Linked by Thom Holwerda on Tue 14th Nov 2017 10:37 UTC
Android

Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.

People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones. Recent events, however, have made it very clear that you should really steer clear of phones like this, unless you know very well what you're doing.

Order by: Score:
accident?
by Risthel on Tue 14th Nov 2017 10:49 UTC
Risthel
Member since:
2010-12-22

And at the xda-developers news section, they published as "accidentally pre-installed app issue". Jesus. Some people like to believe that wrong actions done by phone makers are by accident...

Reply Score: 1

Comment by sj87
by sj87 on Tue 14th Nov 2017 12:37 UTC
sj87
Member since:
2007-12-16

Rooting doesn't make any device insecure. It requires an actual vulnerability in order to be abused.

Reply Score: 3

RE: Comment by sj87
by ahferroin7 on Tue 14th Nov 2017 13:28 UTC in reply to "Comment by sj87"
ahferroin7 Member since:
2015-10-30

No, being able to get root access as a non-privileged user does make a device insecure, as at that point you can do pretty much anything you want with the system, you don't need some other exploit to be able to trivially brick the device, or force a factory reset, or steal data off of it (although the last is not as easy now that most good Android phones come with encryption enabled by default).

Reply Score: 5

need to be addressed
by mmrezaie on Tue 14th Nov 2017 13:32 UTC
mmrezaie
Member since:
2006-05-09

Chinese and Asian companies really need to address this questionable stuff pretty soon to not fall into the trap of by default being assumed not being secure and full of backdoors. They could be good alternatives but not like this ever.

p.s. not that Intel ME and the rest are letting us feel secure at all but at least with the Intel stuff we do not have any other option.

Reply Score: 3

RE: need to be addressed
by unclefester on Wed 15th Nov 2017 08:41 UTC in reply to "need to be addressed"
unclefester Member since:
2007-01-13

Chinese and Asian companies really need to address this questionable stuff pretty soon to not fall into the trap of by default being assumed not being secure and full of backdoors. They could be good alternatives but not like this ever.

p.s. not that Intel ME and the rest are letting us feel secure at all but at least with the Intel stuff we do not have any other option.


All devices have backdoors.

I prefer the Chinese spying on me than the NSA.

Reply Score: 2

OnePlus Vulnerability
by loadedmind on Tue 14th Nov 2017 14:35 UTC
loadedmind
Member since:
2017-11-14

The fix is actually quite easy. Yeah, ok, they poo-poo'ed the phone and didn't tell anyone before they released it, but it's really not that big of a deal to resolve it.

Reply Score: 1

RE: OnePlus Vulnerability
by jonathan2260 on Wed 15th Nov 2017 20:52 UTC in reply to "OnePlus Vulnerability"
jonathan2260 Member since:
2013-01-18

Really? Not that hard to fix? Are you actually thinking of the majority who aren't tech savvy like old folks who can barely dial on their phones and those who neither have the time or interest to read articles warning them of this issue or are you thinking of only yourself and the few like you that know what to do about it? I think you're misunderstanding the problem.

Reply Score: 2

RE[2]: OnePlus Vulnerability
by Gecko on Thu 16th Nov 2017 07:17 UTC in reply to "RE: OnePlus Vulnerability"
Gecko Member since:
2017-11-16

First of all, this is not a "backdoor". OSNews is spreading FUD here and using click-bait articles to get more ad-revenue. The headline and assessment is completely inaccurate here. Never thought OSNews would sink to such a low level...
In reality, this thing is much less dangerous: while it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.

Edited 2017-11-16 07:20 UTC

Reply Score: 3

Not a backdoor
by Carewolf on Wed 15th Nov 2017 14:26 UTC
Carewolf
Member since:
2005-09-08

A backdoor is a way for someone else to get in. This is just an undocumented 1stparty root tool for the owner of the phone.

Reply Score: 2

affordable, high-quality phones.
by klahjn on Wed 15th Nov 2017 19:46 UTC
klahjn
Member since:
2013-08-17

Wish they were affordable to me.

:)

Reply Score: 1