Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Operating Systems Android Cellphones Privacy Security Software

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users (bleepingcomputer.com) 164

An anonymous reader quotes a report from Bleeping Computer: OxygenOS, a custom version of the Android operating system that comes installed on all OnePlus smartphones, is tracking users actions without anonymizing data, allowing OnePlus to connect each phone to its customer. A security researcher going by the pseudonym of Tux discovered the abusive tracking in July 2016, but his tweet went largely unnoticed in the daily sea of security tweets sent out each day. The data collection issue was brought up to everyone's attention again, today, after British security researcher Christopher Moore published the results of a recent study on his site.

Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws. The problem is that OnePlus is not anonymizing this information. The Shenzhen-based Chinese smartphone company is collecting a long list of details, such as: IMEI code, IMSI code, ESSID and BSSID wireless network identifiers, and more. The data collection process cannot be disabled from anywhere in the phone's settings. When Moore contacted OnePlus support, the company did not provide a suitable answer for his queries.

This discussion has been archived. No new comments can be posted.

OxygenOS Telemetry Lets OnePlus Tie Phones To Individual Users

Comments Filter:
  • Root Phone (Score:4, Interesting)

    by rtb61 ( 674572 ) on Tuesday October 10, 2017 @10:42PM (#55347303) Homepage

    It seems that regulations are required to ensure end users can readily gain root control of their phones to enable a full range of settings to be altered to ensure their digital right to privacy and control of their property. All phone manufacturers should be required to provide software to enable any customer to gain root control of their phone, else that phone can not be connected to networks in the country.

  • by Anonymous Coward

    It has to be more secure than iOS since it is based on open source Android OS.

  • Having written anonymizing algorithms, all I can do is cringe.
    If you wan't privacy, don't opt in.
    (At least google is giving an opt in)
    Welcome to the Brave New World
  • by Lisandro ( 799651 ) on Tuesday October 10, 2017 @10:55PM (#55347343)

    OnePlus manufacture some dam nice phones, and OxygenOS was stock android with just the right amount of custom tweaks. I'm now happy i didn't pick up a OP5.

    • by Teun ( 17872 )
      You're right, I own a One+3 and it is a great phone.
      I have been thinking about getting the next model but this news certainly drives me back to Nexus/Pixel or better, the Purism phone.
      Among others it promises pure open source Debian-derived Linux and hardware switches on the camera and microphone.

      As a matter of fact, now I'll contribute to it's development: https://puri.sm/shop/librem-5/ [puri.sm]

      Oh yes, about the 'Linux is to blame' troll(s), it's not the Linux part that's at fault here, it is One+ their Oxyg
      • by Qzukk ( 229616 )

        I own a OP3 as well, and this is definitely the steel beam that broke the camel's back. It'll be the only one I buy.

        At this rate, though, I'm thinking my next phone will be a cheap candybar if I can find one (didn't someone say they were bringing back the Nokias?). I got into One+ because of the promises of (almost) stock android and getting timely updates and now that I've had it for a while, I've come to the conclusion that I was honestly happier with my previous HTC Evo that never got an upgrade past a

    • I'm still rocking a OP1 and still running Cyanogen. It sucks that development is sort of dead for it, but I still have control over pretty much everything. I like being able to block individual apps from sharing data and boy once you disable it, you'd be surprised how many apps complain or refuse to work over data they don't need.

      Uber especially is one I have to block location access and then re-enable it when I want to use the app. It will try to track you all the time whether you are actively using the ap

  • by WaffleMonster ( 969671 ) on Tuesday October 10, 2017 @10:57PM (#55347355)

    This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws

    The reason this is not a concern is because everyone else does it. Absolutely priceless reasoning.

    If I had a penny for every instance of this nonsense uttered in my lifetime I would be a trillionaire.

    • by Teun ( 17872 )
      Indeed a flawed 'logic'.

      I can accept a certain form of Opt-In telemetry but there is no need to include ESSID's and WIFI identifiers.
    • Have they never heard the saying "if everyone else jumps off a bridge are you going to do it too?"

      I always wonder that when this type of reasoning is used. At one point a lot of people were smoking cigarettes, but that didn't make the health risk any lower. Plenty litter or make a lot of waste, that doesn't help us in the effort to sustain ourselves. The number of people doing something has no bearing on whether that is beneficial or not.

  • by Zombie Ryushu ( 803103 ) on Tuesday October 10, 2017 @10:59PM (#55347361)

    Flash the Phone with Lineage OS. Thats what I do with my Phones.

