Users were left unaware of the information which OnePlus was collecting on users.
Last week, a software engineer discovered that his OnePlus phone was sending an inordinate amount of information back to OnePlus. Upon closer inspection, he learned that this was not your typical analytics collection seen by many phone manufacturers. Instead, this data was quite intrusive. Collecting information including the phone’s IMEI number, phone number, MAC addresses, mobile network names and IMSI prefixes, as well as Wi-Fi network information, phone serial number, and every single app that was opened or closed. This is the type of data collection users fear from malware, and it was built right in to the OxygenOS employed by OnePlus.
OnePlus responded to this discovery by informing users that they could go in and turn this data collection off if they so chose. In their terms, this data collection was optional. There is a slight problem with that thought process though. As the user was forced to opt-out of this collection and there was no mention of the extent of information being collected in it’s terms of service agreement, users were left totally unaware that this information was being collected.
After discovery, the company has agreed to change their ways. OnePlus co-founder Carl Pei stated within OnePlus’s forums,
“By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.”
That should be good news for all, however knowing that this is how the company had been doing business before being found out, should leave a bad taste in any user’s mouths.