- Danish Siddiqui/Reuters
A UK-based software engineer, Chris Moore, found out that the Chinese smartphone manufacturer OnePlus has been collecting user data without permission, as first reported by Android Authority.
In an article published on his blog, Moore demonstrated how personal information coming from his phone was being transferred to OnePlus, without him having given his consent.
The domain, open.oneplus.net, gathered private user and device data and sent it to an Amazon Web Service server.
Information gathered included the phone’s IMEI, serial number, cellular number, MAC address, mobile network name, IMSI prefix, and wireless network ESSID and BSSID, but also data like reboot, charging, screen and application timestamps.
OnePlus acknowledged that all of this was actually happening, and told Android Authority that the reason behind it is to better the user experience and its (often criticised) after-sales support.
Here’s OnePlus’ full statement:
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”