Chris D Moore has released a comprehensive post that details his own discoveries. First of all, this was all demonstrated with Moore’s OnePlus 2. So we don’t currently know if the same thing is occurring in the more current OnePlus 3T or OnePlus 5 models. I’m sure we’ll find out soon. (Update: the statement below pretty much affirms that all OnePlus models are collecting usage data)
Moore first discovered this when he set up a security tool on his OnePlus 2, but to his surprise, the tool found traffic requests to open.oneplus.net, which directed traffic to a US-based Amazon AWS server.
Anyway, without getting too in depth, Moore found out more of what was being sent to this domain: IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phone’s serial number. He even discovered that time stamps were signaling when apps were opened and closed – stamped with the serial number of his device.
This is eerily too much information to be collecting, particularly when it can be traced back to a phone’s serial number.
Back in January, he asked OnePlus support how to disable the data collection, to which OnePlus gave unproductive answers like wiping the cache and performing a factory reset. That’s when another user on Twitter suggested he dig around on the OnePlus forums to see what he could find.
Hey @OnePlus_Support, it’s none of your business when I turn my screen on/off or unlock my phone – how do I turn this off? /cc:@troyhunt pic.twitter.com/VihaIDI6wP
— Christopher Moore (@chrisdcmoore) January 13, 2017
After deeper investigation, the culprit responsible for data collection is a system app called “OnePlus System Service”. The app can’t be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted.
A better, more permanent alternative would be to run an adb command to disable the app. Jakub Czekanski gave the suggestion early this morning, which is likely what caused the post to regain traction. here’s the command: pm uninstall -k –user 0 net.oneplus.odm
@chrisdcmoore I’ve read your article about OnePlus Analytics. Actually, you can disable it permanently: pm uninstall -k –user 0 pkg
— Jakub Czekański (@JaCzekanski) October 10, 2017
OnePlus did give a statement regarding the information collected to which is had the following to say:
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
Granted, we’re sure OnePlus isn’t the only company collecting usage information. In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what purpose (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation.