OnePlus Is Again Sending User Data To a Chinese Company Without User Consent (bgr.com) 152
In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. Now, a new report says that there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or express consent. BGR reports: The French security researcher hiding behind the name Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app. A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email," and others. The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile." Now, TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company seems to be able to recognize words and numbers in text messages. And OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server, too. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone. Even bank numbers are apparently recognized. OnePlus has yet to issue a statement on the matter.
Re: Android, therefore to be expected... (Score:2)
The OS Android is not like the OS Linux. It is made by a for-profit organization, and manufacturers have to make money somehow.
This is how you have a $99 no contract phone. Surprised?
Re: (Score:3)
This is how you have a $99 no contract phone. Surprised?
And that's the key right there. "Burner" phones are loaded with the same and worse.
Re: Android, therefore to be expected... (Score:2)
Re: (Score:2)
Re:Android, therefore to be expected... (Score:5, Insightful)
Re: (Score:1)
Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.
Tend to agree with AC below. Cell phones with data spying is optional, and is a widely accepted standard operating procedure. Although, so too is the 'black mirror' world we're riding a fucking bullet train into, optional.
If you weren't such a lazy fuck you'd do something about it. That's right i'm talking to you. You pussy. Rise up if you're so mad about ultrasized corporations serving you advertisements based on your incognito mode porn watching habits. When are you going to reach your breaking point?
Re: (Score:2)
Re: (Score:2)
Apple forces me to buy an Android phone by being the only competitor and deciding to lock me into their ecosystem if I use them. Not to mention I still haven't forgiven them for not simply allowing me to access a common filesystem.
IOS 11 has a Filesystem browser as an included App. Do try to keep up, Hater.
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem? You can't run iOS Apps on an Android phone any more (or any less) than you can run Android Apps on an iOS phone?
Plus, ever since iOS 8 (which debuted over 3 years ago) Apple has officially allowed "sideloading" of Apps from ANY source on iOS devices. In fact, there is both a thriving community of Maintainers of Open Source Apps Apps
Re: (Score:2)
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?
By making iTunes the only legitimate way to interact with the phone.
Re: (Score:2)
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?
By making iTunes the only legitimate way to interact with the phone.
1. It doesn't keep you from having another music player. Plus There are other applications that you can use to load music onto an iOS device. Here's a few free (and non-free) alternatives. Do try to keep up, Hater:
https://www.easeus.com/iphone-... [easeus.com]
https://www.macworld.co.uk/how... [macworld.co.uk]
https://drfone.wondershare.com... [wondershare.com] ...and there are literally dozens more alternatives. So, next bullshit objection?
BTW, that search took zero time on Google. So you are either stupid beyond belief, or actively using willful blindnes
Re: (Score:2)
These are hoops I don't want to jump through. My android phone works like a flash drive, which is what makes sense for a portable storage device.
Re: (Score:2)
If I want several music players, the only way for me to load one library that they can all share is for me to use itunes. So yes, I am forced to use iTunes. Otherwise I must use some flaky little embedded webserver so I can upload my library individually to each app one by one with some little crappy webconsole.
These are hoops I don't want to jump through. My android phone works like a flash drive, which is what makes sense for a portable storage device.
What does your phone have to do with centralized media storage? Do you plan on using your phone as a Plex Server, FFS?!?
If you want that sort of thing, get any one of a zillion NASes, and set it up to be a media server you can access over your LAN and the interwebs via Plex, VLC, iOS "Music", etc.
But now that I've shown that you have several alternatives to using iTunes for managing the music in an iPhone, you move the goalposts yet again.
I'm on to your game. If you want to trade security of your personal i
Re: (Score:2)
Re: (Score:2)
Now I feel you are willfully being ignorant. I said nothing about central network storage and already gave good reasons why isolation on a phone is awkward.
So your comment regarding "one library they can all share" doesn't imply centralized media storage (and serving)?
Ok, then what DID you mean?
Re: Android, therefore to be expected... (Score:2)
Re: (Score:2)
"Besides, you also need to install iTunes on your PC for iPhone data reading, which is inevitable for a third-party tool. "
Now fuck off.