  • i'm concerned (Score:3, Insightful)

    by Anonymous Coward on Tuesday October 10, 2017 @11:02PM (#55347381)

    > This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws.

    Umm... yes it is?

  • by chromaexcursion ( 2047080 ) on Tuesday October 10, 2017 @11:21PM (#55347459)
    15 years ago, I worked for a well known company, and wrote an innovative set of privacy algorithms.
    Didn't happen, long story; but sadly typical This is, to my mind, stupid. But the current generation doesn't seem to mind.
    Need hearts and minds to effect change
    • But the current generation doesn't seem to mind.

      Doesn't mind, doesn't know, or just doesn't think they can do anything about it so tolerate it despite minding because they need a phone to live a normal life these days?

      Those are three quite different scenarios, and in two of the three it appears there is a market failure where purchasers of these (or other) smartphones don't get a choice they could reasonably be offered and so can't express their preference with their wallets.

      That sort of market failure is what regulation is for. Europe is going to have a

      • Doesn't mind, doesn't know, or just doesn't think they can do anything about it so tolerate it

        With my kids, it's that latter thing.

        None of them are OK with it, but equally as much, none of them think there's anything they can do about it.

  • I know someone with a one plus 3t and it seemed like the perfect device. I am not sure what effect disabling those applications might have, so ill wait a few days before advising her to do that. Hopefully this is big news, but sadly everyone is doing it.

    If you are a smartphone user and you think google and apple don't have the complete picture of you as an individual you are dreaming! This is just the chinese not giving even the slightest fuck, while american companies still have to pretend to care about pr

    • by Teun ( 17872 )
      The way I read it it's not a 'certain application' that does the spying, it is the OxygenOS layer One+ has put on top of the otherwise pretty stock Android.
  • who pays the shills? (Score:3, Interesting)

    by Reverend Green ( 4973045 ) on Tuesday October 10, 2017 @11:30PM (#55347483)

    Only 30 comments so far, and over half of them are from painfully obvious anti-Linux shills. Which leaves me wondering - who exactly bankrolls this particular battalion of the 50 Cent Army?

    Microsoft? No, can't be. I think they've given up on phones.

    Apple? Now this one is fairly believable. Deep pockets, Silicon Valley ethics (read: no ethics at all), and mindless brainwashed cult followers... okay, sounds plausible. But it's so crass & crude & obvious. Doesn't really feel like an Apple-backed operation.

    Russian/Chinese/Nork/USSA state-affiliated organizations? Well sure, they infest Slashdot like the regular vermin they are. But why would they give a fuck about an obscure cellphone?

    Global dystopian-progressive NGOs backed by financial oligarchs? Well, they do hate freedom, so it stands to reason they would also hate Linux. The smarmy tone of the shill comments does match their supporters. Not sure why they'd care about a cellphone. But maybe their shills are on salary. They've already finished polluting the political articles, so they're just chilling out here. Shitting all over the place while trying to figure out how they can blame this on Trump colluding with the rooskies. I rate this possibility as plausible but lacking in evidence.

    RMS? The shills both draw attention to the evil practice of commercial surveillance, as well as making anti-freedom proponents look like toxic fucktards. Subtle & brilliant. Alas, I don't think RMS has the funds to hire a troll army, so this one's not too plausible.

    • by Anonymous Coward

      Anyone who doesn't agree with you must be a paid shill? There are two words to describe you: paranoid delusional. In your mind, anyone who criticizes Linux must be a paid shill, yet you made no attempt to refute them. If you could have addressed the concerns raised about Linux, you undoubtedly would have done so. That indicates you are unable to do so. By your logic, you're likely a paid pro-Linux shill, perhaps funded by someone with deep pockets such as Red Hat or IBM. Linux also includes SELinux code con

    • by Anonymous Coward

      Criticism of Linux? Oh, no, must be shills! Mod to -1 troll!

      Criticism of Microsoft and Apple? Yay, +5 insightful!

      Got it.

    • You have mental problems. Seriously, your recent post history also has you posting 20 times in anotehr thread accusing people of being Chinese shills (and Hillary Clinton shills) and now this long rambling post about people being paid to talk bad about Linux on an obscure website frequented by old IT professionals...

      Get off the site (which is feeding your paranoia) and get help.

