OnePlus is at it again: New covert data collection app found
Just over a month after OnePlus was caught running covert analytics on users through discreet analytics on OxygenOS, a new alarming system app has been discovered to be sending user information back to Singapore every 6 hours.
You'd think that after OnePlus was caught red-handed harvesting sensitive user data (battery life, Android version, mobile phone signal, IMEI, serial number, the numbers you call, WiFi information, detailed app activity, screen on/off) through a hidden, difficult-to-disable app in their OS, they'd take extra care to be open when it comes to user privacy.
As it happens, the sly data collection is still going on, and it's potentially even worse than before. This time it comes in the form of a system app called OPBugReportLite, the details of which were brought to light by the Twitter account of a certain Mr. Robot fan known as Elliot Alderson.
<Thread> Hi @OnePlus 👋! How are you today? Let's talk about the OPBugReportLite found in your phone.⁰This app is a pre-installed system app which sends silently, every 6 hours, the battery stats, kernel panics, watchdogs, ANRs and all crashes of your device to Singapore.
— Elliot Alderson (@fs0c131y) November 21, 2017
You can read through Elliot's entire thread here, but we've condensed the most salient points about the process below:
This app is a pre-installed system app which sends silently, every 6 hours, the battery stats, kernel panics, watchdogs, ANRs and all crashes of your device to Singapore.
To check if you have this app, go to Settings -> Apps -> Show system apps -> Search BugReportLite in the list. This app has 13 permissions: INTERNET, READ_LOGS, READ_FRAME_BUFFER, WRITE_SECURE_SETTINGS, ACCESS_NETWORK_STATE, READ_EXTERNAL_STORAGE…
When you boot your device, the OPReportReceiver start the BugReportLiteService. By default, it log the system crashes, watchdogs and the power consumption of your device
Did I forget to mention that they can modify this configuration remotely. Yes, you heard me REMOTELY! It’s a global mechanism they implemented in the Android framework and they used it a lot.
They can access very detailed information with the command “dumpsys batterystats”: get the list of installed apps, which apps are most active,
Every 6 hours, these logs are zipped in /sdcard/oem_log/OPBRLite.zip and upload to a server located in Singapore.
What does this mean for users?
What this means for OnePlus phone users is that the system app OPBugReportLite on your OnePlus device right now is recording your system and battery statistics, GPS, camera, app activity, crash data etc. and sending data to a server in Singapore every 6 hours.
This information is not anonymous and is way, way more detail than can be justified by after-sales use. Even worse, this behind-the-scenes process can be configured remotely by OnePlus, which means that, should HQ decide to, it could capture and end other types of information, for example your media files, without you knowing anything had changed.
Readers might remember that after the recent OnePlus data harvesting controversy, they agreed to make a clear opt-in process to their user experience program and thus allow the customer to explicitly permit the data collection. But this isn't the case with OPBugReportLite.
We've checked out our own OnePlus 5T and been dismayed to find OPBugReportLite active on it. It's an very disappointing downside to find on an otherwise great device. The user isn't warned about this process and it's not possible to stop this data logging, though it is possible, although tricky, to stop the upload (by disabling the system app, with root access).
Of course, OnePlus is not the only corporation interested in harvesting our valuable personal data, but this pattern of repeated invasive practices in the software can only erode the trust that users have in the company.
We are waiting for a response OnePlus about the issue and will follow up as the story develops.
What do you think? Does this kind of sly data harvesting make your blood boil? Or is it no big deal?
Source: Elliot Alderson on Twitter
I also agree with who recommend OnePlus. They need battery info etc to improve the divice. Customers only know to complain about the fauls of battery etc without telling how they use the device. And such info has no such sensitivity of privacy too. Yes, also this is not a news at least to concern. OnePlus is the best now in phone market who could satisfy common folk... All the best 1+ as far as giving good things for less price and that is the need which others fail to do...!!!
Why do tech websites always give One Plus phones a glowing review when they are secretly harvesting sensitive user data. They've been caught out once, but they're still at it, no wonder they're selling near flagship quality at a huge discount. They profit a vast amount through sharing their loyal customers data with the highest bidder it seems. Disgusting to say the least!!! and all these websites still give raving reviews you are nearly as bad as One Plus.
Hi Adrian,
we are still giving it a good rating because it simply is one of the best phones right now. Are we happy about the mess? No, not at all and we do think that OnePlus should be honest about this kind of stuff. But, I would be rather careful with the allegations you are making here. There is no proof whatsoever that OnePlus is selling the data and not just using it to improve their hard- and software. Btw. pretty much any other manufacturer is collecting the same data, with the difference that they are actually asking the user before they do so. There is no reason to destroy this phone as it is because of this issue. There is no question that they need to fix the situation though.
I'm more than certain the information One Plus collects is shared with third parties that will probably never make the news..
in my country ALL data is intercepted by my caring sharing "democratically" voted for government..
exactly the same thing that happens in other countries..
what do you think is happening in the centre of the smartphone manufacturing industry..
And they gloss over the engineering and software stupidity routinely as well.
you have recommended One Plus again and again ...
keep up the good work cos privacy for One Plus owners doesn't mean anything..
what would be really interesting to know is exactly who they share the vast amount of personal info they collect and how much they profit by customers data..