A report has unveiled that OnePlus has been collecting a large amount of analytics data from their users. These data include EMEI numbers, MAC addresses, mobile network names and IMSI prefixes, serial numbers, and more.
A post from Christopher Moore’s blog pointed out that he was proxying Internet traffic from his OnePlus 2 using OWASP ZAP during a hack challenge. This allowed him to monitor all incoming and outgoing Internet traffic on his smartphone, but then he noticed a large amount of requests to open.oneplus.net.
It seems that this these requests where sending time-stamped information about locks, unlocks, and unexpected reboots from his OnePlus 2 to the domain. After more observation, he noticed that data being sent from his smartphone also included its EMEI number, phone number, MAC addresses, mobile network names and IMSI prefixes, serial number, and even WiFi connection information.
Despite this issue, OnePlus has advised that these transmissions can be opted out of via navigating to Settings – Advanced – Join User Experience Program. You can also remove the app with ADB through USB debugging.