Published in Mobiles

OnePlus sent data back to China again

by on29 January 2018


OnePlus still phones home

In October 2017, a researcher caught OnePlus silently collecting all sorts of data from its users. That created a bit of a stink and OnePlus promised it would not happen. But it seems there's still a OnePlus app that can grab data from the phone and send it to servers in China without a user's knowledge or consent.

A French security researcher who uses the handle Elliot Alderson on Twitter detailed OnePlus's data collection practices back in October, and he has now discovered a strange file in the OnePlus clipboard app.

A Badword.txt file contains various keywords, including "Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email" and others.

The file is then duplicated in a zip file called pattern alongside six other .txt files. All these files are apparently used in "in an obfuscated package which seems to be an #Android library from teddymobile".

TeddyMobile is a Chinese company that works with plenty of smartphone makers from China. The company can recognise words and numbers in text messages.

OnePlus is apparently sending your phone's IMEI number to a TeddyMobile server. It looks like the TeddyMobile package might be able to grab all sorts of data from a phone.

Even bank numbers are apparently recognised.

OnePlus has yet to say anything about it. 

 

 

Last modified on 29 January 2018
Rate this item
(0 votes)

Read more about: