Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Android China Operating Systems Security Software

OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com) 152

In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.
This discussion has been archived. No new comments can be posted.

OnePlus Is Again Sending User Data To a Chinese Company Without User Consent

Comments Filter:
  • I r00ted my OnePlus and installed hosts.apk and now China doesn't know nothing.
    • by ELCouz ( 1338259 )
      APK would be proud of you son!
    • hmmmmm why do you care, exactly, about china knowing about you in particular?

      datafication is a byproduct of the information era. these companies and governments think they know stuff about you in general by browsing through your data in large aggregates, but that's also the same thing as google thinking I like arsenal by my googling of "fuck arsenal" ... point being, the fucking corporations don't know shit, can't know shit, only think they know shit, by twisting data into pivoted, algorithmically filter
    • by rtb61 ( 674572 )

      Except what is buried in hardware rather than software. You have changed the software not the hardware and if you a serious about backdoors at government level, they are always, always done in the hardware. So you probably only think you are safe, which is of course the typical goal of the spy vs spy types, think you are safe so you let your guard down. For one thing you probably have flagged yourself with that root, just the thing the spy vs spy types would pick up on, especially with limited numbers, from

  • Why? (Score:1, Insightful)

    by Brett Buck ( 811747 )

    Why are we still surprised at these stories? This is SOP, if you don't do something to stop it, you can just presume that it is being done.

  • by bhcompy ( 1877290 ) on Friday January 26, 2018 @09:30PM (#56012883)
    OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.
    • OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.

      Of course Comrade "bhcompy", of course.

      • you say comrade like its a slanted text thing. why?
      • are you one of those capitalist pig fuckers my mom told me about?
      • The "researcher" himself has admitted that he did not verify his claim and when pressed, could not, because no such thing is happening. It took a while for him to get around to that and in that time all the Chicken Littles who like to squawk about the evil Chinese flooded the net with their bollocks.

    • by hankwang ( 413283 ) on Saturday January 27, 2018 @01:29AM (#56013551) Homepage

      Would you mind providing a link to OnePlus's response? And regarding alleged FUD: this guy discovered the adb root mode in OnePlus; is that FUD in your opinion?

      • agree. anyone can type shit. out your source.
      • by phayes ( 202222 )

        TFA has been updated with a statement.

      • by piojo ( 995934 )

        From the article:

        UPDATE: OnePlus reached out to BGR to say that the claim that the Clipboard app is sending user data to a server is false, and that the code is “entirely inactive” in the open beta for Oxygen OS. The company says that no user data is sent to any server without consent.

        In the open beta for HydrogenOS, which is the OS for China, the folder exists “to filter out what data to not upload,” OnePlus added. Local data in the folder is skipped and not sent to any server.

        It does make sense that it would be a blacklist. And I certainly hope it's true that the international version of the firmware doesn't send any of this sensitive data anywhere. And if this is the case, it's because this is the sort of thing the Chinese usually don't care about, rather than because it's being forced on them by the government. They can probably get a lot more diagnostic info from China than the US/Europe without serious user complaints.

  • I was looking at a OnePlus phone when I bought a different one. They have good features at a very good price. But I prefer dealing with a non Chinese company that has their phones made in China, than a Chinese company. I am so glad of the choice I made.
    No, I didn't buy an Apple, Samsung, Google, or Motorola. I bought a different well made off brand, and will not advertise for them.
    • by beckett ( 27524 )

      But I prefer dealing with a non Chinese company that has their phones made in China, than a Chinese company. I am so glad of the choice I made.

      besides the general good feelings you have with your purchase, what data do you have that your device is any more secure than (allegedly) OnePlus, or any other Chinese company? You admit your hardware is made in China, so you're reassured by non-Chinese marketing and image, of all things??

      Absence of evidence is not evidence of absence.

      • Absence of evidence is not evidence of absence.

        agree. Security by obscurity is very strong. What you don't know, can't ..................

