OnePlus OxygenOS built-in analytics

15 bookmarks. First posted by wn october 2017.

info about and how to remove what OnePlus collects.
phone  oneplus  data  collections  howto  android  privacy  security 
october 2017 by jeffjensen
Moore was doing a holiday hack project, and happened to leave his OnePlus2 phone's internet traffic going through an analyser, which showed some heading for
<p>OK, so it looks like they’re collecting timestamped (the ts field is the event time in milliseconds since unix epoch, which we’ll be seeing more of) metrics on certain events, some of which I understand - from a development point of view, wanting to know about abnormal reboots seems legitimate - but the screen on/off and unlock activities feel excessive. At least these are anonymised, right? Well, not really - taking a closer look at the ID field, it seems familiar; this is my phone’s serial number. This I’m less enthusiastic about, as this can be used by OnePlus to tie these events back to me personally (but only because I bought the handset directly from them, I suppose).

I leave the traffic proxied for some time, to see what other information is collected, and boy am I in for a shock…
[picture shows the data flow...]

Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.

It gets worse.
[picture shows more data slows]

Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone. From this data we can see that on Tuesday, 10th Jan 2017, I had Slack open between 20:25:40 UTC and 20:25:52 UTC, and the Microsoft Outlook app open between 21:38:41 UTC and 21:38:53 UTC, to take just two examples, again stamped with my phone’s serial number.

It gets <em>even worse</em>.</p>

Basically, surveilling you; you have to remove the OnePlus Device Manager app, which <a href="">isn't trivial</a>.

Next question: how many other Android smartphones do this on the quiet? If OnePlus does, presumably other Oppo and vivo phones do too. And those sites will be targets for hackers.
security  android  privacy  oneplus 
october 2017 by charlesarthur
This is a MAJOR violation of trust, . Not done.
from twitter
october 2017 by jace
OxygenOS is collecting a lot of personal info about your phone usage : cc
from twitter_favs
october 2017 by nielsk
OxygenOS is collecting a lot of personal info about your phone usage : cc
from twitter_favs
october 2017 by peba
RT : Hey OnePlus users. look at the level of data you share with your OEM. I'm sure this is not an isolated case with 1+
from twitter
october 2017 by tnhh