Update: A OnePlus spokesperson has given us a statement on the situation, included in the article below.
You might think true privacy is becoming increasingly hard to come by in this ever-more connected world, but most companies at least ask or warn that they’ll be collecting data.
However, OnePlus though has been found collecting device and user data, and has been accused of doing so without asking permission.
Software engineer Chris Moore discovered as much, posting on his blog that the domain open.oneplus.net has been collecting data and sending it to an AWS (Amazon Web Services) cloud account.
The data collected includes both device information, such as wireless network IDs, his cellular number, serial number and MAC address, and user data, which includes the likes of timestamps showing when specific applications were opened and closed, as well information about when the screen was on and when the phone was charging.
Moore claims that not only did OnePlus not get permission to collect this data, but some of it, such as serial numbers, can potentially be tied back to the user, so it’s not anonymous.
There's no official fix
We asked OnePlus for comment and were told: “we securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior.
"This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.”
So it seems some of this data collection can be disabled, but not all of it. Or at least, not officially.
Twitter user Jakub Czekański has explained that this data collection can be blocked by putting your phone into debugging mode and entering the command pm uninstall -k --user 0 pkg.
@chrisdcmoore I've read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k --user 0 pkgOctober 10, 2017
The process is somewhat explained in the Twitter thread, though it’s a process we wouldn’t recommend unless you know what you’re doing – and even then it could cause problems, though no-one has yet reported any that we’ve seen.
Otherwise, you might have to put up with this data collection, though given the attention it’s got we wouldn’t be surprised if OnePlus soon changes it to an opt-in process, since this isn’t the sort of publicity it needs.
- Hopefully the OnePlus 5T will avoid controversy