WTF are you blathering about now, Hater?
Re: Android, therefore to be expected... (Score:2)
Re: (Score:2)
Wow, even the biggest kool-aid drinker doesn't use that shitty iTunes. That says a LOT.
I use iTunes as a music player, but I don't NEED it for anything else.
Stop twisting my words, Hater.
Re: (Score:2)
My kids have school ipads, and this lets me take a backup outside icloud when they turn them in at the end of the year.
Re: Android, therefore to be expected... (Score:2)
Re: (Score:2)
Fuck, you're a cunt. Access the file system and use it, not just browse it.
One of the most infuriating times helping an iPhone user try and download some meditation mp3's she purchased. The instructions were to right click and save file, obviously for desktop/windows users.
So I said to just long press the link and you can just save it. NOPE, not fucking possible. You can't save a motherfucking file from Web like any other fucking device. I was floored.
Google around, need an app like dropbox. Go to install dropbox, a free app, and need to enter credit card and password had to be entered at least 4 times without leaving app store. It was so fucking frustrated because it would literally be native and simple to save a goddamn mp3. This is one of the reasons I don't consider iPhone users to be "power users" or even "productive".
Can't wait for your reply where you say this basic functionality just got added to the 11th fucking iOS.
Jesus, calm down Hater! I used the wrong term. The iOS 11 "Files" App is a lot more than just a File Browser. Is it a full-blown version of the macOS Finder for iOS. Not yet. But it is pretty good for a version 1 App:
https://www.imore.com/files-ap... [imore.com]
I don't have iOS 11 on any of my iOS devices; so I can't specifically speak to your example; but it sounds like it probably would work like you are expecting.
Does that help, Cunt?
Re: (Score:2)
Re: (Score:2)
A version 1 app for something that has been around since 1970. Way to go Apple. *golf clap*
Find me a version of iOS from 1970.
Are you saying google doesn't lock you in? (Score:2)
Boy are you naive.
Hatorade Distortion Field (Score:2)
Yet you're totally ok with being Google's product to sell to advertisers. If nothing else, with Apple you are the customer. And like most Hatebois, you probably spend a hard days work whining about Cupertino's "walled garden", before spending a nice relaxing night of playing a g
Re: (Score:2)
Re: (Score:2)
Isn't that basically what Richard Spencer says about constitutional rights?
"It's an ethnostate you virgin, who fucking cares about 'muh constitutional rights'?"
Re: (Score:2)
Re: (Score:2)
No fucking thanks.
Re: Android, therefore to be expected... (Score:2)
Re: (Score:2)
Re: (Score:1)
Not if you use a HOSTS file. (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
datafication is a byproduct of the information era. these companies and governments think they know stuff about you in general by browsing through your data in large aggregates, but that's also the same thing as google thinking I like arsenal by my googling of "fuck arsenal"
Re: (Score:2)
Except what is buried in hardware rather than software. You have changed the software not the hardware and if you a serious about backdoors at government level, they are always, always done in the hardware. So you probably only think you are safe, which is of course the typical goal of the spy vs spy types, think you are safe so you let your guard down. For one thing you probably have flagged yourself with that root, just the thing the spy vs spy types would pick up on, especially with limited numbers, from
Re: (Score:1)
part of me is concerned with humans wasting their time on this planet with bullshit like this, and the other part is content to let them waste their trite and meaningless lives of 'disrupting' and 'solutionism' and (insert money grubbi
Re: (Score:1)
Re: (Score:2)
Every single OS written before the internet was a common household thing says hi.
Re: (Score:1)
Re: (Score:1)
SLAVES built the Parthenon
SLAVES built America!
SLAVES built the iphone!
SLAVES! this is your song... thank you slaves!
Re: (Score:1)
Sorry to tell you this but slaves did not build the pyramids!
Re: (Score:2)
Sorry to tell you this but slaves did not build the pyramids!
Uhhhh, I'm pretty sure they did. The rulers of that society wrote volumes about it; it's a well-documented historical fact.
