Chinese mobile manufacturer, OnePlus, is no stranger to scandals. From scandals about benchmark test manipulation on the OnePlus 3T and recently OnePlus 5, the brand is trailed every step of the way by controversies and allegations of sharp practices. Ad now, we have yet another OnePlus scandal and it is about data privacy this time.
Yet Another OnePlus Scandal
This time, a UK-based researcher who was completing the SANS Holiday Hack Challenge 2016 observed that his OnePlus 2 smartphone was making requests to a domain which he had not seen before, open.oneplus.net. Further examination led to him discovering that the phone was collecting very personal, sensitive data, including the following:
- IMEI numbers
- MAC addresses
- IMSI prefixes
- wireless network ESSID and BSSID
- serial numbers
- timestamps of app activities stamped with the phone’s serial number
You can read up all the details from Chris Moore HERE. But that is a whole lot of very personal information being collected without his knowledge and his permission.
Why would OnePlus be collecting information about what apps you open, when you open them, when you lock and unlock your phone?
Chris argues that “This kind of data collection, especially one containing information that can be directly tied back to me as an individual, should really be opt-in and/or have an easily accessible off switch”. I agree.
OnePlus has responded with the following statement:
We take our users – and their data privacy – very seriously. We want to take this opportunity to tell you a little more about data collection on OnePlus devices; explain what we are collecting and why; and map the changes we will make going forward to address your concerns. While data collection is a standard industry practice, we realize that our users have the right to understand how and why it is done. Please know that we take this matter seriously and will proactively take steps to improve going forward.
OnePlus devices using OxygenOS securely transmit analytics in two different streams, usage analytics and device information.
The reason we collect usage analytics through the user experience program is so we can better understand general phone behavior and optimize OxygenOS for a better overall user experience. At any time, users can opt-out of usage analytics collection by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’.
The reason we collect some device information is to better provide after-sales support. If you opt out of the user experience program, your usage analytics will not be tied to your device information.
We’d like to emphasize that at no point have we shared this information with outside parties. The analytics we’re discussing in this post, which we only look at in aggregate, are collected with the intention of improving our product and service offerings.
By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.
The OnePlus response is an admission that the company collects personal, sensitive information, including “telephone numbers, MAC Addresses and WiFi information”.
How Much Does OnePlus Care About user Privacy?
OnePlus’ statement starts with “We take our users – and their data privacy – very seriously”. But do they? if they did, why wait until someone blows the whistle before coming open with this? Why wait till now to stop collecting some of those info? And why is it now that it is all out in the open that the company wants to implement a way to ask for permission?
The brand keeps creating trust issues for itself. Already, many mobile enthusiasts do not trust OnePlus benchmark tests in reviews.
This situation will only worsen the distrust that many already have towards the OnePlus brand. Why should users settle for this?