    • Thanks for that moronic, delusional diatribe. Oneplus is the entity abusing linux. Undermining the privacy of their users is the issue at hand not some poorly reasoned consiperacy of corporate shills. I feel stupider having read that. This guy Chris Moore appears to have done some transparent, reproducible legitimate and quite shocking analysis on sensitve data being sent from his home to this corporation. Yet somehow from this you find a way to make this Apples fault. The only company that has actual
    • by Teun ( 17872 )
      The trolls gave away their provenance by repeatedly claiming a 'walled garden' would be better, that's newspeak for Apple.
  • by Anonymous Coward

    Just like Tux, Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all ...

    This is SlashDot. While that means that the most worthless crap can be posted, it also strangely means that intelligent people will read and comment about it. Of course it's a concern if your friends are jumping off of a cliff, not a reason to follow them. It's only an issue of no concern if the product isn't being marketed as needing to be as secure as possible.

  • by Anonymous Coward

    I don't care what OS is on the phone. It is both designed and manufactured in China by a Chinese company. The government has total control on what it does. They've obviously taken the opportunity to clandestinely track the location and usage data from everyone worldwide with a OnePlus phone. It is most certainly feeding into a government intelligence database for permanent storage.

    This is no different than Kaspersky. As far back as 2000 a company I worked for considered Kaspersky and quickly rejected it due

  • Stories like this and fscking Samsung ruining Galaxies by removing removable batteries, switching from Qualcomm to Exynos etc makes me wonder if there's a gap in the market for a new phone. It would be like this

    1) Qualcomm reference design
    2) Removable battery
    3) SD card slot
    4) Enough onboard flash and SDRAM that people won't complain
    5) Headphone jack
    6) IP67 or better

    Incidentally all this was possible when Samsung build the Galaxy S5. And in fact the Galaxy's 1080p display is fine for most people. Though I su

    • I'd pass on the SD Card if they would just settle for a decent amount of flash instead of charging a premium.

      64GB, $300; 128GB, $350. A 64GB MicroSD costs $15 and a SanDisk MicroSDXC 64GB Ultra costs $23, with all the circuitry in there for the flash controller (SD cards include a microcontroller--a small computer that handles IO operations and even runs its own OS). It's $8-$10 of flash chips. Your phone has a flash controller chip already; adding $10 more NAND does not cost $50 and you are not takin

    • I don't care about water resistance, but I'd buy the phone you describe in a heartbeat.

      I wouldn't care if it didn't have the best display, and I wouldn't even care whether or not it had a camera.

      It often seems like every new model of phone I see entering the market is less desirable than the one before it.

  • minds exploding as all the people bashing windows 10 for sending loads of anonymous telemetry try to wrap their heads around an open source project getting away with something even worse...
  • If I make the battery non-removable, I can keep the radio on without you knowing it, so I can send packets of who-knows-what whenever I like.

    If I lock it down, you won't be able to detect it, or shut it off.

    Don't be distracted by the bloatware and ad notifications -- those are the result of corporate flacks that can't help themselves. Your privacy is really being eroded in the background.

    Think about another phone you might have, with a non-removable battery, and a very walled garden.

    --#

    • If I make the battery non-removable, I can keep the radio on without you knowing it, so I can send packets of who-knows-what whenever I like.

      Here are some easy solutions to that problem: https://www.amazon.com/faraday... [amazon.com]

      • Sure, we all know about faraday cages and tinfoil hats here, but think about the trick they pulled on *everyone else*: non-removable batteries and radios you cannot really turn off. Think outside your demographic.

        --#

  • As the article shows (Score:4, Informative)

    by p51d007 ( 656414 ) on Wednesday October 11, 2017 @12:35PM (#55350773)
    Just turn on developer options, run ADB... adb start-server adb shell pm uninstall -k --user 0 net.oneplus.odm
  • From TFS:

    Moore discovered that OxygenOS was sending regular telemetry to OnePlus' servers. This is no issue of concern, as almost all applications these days collect telemetry data for market analytics and to identify and debug application flaws.

    I beg to differ. Collecting telemetry without notifying users or allowing a way to disable it is a matter of large concern to a lot of people.

    That it's quite common means absolutely nothing.

  • I just sent a complaint towards OnePlus, will not be recommending it anymore for anyone, and the OnePlus 3 will be my last OnePlus device.

    It's not like I didn't think this could happen, I was hoping that it wouldn't because quite frankly, any business these days should be monitored for stuff like that.

    But now, my relationship with this company is done. Very sad because the OnePlus 3 is a great device overall for the price. Up until now I was recommending it for people looking for high end capabilities with

"So why don't you make like a tree, and get outta here." -- Biff in "Back to the Future"

Working...