At a time when data theft is one of the biggest concerns for consumers using a variety of smart devices, Oneplus has been found guilty of breaking its customers' trust. A user discovered that his OnePlus device was sending Personal Information to an offsite server, without express permission from him. Many important aspects of the smartphone usage and the app usage were collected by this server belonging to OnePlus.

How did the company betray users' trust?

The collection of personal data by the phone maker was first discovered by security researcher Christopher Moore.

Last year, Moore found that his OnePlus 2 was guilty of sending huge chunks of personal information to a server belonging to the company. While mobile phone manufacturers are known to collect data as a form of feedback to understand which features of the smartphone users take advantage of most, OnePlus's analytics data collection was much greater than other OEMs.

All of the collected data was sent to an HTTPS domain, named open.oneplus.net. Moore discovered that among the leaked data were his smartphone's screen and unlock information. Data such as serial number, sudden restarts of the phone, IMPEI, MAC address, phone numbers, mobile carrier names, IMSI prefixes, and even wireless network connections were also collected.

Moore also discovered that the domain belonging to the company also kept track of which apps were used on the smartphone, keeping timestamps of the usage. Moreover, the phone maker also recorded the reason why the user opened a particular app. OnePlus Device Manager and the OnePlus Device Manager Provider programs are responsible for sending this information to the OnePlus domain.

It is even more surprising to know that OnePlus tried to keep this breach of the user's security under wraps. When Moore contacted the company after uncovering the data leaks, he was provided with some basic troubleshooting suggestions, none of which solved the actual problem. After some time though, OnePlus simply refrained from contacting Moore about the matter, essentially downplaying a huge issue.

However, even though OnePlus has not resolved the issue, users have been able to figure out a way to bypass the leak of this personal information, without rooting the smartphone in question.

What did OnePlus say?

OnePlus confirmed that it did collect analytics data from its users in two separate streams. Both of these streams are securely transmitted without a chance of a third-party getting their hands on this information. The usage analytics stream can be turned off by navigating to Settings, Advanced, and Join user experience program. However, it can also be disabled by using the ADB program and connecting the OnePlus device to the PC.