If you are using a OnePlus smartphone, you might have faced the security problems these phones caused or at least have heard about it.
OnePlus phone used to leak personal data of the users for many years and many users remained unaware of that.
It’s security issues became a major problem for the users and therefore caused a huge loss in the company.
In the month of June 2019, 9to5 Google reported that OnePlus smartphones were leaking crucial personal data of the users ‘unknowingly’.
If you are a OnePlus user, then there is good news for you all. OnePlus security issues have finally been resolved. Although, this news was reported by 9to5 Google and not by OnePlus itself.
So, let’s take a look into the article to get a definite knowledge regarding OnePlus Security, the flaws associated with it and how OnePlus have fixed it.
OnePlus Data Collection: The Foremost Reason Behind OnePlus Security Issues
OnePlus comes with an application called ‘Shot on OnePlus’. To sign in, you have to use your email ID. This application is meant for users to upload photos.
OnePlus selects the best photo from your gallery and displays that photo publicly in the app. You will find this app below the ‘Wallpapers’ menu. The data which got leaked directly got transferred to servers in China without user’s knowledge.
Not only emails, names and photos but also the application leaked alphanumeric codes known as ‘gids’ that OnePlus uses to identify individual users.
The code specifies if a user is from China or any other place. It also holds a sole digital identification number.
Also, the API of OnePlus applies this ID to get photos uploaded by a distinct user and delete them if essential.
The second section of the code is just a mere number which makes it more accessible to hack data. So, other users could easily be hacked just by simply altering the digits.
What was the Actual Problem?
Reports say that the application was responsible for leaking the email IDs, names and locations of the users. This data leak has become a major problem from last year.
The Application Program Interface (API) of the ‘Shot on OnePlus’ app was mainly responsible for this flaw. It is hosted on ‘open.oneplus.net’ which can be accessed with the access token.
Also, the Application Program Interface of OnePlus made a link between their server and the application was very easy-to-access in spite of carrying personal data that belonged to the users.
The API mainly got access to public photos but also you could get a path to delicate data that should ordinarily not be open.
OnePlus 6 is an amazing smartphone with lots of outstanding features. But here is something that will not make you excited about this device.
It had a pretty serious security problem that gave many tech-savvy hackers a path to extract important personal data from your phone provided that they complete access to it with the help of a PC nearby.
The attacker or hacker has to boot the phone through a fast boot mode as well as flash a modified image. To gain full control of the device, the boot image has to be modified with an insecure Android Debug Bridge (ADB).
Detection of the Flaw
Researcher Jason Donenfeld first noticed that the bootloader on the OnePlus 6 isn’t as locked down as it should be.
It is the device’s part of the phone’s built-in firmware. This becomes responsible for stopping you from replacing the OnePlus Operating System with any alternative.
These OnePlus phones allow you to boot any code you want to, even when the bootloader is seemingly locked, outwardly having to jump through the typical protection loops first.
To utilize the defect, someone would need substantial passage to your phone, a computer or a laptop, and a USB cable.
The manufacturer has verified in a report that a fix for the glitch is going to be rolling out soon, but until then don’t let your OnePlus 6 out of your ken.
There are very fewer assets that can evoke the data from your phone, so do not panic. But for such an advanced smartphone, security peculiarities should be very firm which OnePlus failed to provide initially.
Other Associated Security Faults
In October, OnePlus had come under fire. This happened because a software engineer spotted that Oxygen OS was dispatching a large mass of analytics data to the corporation. It is inclusive of the phone number, MAC addresses, names of networks the mobile is using and IMSI prefixes, data of Wi-Fi connection, the serial number of the phone. It even includes the phone’s IMEI number along with every other application ever used.
How did OnePlus Fix the Problem?
OnePlus did not respond in a direct way when people reported OnePlus about this issue. But something good happened which resulted in the quick establishment of distinct alteration to the API. It does not ooze any data including emails as well as photos.
It also added more security facilities to some parts of the API for the flaws. OnePlus now tries to ensure that only the Shot on OnePlus app uses the API but this can be neglected very efficiently.
OnePlus security problems did not start in 2018. This issue was introduced a long time back. Christopher Moore, a software engineer, reported this security issue for the first time.
He discovered the fact that OnePlus has been leaking private data about users within the app applied analytics.
All the OnePlus smartphones became a victim of these horrible security flaws. The new models that are ready to step in the market ensure the customers complete data protection. OnePlus team has renewed the applications on all of its devices individually. OnePlus being aware of the leaks now has made sure that people should not suffer any longer. The time has come to make the world free of worries.
I hope this article was fruitful enough to make you aware of the problems it has created. Do not hold any negative thoughts about it as it has resolved the problems and you can be sure about the products they will be selling now.
OnePlus team did not let their hard work get wasted. They have worked day and night on the operating system and the API. The very necessary update of the “Shot on OnePlus” is proving its worth to the world now.