Every phone collects information of its users. That is true for Apple’s iPhone and it’s partially true for Android phones as well. But how much is too much?
As the answer is not yet determined, a software engineer has accused OnePlus of collecting too much user data, including details that can identify users.
The company, giving an answer to the engineer’s allegations, says that the data is gathered for analytics and aftersales support.
According to a report, engineer Christopher Moore found the about the OnePlus software collecting user data on the OnePlus 2 throughout a Hack Challenge. After probing further, Moore wrote about it on his blog.
Through the Hack Challenge, Moore started to proxy the internet traffic from his OnePlus 2 using OWASP ZAP, which is a free security tool used for finding security vulnerabilities in any web applications.
Moore then discovered that OnePlus was collecting user data such as IMEI numbers, mobile network names, IMSI prefixes, MAC address and serial numbers.
After the report went viral on the internet, OnePlus in a statement to the Android Police, a tech news website, says that the company does collect the information from phones.
But, notes the company, this is to understand the issues that the users are facing and solve them in the forthcoming upgrade.
The company says,
“We securely transmit analytics in two different streams over HTTPS for an Amazon server. The first stream is utilization analytics, which we gather for us to more exactly fine-tune our software according to user behavior. This transmission of user activity can be turned off by navigating to Settings > Advanced > Join User Experience Program. The next stream is device information, which we collect to provide better aftersales support.”
Moore adds that the domain where the data was heading was owned by OnePlus, and hosted on Amazon AWS. He also claims that his OnePlus 2 was sending information about locks and unlocks and unexpected reboots.
But then, OnePlus says that the info that they gather is safe on their servers.
This isn’t the very first time a smartphone manufacturer has been accused of collecting user information without their permission.
Recently some Chinese mobile phone makers were in the news after it was discovered that these were collecting user data.
In one case, researchers found some code related to ad-ware on the cell phones made by one particular smartphone company.
Of late, the info that phone companies collect from their users has turned into a touchy point, particularly in India where the majority of the mobile phones sold are created by Chinese companies.
This probably prompted the Ministry of Electronics and Information Technology to recently issue a directive details of what all data that telephone companies were collecting from users.
The info has been sought from all major mobile phone manufacturers, including Apple and Samsung.