A security researcher discovered that his OnePlus 2 was sending specific user patterns to a company server without prior user permission. Moore contacted OnePlus earlier this year asking for clarification only to be led into a rabbit hole.
Anyway, without getting too in depth, Moore found out more of what was being sent to this domain: IMEI number, MAC addresses, mobile network names, Wi-Fi SSIDs, and the phones serial number. As a part of Hackathon Challenge, when he connected his Onepls 2 to a proxy for monitoring the internet traffic from his device, he noticed a lot of unnecessary request to an AWS server hosted in the US.
There are speculations that OxygenOS, the company's custom version running on top of Android, could contain a particular plug-in to enable the transmission.
Logging unexpected reboots would make sense (it could help developers fix OS bugs), but as Moore noted in his blog, recording every time the phone is unlocked or locked seemed excessive. All the data transfers are done to improve services by fine-tuning the software.
"Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone".
Since then, a Twitter user, Jakub Czekanski, has already pointed out to a solution to this unwarranted data mining. However, users aren't advised to resort to the method as removal of OnePlus Device Manager app can affect the functionality of the phone.
Basically, the default OnePlus Device Manager app seems to go a little too far in its user-tracking mission, accumulating everything from your standard "device information" to precise timestamps of screen on/off and unlock activities. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior.
This is not the first time that OnePlus has ended up in a major controversy.
For what it's worth, you can turn off the "transmission of usage activity" by unjoining the "user experience program" in your advanced settings menu. The second stream is device information, which we collect to provide better after-sales support. The company was recently found guilty of rigging the benchmark scores for its latest OnePlus 5 flagship device.
So what does OnePlus have to say about this?