OnePlus has still to fully recover from the data collection allegations it faced last month, and now fresh allegations have surfaced over user privacy. One developer claims that it is possible to obtain root access on the OnePlus phones without unlocking them.
Easy access to OnePlus devices
On Tuesday, developer Elliot Alderson tweeted that OnePlus has left behind an app that can act as a backdoor to get root access to a device without unlocking it. The app in question is EngineerMode APK, and it has been developed by Qualcomm for the device manufacturers to test hardware components. According to Alderson, the app is installed on some of the OnePlus devices. However, XDA-Developers claim that the app comes pre-installed on OnePlus 3, OnePlus 3T, and OnePlus 5 smartphones.
So yes, if you send the command: adb shell am start -n https://t.co/yYfeX14Ioj.engineeringmode/.qualcomm.DiagEnabled –es "code" "password" with the correct code you can become root!
— Elliot Alderson (@fs0c131y) November 13, 2017
The Engineer Mode APK is capable of diagnosing GPS, run automated tests, check root status among other things. The developer also stated that deploying the “DiagEnabled” activity found in the APK with a specific password, it is possible to root the device.
Getting root access to a smartphone allows a hacker to access “superuser” mode, making it extremely easy to inject malware with surveillance capabilities. Worse, the security software in the smartphone will fail to diagnose any such issue if the “superuser” has installed some high-tech malware in the system, notes First Post.
Root implies to the highest degree of access to an Android operating system that is usually deployed to safeguard the privacy of the user. Speaking to Hindustan Times, Alderson said, “This loophole is a backdoor. So it’s not dangerous, it just means anybody with the password can plug your phone to a computer and take all your data.”
Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands. The developer claims that the company has left behind the software intentionally, and he will come out with the application for rooting OnePlus devices without unlocking. OnePlus co-founder Carl Pei tweeted that the company will study the claims made by the developer, according to The Mobile Indian.
“Thanks for the heads up, we’re looking into it,” Pei tweeted.
Will it affect OnePlus 5T sales?
Not long ago, researchers found out OnePlus phones were collecting data without informing the users. At the time, OnePlus stated that the whole purpose of collecting data was to improve the service. Following the allegations, OnePlus took some steps, and added the new “opt-in” option for the user experience program.
OnePlus will be hoping that these latest allegations will not affect the sales of its smartphones. Meanwhile, the Chinese company is all set to launch the OnePlus 5T on Nov. 16 in New York. The company recently announced that the $40 launch event tickets are sold out, and the funds collected from the sale of tickets will go towards the advancement of tech innovation.
Talking of the specs, the OnePlus 5T will come with a 6.01-inch full HD+ (2160 x 1080) AMOLED display, a different aspect ratio from that of the OnePlus 5. Both 6GB and 8GB RAM models will come powered with the Snapdragon 835. Further, a user can choose from the 64GB or 128GB storage. Encased in the metallic body, OnePlus 5T will have the dual camera set up and run on Android 8.0 Oreo.