Re: why (Score:2)
Re: (Score:1)
Sorry to tell you this but slaves did not build the pyramids!
Absolutely right! :) The slavery thing was speculation by the ancient Greeks which got incorporated into the Old Testament and so now nobody can use real evidence to refute that myth without incurring the wrath of hoards of rabid Christian fundamentalists, most of whom live in the USA.
Hey America, those nut-jobs are dragging your whole country down!
Re: (Score:2, Funny)
Re: (Score:2)
would u buy a phone from china?
Because OnePlus is one of the brands with the best support from https://lineageos.org/ [lineageos.org]. I think the question is why would anyone use the original firmware?
Re: (Score:2)
would u buy a phone from china?
Because practically no one else on the planet makes them?
Re: why (Score:1)
None of my phones have been made in China, the last 3 were made in South Korea (not all Samsung are, but mine were) and the two Nokia before them were (surprisingly) still made in Finland. There is still a choice to buy from a democracy if you avoid Apple products.
Re: why (Score:2)
Why? (Score:1, Insightful)
Why are we still surprised at these stories? This is SOP, if you don't do something to stop it, you can just presume that it is being done.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Oh, they get the data. It's android. They obviously get the data.
Little late on this eh? (Score:4, Interesting)
Re: (Score:2)
OnePlus already responded and debunked his claim. This guy spreads FUD about OnePlus like it's some kind of personal vendetta.
Of course Comrade "bhcompy", of course.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
The "researcher" himself has admitted that he did not verify his claim and when pressed, could not, because no such thing is happening. It took a while for him to get around to that and in that time all the Chicken Littles who like to squawk about the evil Chinese flooded the net with their bollocks.
Re: (Score:1)
Re:Little late on this eh? (Score:5, Interesting)
Would you mind providing a link to OnePlus's response? And regarding alleged FUD: this guy discovered the adb root mode in OnePlus; is that FUD in your opinion?
Re: (Score:1)
Re: (Score:2)
TFA has been updated with a statement.
Re: (Score:2)
From the article:
UPDATE: OnePlus reached out to BGR to say that the claim that the Clipboard app is sending user data to a server is false, and that the code is “entirely inactive” in the open beta for Oxygen OS. The company says that no user data is sent to any server without consent.
In the open beta for HydrogenOS, which is the OS for China, the folder exists “to filter out what data to not upload,” OnePlus added. Local data in the folder is skipped and not sent to any server.
It does make sense that it would be a blacklist. And I certainly hope it's true that the international version of the firmware doesn't send any of this sensitive data anywhere. And if this is the case, it's because this is the sort of thing the Chinese usually don't care about, rather than because it's being forced on them by the government. They can probably get a lot more diagnostic info from China than the US/Europe without serious user complaints.
Re: (Score:2, Insightful)
So run a packet trace and show us that this is actually happening. Don't take the word of some shitty pseudo-news site.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
The sad state of manufacturers (Score:2)
No, I didn't buy an Apple, Samsung, Google, or Motorola. I bought a different well made off brand, and will not advertise for them.
Re: (Score:2)
besides the general good feelings you have with your purchase, what data do you have that your device is any more secure than (allegedly) OnePlus, or any other Chinese company? You admit your hardware is made in China, so you're reassured by non-Chinese marketing and image, of all things??
Absence of evidence is not evidence of absence.
Re: (Score:1)
Absence of evidence is not evidence of absence.
agree. Security by obscurity is very strong. What you don't know, can't ..................
Re: (Score:2)
Their user has given consent (Score:3)
If they are a phone company, the headline is correct. If they are an intelligence collection company, their user has absolutely given consent. The "customers" are actually the product.
Sadly, this isn't unusual today. By looking the other way repeatedly, we have allowed ourselves to become the product for many, many businesses that we believe we are customers of. In our sickness, we believe ourselves to be the customers even when we don't pay.
Re: (Score:1)
Debunked (Score:4, Informative)
http://www.androidpolice.com/2018/01/26/no-oneplus-still-not-sending-clipboard-data-china/
Re:Debunked (Score:5, Insightful)
Wrong! Re:Debunked (Score:2)
That is a denial, not a debunking. And it's not only a denial, it's a denial by an interested party.
