Report: OnePlus caught collecting identifiable user data without permission

Update: A OnePlus spokesperson has given us a statement on the situation, included in the article below.

You might think true privacy is becoming increasingly hard to come by in this ever-more connected world, but most companies at least ask or warn that they’ll be collecting data.

However, OnePlus though has been found collecting device and user data, and has been accused of doing so without asking permission.

Software engineer Chris Moore discovered as much, posting on his blog that the domain has been collecting data and sending it to an AWS (Amazon Web Services) cloud account.

The data collected includes both device information, such as wireless network IDs, his cellular number, serial number and MAC address, and user data, which includes the likes of timestamps showing when specific applications were opened and closed, as well information about when the screen was on and when the phone was charging.

Moore claims that not only did OnePlus not get permission to collect this data, but some of it, such as serial numbers, can potentially be tied back to the user, so it’s not anonymous.

There's no official fix

We asked OnePlus for comment and were told: “we securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. 

"This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.”

So it seems some of this data collection can be disabled, but not all of it. Or at least, not officially. 

Twitter user Jakub Czekański has explained that this data collection can be blocked by putting your phone into debugging mode and entering the command pm uninstall -k --user 0 pkg.

The process is somewhat explained in the Twitter thread, though it’s a process we wouldn’t recommend unless you know what you’re doing – and even then it could cause problems, though no-one has yet reported any that we’ve seen.

Otherwise, you might have to put up with this data collection, though given the attention it’s got we wouldn’t be surprised if OnePlus soon changes it to an opt-in process, since this isn’t the sort of publicity it needs.

This is especially following other complaints about the company, such as its failure to support recent handsets, misleading camera description and a bug that prevented users calling 911.

James Rogerson

James is a freelance phones, tablets and wearables writer and sub-editor at TechRadar. He has a love for everything ‘smart’, from watches to lights, and can often be found arguing with AI assistants or drowning in the latest apps. James also contributes to, and and has written for T3, Digital Camera World, Clarity Media and others, with work on the web, in print and on TV.