Smartphone manufacturer OnePlus has been secretly collecting private data from their users' smartphones in an attempt to provide better after-sales support, the company said, even though it has been shown that the data transmits directly to an Amazon server.
Chris Moore, the owner of a security and technology blog, published an article in January proving that OnePlus has been collecting private data from users, such as the phone's International Mobile Equipment Identity (IMEI) number, serial number, cellular number, MAC address, mobile network name, International Mobile Subscriber Identity (IMSI) prefix and wireless connection service set identifiers (SSIDs).
OnePlus is also collecting user data such as boot, reboot and charging screen on and off timestamps, together with application use timestamps.
The article recently gained traction, prompting a response from the company sent to Android Authority.
"We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior," the statement read. "The second stream is device information, which we collect to provide better after-sales support."
Incidentally, OnePlus was criticized in April for not providing better customer support to its users, particularly for not delivering on their promise of an Android Nougat update.
Moore discovered the security breach as he was completing the SANS Holiday Hack Challenge 2016. The blogger noticed that his OnePlus 2 was sending domain requests to open.oneplus.net.
Upon further research, Moore discovered that the code responsible for collecting user data was part of the phone's pre-installed OnePlus Device Manager application.
Moore tweeted to the OnePlus customer support account in January, to which the account provided basic fixes, such as clearing the phone's cache and performing a hard reset.
Worried OnePlus users may refer to the suggested solution offered by Twitter user @JaCzekanski which is to use the Android Debug Bridge program from Google.
