone. Needless to say, he returned the iPhone.
No, Android is not at fault. The fact that the phone is made by a Chinese company is the problem.
That's exactly what this thread is about. As a consumer, if I don't like Apple then buying Android is my way to 'rise up'. See how it's working out for me?
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
..or maybe I should have used fucking iTunes. I could have watched it start up, find my phone, download everything on my phone, upload everything from my computer, sync it with anything I had before, and make that the ONLY IOS DEVICE I can ever plug into my computer because heaven forbid, should I ever want to plug in my brother-in-law or business partner's phone and just get something off of it. I could go on but I'm not going to.
No fucking thanks.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Every single OS written before the internet was a common household thing says hi.
-=This sig has nothing to do with my comment. Move along now=-
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?
By making iTunes the only legitimate way to interact with the phone.
1. It doesn't keep you from having another music player. Plus There are other applications that you can use to load music onto an iOS device. Here's a few free (and non-free) alternatives. Do try to keep up, Hater:
https://www.easeus.com/iphone-...
https://www.macworld.co.uk/how...
https://drfone.wondershare.com... ...and there are literally dozens more alternatives. So, next bullshit objection?
BTW, that search took zero time on Google. So you are either stupid beyond belief, or actively using willful blindness as an excuse for your bigotry. Take your pick.
2. Other than doing certain very limited operations, such as encypted backups, you don't have to use it for anything. I have never hooked my iPhone up to iTunes, for example. And with iCloud Backup for iOS, you can even forego that functionality (and get automatic backups, too!).
But, as I have said, I haven't ever hooked my iPhone 6 Plus up to iTunes for ANYTHING; but the pricing of iCloud backup has me pretty interested, and can even be shared among your family.
https://support.apple.com/en-u...
But as I said, please don't let any of this disturb your fantasy of unabashed Apple Hatred.
Boy are you naive.
Some drink at the fountain of knowledge. Others just gargle.
None of my phones have been made in China, the last 3 were made in South Korea (not all Samsung are, but mine were) and the two Nokia before them were (surprisingly) still made in Finland. There is still a choice to buy from a democracy if you avoid Apple products.
Nearly impossible.
I think we've pushed this "anyone can grow up to be president" thing too far.
That is a denial, not a debunking. And it's not only a denial, it's a denial by an interested party.
A debunking would require validatable evidence substantiating claims made.
I think we've pushed this "anyone can grow up to be president" thing too far.
There are allegations that the allegations are wrong. The source I checked did not include any specifics that would allow their claims to be validated. The original report contained numerous specifics that would allow third parties to validate it.
I'm not going to buy one of those phones, so I would have no way to check either, but if I'm going to decide which to believe, I'm going to believe the one that could be validated.
I think we've pushed this "anyone can grow up to be president" thing too far.
If I want several music players, the only way for me to load one library that they can all share is for me to use itunes. So yes, I am forced to use iTunes. Otherwise I must use some flaky little embedded webserver so I can upload my library individually to each app one by one with some little crappy webconsole.
These are hoops I don't want to jump through. My android phone works like a flash drive, which is what makes sense for a portable storage device.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
So, a corporation is stealing people's data, personal info.
Boy am I shocked. Soooo shocked. Really- just look at my shocked face. See how shocked I am? Shocked, shocked, shocked.
Just cruising through this digital world at 33 1/3 rpm...
Sorry to tell you this but slaves did not build the pyramids!
Uhhhh, I'm pretty sure they did. The rulers of that society wrote volumes about it; it's a well-documented historical fact.
Just cruising through this digital world at 33 1/3 rpm...
would u buy a phone from china?
Because practically no one else on the planet makes them?
Just cruising through this digital world at 33 1/3 rpm...
If I want several music players, the only way for me to load one library that they can all share is for me to use itunes. So yes, I am forced to use iTunes. Otherwise I must use some flaky little embedded webserver so I can upload my library individually to each app one by one with some little crappy webconsole.
These are hoops I don't want to jump through. My android phone works like a flash drive, which is what makes sense for a portable storage device.
What does your phone have to do with centralized media storage? Do you plan on using your phone as a Plex Server, FFS?!?
If you want that sort of thing, get any one of a zillion NASes, and set it up to be a media server you can access over your LAN and the interwebs via Plex, VLC, iOS "Music", etc.
But now that I've shown that you have several alternatives to using iTunes for managing the music in an iPhone, you move the goalposts yet again.
I'm on to your game. If you want to trade security of your personal information for the ability to mount your phone as a USB flash drive, then fine. We won't miss you. And the Chinese/Russian/NSA hackers will be overjoyed...
