OnePlus seems keen on getting on the bad side of its users. This time, a software engineer named Christopher Moore discovers that the company has been sending not just analytics data of its phones’ users but other personally identifiable pieces of data like IMEI numbers, MAC addresses, mobile network names and IMSI prefixes, serial numbers, and many more. Moore discovered this activity while participating in a hack challenge. His OnePlus 2 was sending time-stamped information about locks, unlocks, and unexpected reboots, too. The code responsible for collecting this data is part of OnePlus’ Device Manager and Device Manager Provider.
Addressing this issue, OnePlus claims you can turn this activity off on your own saying, “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.” We’re not sure why OnePlus didn’t make this an opt-in feature if all they’re really after is analytics data and supposedly better after-sales support (which we might want to point out is something people have been complaining about). It frankly leaves a bad taste in our mouths.
Source: Android Authority + Android Police