OnePlus is known for its great value smartphones, but you may want to think twice before buying one. Security researcher Chris Moore has discovered that OnePlus' OxygenOS has quietly been collecting a ton of user data and transmitting it to a OnePlus server along with your phone's serial number.
Moore detailed how OnePlus devices record data at various points, including when a user locks or unlocks the screen, which apps are opened, used, and closed, and which Wi-Fi networks the device connects to. While that's fairly standard, it's almost unheard of to tie that data to the phone’s IMEI, phone number, and mobile network names, which means the data can easily be traced back to you.
According to Moore, the code responsible for the data collection is part of OnePlus Device Manager and OnePlus Device Manager Provider. Moore says in his case, the services had sent off 16MB of data in 10 hours.
Responding to the controversy, OnePlus revealed it collects two streams of data from all users. The first is termed "usage analytics," which helps it to improve its software. It also adds that this type of data-sharing can be turned off by going into settings, selecting "advanced," and turning off "join user experience program." However, the second stream, which OnePlus refers to as "device information" can't be turned off.
"We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support."