OnePlus Phones Collecting Users Private Data without Permission

Earlier this year, engineer Christopher Moore reported discovering that his OnePlus 2 phone was sending a large amount of activity data to an Amazon Web Services (AWS) server. Among the information being passed along was non-anonymized data, including his phone number, IMEI (International Mobile Equipment Identity), MAC address, mobile network names, and device serial number.
公司应该建立较为完备的网络体系,具有合理的网络结构,重要网络设备和通信线路应具有冗余备份,确保业务系统安全稳定运行。
In a statement provided to several media outlets, China-based OnePlus said it securely transmits two analytics streams from users’ devices to provide better customer support and “more precisely fine tune our software according to user behavior.” One stream can be disabled through settings adjustments, but turning off the second one requires disabling a software package by connecting the phone to a PC in debugging mode.
‘Quite a Bit of Information’
Writing on his security and tech blog in June, Moore described how he discovered some traffic from his phone being directed to an unfamiliar domain while he was taking part in the SANS Holiday Hack Challenge 2016. That domain, open.oneplus.net, pointed to an AWS server in Amazon’s eastern U.S. region.
Examining the traffic further, Moore said he found it included personally identifiable information about his phone, as well as timestamps for specific applications, and activities he had used.
“Wow. that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities,” he said.
Moore said he followed up with requests for help via OnePlus’ Twitter account for support, “which disappointingly led down the usual path of ‘troubleshooting’ suggestions, before being met with radio silence.”
He added he later found a few other mentions about the issue on Reddit and OnePlus’ online user forums, but was unable to find a way to permanently disable such data collection on his phone.
How To Disable Analytics Data Traffic

“We securely transmit analytics in two different streams over HTTPS to an Amazon server,” OnePlus said in its statement. “The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”
Commenting about Moore’s blog post via Twitter yesterday, programmer Jakub Czekanski said he found a way to disable the second stream of analytics information by disabling the package named net.oneplus.odm on a OnePlus phone. The process doesn’t require root access but does require connecting to a PC via ADB to uninstall the system-based application.
That doesn’t actually uninstall the application from the device, but it does uninstall it for the current users, according to a video tutorial posted on the XDA developers site.
LMS学习管理系统管理员快速操作指南
“This kind of data collection, especially one containing information that can be directly tied back to me as an individual, should really be opt-in and/or have an easily accessible off switch,” Moore noted in his blog post in June.
Image credit: Product shots by OnePlus.
多数西方国家都有发布信息通信安全总体规划,包括网络安全预警,安全应急演练等等,加强国际合作很重要。

猜您喜欢

厦门海沧自贸园区启动进口食品检验流程管理新机制
网络安全宣传周公益教育动画APT高级持续威胁
Security-Frontline-安全前线
李宇春新发色机场玩不羁“发带杀” 时髦得不要不要的
WEBSITEBUILDER ROADHOUSECOFFEE
商务差旅人士需具备基本的数据安全战略防范能力