Now I feel you are willfully being ignorant. I said nothing about central network storage and already gave good reasons why isolation on a phone is awkward.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
Yet you're totally ok with being Google's product to sell to advertisers. If nothing else, with Apple you are the customer. And like most Hatebois, you probably spend a hard days work whining about Cupertino's "walled garden", before spending a nice relaxing night of playing a game console, watching a movie on a Blue Ray player, or taking a drive in a car with an infotainment system. None of which allow root access or running a single application not approved by the manufacturer.
Yeah, AFAYK, Apple stopped all that shit when they got outted for CarrierIQ shit.
Fuck, you're a cunt. Access the file system and use it, not just browse it. One of the most infuriating times helping an iPhone user try and download some meditation mp3's she purchased. The instructions were to right click and save file, obviously for desktop/windows users. So I said to just long press the link and you can just save it. NOPE, not fucking possible. You can't save a motherfucking file from Web like any other fucking device. I was floored. Google around, need an app like dropbox. Go to install dropbox, a free app, and need to enter credit card and password had to be entered at least 4 times without leaving app store. It was so fucking frustrated because it would literally be native and simple to save a goddamn mp3. This is one of the reasons I don't consider iPhone users to be "power users" or even "productive". Can't wait for your reply where you say this basic functionality just got added to the 11th fucking iOS.
Wow, even the biggest kool-aid drinker doesn't use that shitty iTunes. That says a LOT.
"Besides, you also need to install iTunes on your PC for iPhone data reading, which is inevitable for a third-party tool. " Now fuck off.
They were union with overtime and full benefits, amirite?
Yes, but they require spelling "you", because this isn't the 90's.
Slashdot doesn't edit and update incorrect stories, it's part of their click bait strategy. They are assholes with no integrity.
Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.
Why do you act like unofficial workarounds are blessed by Apple when they aren't? It's not designed by Apple to be used this way and you're doing it wrong.
Now I feel you are willfully being ignorant. I said nothing about central network storage and already gave good reasons why isolation on a phone is awkward.
So your comment regarding "one library they can all share" doesn't imply centralized media storage (and serving)?
Ok, then what DID you mean?
Fuck, you're a cunt. Access the file system and use it, not just browse it.
One of the most infuriating times helping an iPhone user try and download some meditation mp3's she purchased. The instructions were to right click and save file, obviously for desktop/windows users.
So I said to just long press the link and you can just save it. NOPE, not fucking possible. You can't save a motherfucking file from Web like any other fucking device. I was floored.
Google around, need an app like dropbox. Go to install dropbox, a free app, and need to enter credit card and password had to be entered at least 4 times without leaving app store. It was so fucking frustrated because it would literally be native and simple to save a goddamn mp3. This is one of the reasons I don't consider iPhone users to be "power users" or even "productive".
Can't wait for your reply where you say this basic functionality just got added to the 11th fucking iOS.
Jesus, calm down Hater! I used the wrong term. The iOS 11 "Files" App is a lot more than just a File Browser. Is it a full-blown version of the macOS Finder for iOS. Not yet. But it is pretty good for a version 1 App:
https://www.imore.com/files-ap...
I don't have iOS 11 on any of my iOS devices; so I can't specifically speak to your example; but it sounds like it probably would work like you are expecting.
Does that help, Cunt?
Wow, even the biggest kool-aid drinker doesn't use that shitty iTunes. That says a LOT.
I use iTunes as a music player, but I don't NEED it for anything else.
Stop twisting my words, Hater.
"Besides, you also need to install iTunes on your PC for iPhone data reading, which is inevitable for a third-party tool. "
Now fuck off.
WTF are you blathering about now, Hater?
Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.
1. That was iOS 5, 6 years ago.
2. It was easily disabled by the user on iOS
3. On iOS, it logged nothing but diagnostic data, and had no access to ANY personal information or key logging whatsoever.
4. It was on EVERY platform at the time; but on iOS, it was actually used for a legitimate purpose, unlike on Android.
5. It has been gone for over half a decade..
Nice try, Hater:
https://www.cultofmac.com/1325...
"...you are a stupid, bigoted fucker."
"...keep up, Hater."
I sincerely hope the irony of your statements is not lost on you.
A version 1 app for something that has been around since 1970. Way to go Apple. *golf clap*
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
A version 1 app for something that has been around since 1970. Way to go Apple. *golf clap*
Find me a version of iOS from 1970.
Your not wrong, but check this out: http://www.libimobiledevice.or...
My kids have school ipads, and this lets me take a backup outside icloud when they turn them in at the end of the year.
Cheap storage VM.