Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. One developer found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.
People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones. Recent events, however, have made it very clear that you should really steer clear of phones like this, unless you know very well what you’re doing.
And at the xda-developers news section, they published as “accidentally pre-installed app issue”. Jesus. Some people like to believe that wrong actions done by phone makers are by accident…
Rooting doesn’t make any device insecure. It requires an actual vulnerability in order to be abused.
No, being able to get root access as a non-privileged user does make a device insecure, as at that point you can do pretty much anything you want with the system, you don’t need some other exploit to be able to trivially brick the device, or force a factory reset, or steal data off of it (although the last is not as easy now that most good Android phones come with encryption enabled by default).
Chinese and Asian companies really need to address this questionable stuff pretty soon to not fall into the trap of by default being assumed not being secure and full of backdoors. They could be good alternatives but not like this ever.
p.s. not that Intel ME and the rest are letting us feel secure at all but at least with the Intel stuff we do not have any other option.
All devices have backdoors.
I prefer the Chinese spying on me than the NSA.
The fix is actually quite easy. Yeah, ok, they poo-poo’ed the phone and didn’t tell anyone before they released it, but it’s really not that big of a deal to resolve it.
Really? Not that hard to fix? Are you actually thinking of the majority who aren’t tech savvy like old folks who can barely dial on their phones and those who neither have the time or interest to read articles warning them of this issue or are you thinking of only yourself and the few like you that know what to do about it? I think you’re misunderstanding the problem.
A backdoor is a way for someone else to get in. This is just an undocumented 1stparty root tool for the owner of the phone.
Wish they were affordable to me.
🙂