A debunking would require validatable evidence substantiating claims made.
Shell companies ahd H1-B employees (Score:1)
Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)
And most of them have no security to speak of. Root keys on dozens of systems, legacy employees with SSH keys scattered passphrase free on dozens of machines, S3 backups with root
Re: (Score:1)
Make no mistake. Many "big data" companies have clients whom their own engineers are not allowed to know the name of, and have staff on H1-B visas from both sides of the same war. (Israel and Palestine, India and Pakistan, Russia and the Ukraine, Iran and Iraq, Haiti and the Dominican Republic, Miami and Atlanta. The list goes on.)
You seem good at lists. List for me sources plz. I work with plenty of H1 workers, haven't met 1 yet I would fire, or even trade for a white boy american. You all really put too much value in your nationalism, a bourgerois construct to say the least. Give me evidence that H1s aren't people deserving of respect, and I'll give you the punch in the face you've been waiting for, you liar. Seriously though, if you have a source, fucking quote it, unless you're content to just be the greenandgrey noise on just a
Re: (Score:2)
China vs America (Score:3, Insightful)
Frankly, I'd be more worried if my data was sent to an American company than a Chinese one.
Re: (Score:1)
Android is a Dumpster Fire (Score:1)
Time to admit that the entire Android ecosystem and App Store model is a raging dumpster fire, and it's millions of users are unwittingly being burned to death every single day.
Whine all you want about iOS' "Walled Garden" (which has been demonstrably untrue since iOS 8 allowed "sideloading" of Apps), but there is something fundamentally broken with the whole OS, that it allows this shitstorm on an almost daily basis for years on end.
If Google wanted to stop this, they could. But they obviously couldn't giv
Re: (Score:2)
Re: (Score:1)
You outright LIED to your friend, you stupid, uninformed FUCK. You need to aplolgize to him IMMEDIATELY, and tell him you are a stupid, bigoted fucker.
How does Apple "lock you into their ecosystem" any more than Android locks you into their ecosystem?
By making iTunes the only legitimate way to interact with the phone.
1. It doesn't keep you from having another music player. Plus There are other applications that you can use to load music onto an iOS device. Here's a few free (and non-free) alternatives. Do try to keep up, Hater:
https://www.easeus.com/iphone-... [easeus.com]
https://www.macworld.co.uk/how... [macworld.co.uk]
https://drfone.wondershare.com... [wondershare.com] ...and there are literally dozens more alternat
Re: Android is a Dumpster Fire (Score:1)
"...you are a stupid, bigoted fucker."
"...keep up, Hater."
I sincerely hope the irony of your statements is not lost on you.
Re: Android is a Dumpster Fire (Score:2)
Re: Android is a Dumpster Fire (Score:3)
Re: (Score:3)
Fuck off. Apple was already caught years ago with CarrierIQ, you don't get to throw stones.
1. That was iOS 5, 6 years ago.
2. It was easily disabled by the user on iOS
3. On iOS, it logged nothing but diagnostic data, and had no access to ANY personal information or key logging whatsoever.
4. It was on EVERY platform at the time; but on iOS, it was actually used for a legitimate purpose, unlike on Android.
5. It has been gone for over half a decade..
Nice try, Hater:
https://www.cultofmac.com/1325... [cultofmac.com]
Boy am I shocked (Score:2)
So, a corporation is stealing people's data, personal info.
Boy am I shocked. Soooo shocked. Really- just look at my shocked face. See how shocked I am? Shocked, shocked, shocked.
Re: (Score:2)
I am Jack's complete lack of surprise.
Re: (Score:2)
Nearly impossible.
Re: (Score:2)
There are allegations that the allegations are wrong. The source I checked did not include any specifics that would allow their claims to be validated. The original report contained numerous specifics that would allow third parties to validate it.
I'm not going to buy one of those phones, so I would have no way to check either, but if I'm going to decide which to believe, I'm going to believe the one that could be validated.
Re: Thank Yisus (Score:2)