Slashdot Mirror

← Back to Stories (view on slashdot.org)

OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com)

Posted by BeauHD on from the here-we-go-again dept.

In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.

12 of 152 comments (clear)

  1. Little late on this eh? by bhcompy · · Score: 3, Interesting

    OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.

    1. Re:Little late on this eh? by Anonymous Coward · · Score: 2, Insightful

      So run a packet trace and show us that this is actually happening. Don't take the word of some shitty pseudo-news site.

    2. Re:Little late on this eh? by hankwang · · Score: 5, Interesting

      Would you mind providing a link to OnePlus's response? And regarding alleged FUD: this guy discovered the adb root mode in OnePlus; is that FUD in your opinion?

      --
      Avantslash: low-bandwidth mobile slashdot.
  2. Re: Android, therefore to be expected... by Frosty+Piss · · Score: 2

    This is how you have a $99 no contract phone. Surprised?

    And that's the key right there. "Burner" phones are loaded with the same and worse.

    --
    If you want news from today, you have to come back tomorrow.
  3. Their user has given consent by RhettLivingston · · Score: 2

    If they are a phone company, the headline is correct. If they are an intelligence collection company, their user has absolutely given consent. The "customers" are actually the product.

    Sadly, this isn't unusual today. By looking the other way repeatedly, we have allowed ourselves to become the product for many, many businesses that we believe we are customers of. In our sickness, we believe ourselves to be the customers even when we don't pay.

  4. Re:Android, therefore to be expected... by fluffernutter · · Score: 4, Insightful

    Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  5. Re: why by Anonymous Coward · · Score: 2, Funny

    Huge difference! Spying embedded on chip vs spying via os changes.

  6. Debunked by Anonymous Coward · · Score: 4, Informative

    http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/

    1. Re:Debunked by Luthair · · Score: 4, Insightful

      This isn't actually debunking, this is the manufacturer issuing a statement claiming differently. We need independent verification.

  7. China vs America by Anonymous Coward · · Score: 3, Insightful

    Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.

  8. Re: Android is a Dumpster Fire by Brockmire · · Score: 2

    Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.

  9. Re: Android is a Dumpster Fire by TheFakeTimCook · · Score: 2

    Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.

    1. That was iOS 5, 6 years ago.

    2. It was easily disabled by the user on iOS

    3. On iOS, it logged nothing but diagnostic data, and had no access to ANY personal information or key logging whatsoever.

    4. It was on EVERY platform at the time; but on iOS, it was actually used for a legitimate purpose, unlike on Android.

    5. It has been gone for over half a decade..

    Nice try, Hater:

    https://www.cultofmac.com/1325...