Last week, Security Researcher Chris Moore’s January blog post regarding covert data collection in OnePlus devices gained traction online. In his research, Moore detailed that those running OxygenOS had numerous amounts of personal data covertly collected.
Cellphone manufacturers have been known to openly collect data to improve the operating system and the overall user experience. Standard data collection is oftentimes randomized, safeguarded with anonymity, and would usually include data on when a user unlocks his/her phone, what apps are currently running, and the duration of when they are used and closed. OxygenOS, however, goes beyond the standard and also records the device’s phone number, IMEI, IMSI, MAC addresses, and mobile network names, thus making it easy for the company to personally identify the user effortlessly.
OnePlus has since released a statement saying that it does transmit data to an Amazon server in two different streams — usage analytics and device information. The former, OnePlus says, is used to improve the OxygenOS operation system, while the latter is meant to provide data for after-sales support. While usage analytics data collection can readily be disabled by opting out of the “user experience program” in the device’s settings, there is no way, as of the moment, to disable data collection on device information.
After a series of privacy complaints, OnePlus has also said that it will now scale back its data collection and will provide the option to opt out of the program by the end of October. Carl Pei, one of the co-founders of OnePlus, likewise said that the collection of data that defeats anonymity will be halted.