    • I sure hope it isn't BLU...
  • by RhettLivingston ( 544140 ) on Friday January 26, 2018 @09:51PM (#56012975) Journal

    If they are a phone company, the headline is correct. If they are an intelligence collection company, their user has absolutely given consent. The "customers" are actually the product.

    Sadly, this isn't unusual today. By looking the other way repeatedly, we have allowed ourselves to become the product for many, many businesses that we believe we are customers of. In our sickness, we believe ourselves to be the customers even when we don't pay.

  • Debunked (Score:4, Informative)

    by Anonymous Coward on Friday January 26, 2018 @11:19PM (#56013241)

    http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/

  • by Anonymous Coward

    Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)

    And most of them have no security to speak of. Root keys on dozens of systems, legacy employees with SSH keys scattered passphrase free on dozens of machines, S3 backups with root

    • Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)

      You seem good at lists. List for me sources plz. I work with plenty of H1 workers, haven't met 1 yet I would fire, or even trade for a white boy american. You all really put too much value in your nationalism, a bourgerois construct to say the least. Give me evidence that H1s aren't people deserving of respect, and I'll give you the punch in the face you've been waiting for, you liar. Seriously though, if you have a source, fucking quote it, unless you're content to just be the greenandgrey noise on just a

      • by dwpro ( 520418 )
        Your racist drivel completely missed OP's point. While you were fetishing over punching someone who says something you don't like, the OP was (vaguely and anecdotally) outlining an attack vector for hostile government access to the data of US citizens.
  • China vs America (Score:3, Insightful)

    by Anonymous Coward on Saturday January 27, 2018 @12:40AM (#56013455)

    Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.

  • Time to admit that the entire Android ecosystem and App Store model is a raging dumpster fire, and it's millions of users are unwittingly being burned to death every single day.

    Whine all you want about iOS' "Walled Garden" (which has been demonstrably untrue since iOS 8 allowed "sideloading" of Apps), but there is something fundamentally broken with the whole OS, that it allows this shitstorm on an almost daily basis for years on end.

    If Google wanted to stop this, they could. But they obviously couldn't giv

    • But iOS is a walled garden. Try to put music onto an iPhone without using iTunes. A friend was shocked when I told him he had to install it on his computer if he wanted his library on his phone. Needless to say, he returned the iPhone.
      • You outright LIED to your friend, you stupid, uninformed FUCK. You need to aplolgize to him IMMEDIATELY, and tell him you are a stupid, bigoted fucker.

        How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?

        By making iTunes the only legitimate way to interact with the phone.

        1. It doesn't keep you from having another music player. Plus There are other applications that you can use to load music onto an iOS device. Here's a few free (and non-free) alternatives. Do try to keep up, Hater:

        https://www.easeus.com/iphone-... [easeus.com]

        https://www.macworld.co.uk/how... [macworld.co.uk]

        https://drfone.wondershare.com... [wondershare.com] ...and there are literally dozens more alternat

        • by Anonymous Coward

          "...you are a stupid, bigoted fucker."

          "...keep up, Hater."

          I sincerely hope the irony of your statements is not lost on you.

    • Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.
      • Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.

        1. That was iOS 5, 6 years ago.

        2. It was easily disabled by the user on iOS

        3. On iOS, it logged nothing but diagnostic data, and had no access to ANY personal information or key logging whatsoever.

        4. It was on EVERY platform at the time; but on iOS, it was actually used for a legitimate purpose, unlike on Android.

        5. It has been gone for over half a decade..

        Nice try, Hater:

        https://www.cultofmac.com/1325... [cultofmac.com]

  • So, a corporation is stealing people's data, personal info.

    Boy am I shocked. Soooo shocked. Really- just look at my shocked face. See how shocked I am? Shocked, shocked, shocked.

Life in the state of nature is solitary, poor, nasty, brutish, and short. - Thomas Hobbes, Leviathan

Working...