A recent analysis has shown that smartphone maker OnePlus has been collecting massive amounts of analytics data from their phone owners. The company is collecting IMEI numbers, MAC addresses, mobile network names and IMSI prefixes, serial numbers, and more important data on a regular basis.
OnePlus data collection was detected by Christopher Moore, a software engineer who began to sift through the internet traffic from his OnePlus 2 smartphone using OWASP ZAP. OWASP ZAP is a free security tool which helps the user to find security vulnerabilities in their web applications when developing and testing applications. Nonetheless, after detailed inspection, Moore found that his phone was frequently sending data to the open.oneplus.net server over HTTPS. Moreover, Mr. Moore was able to decrypt the data which revealed that his handset was sending time-stamped information about locks, unlocks, and unexpected reboots. He also found that some of the data being sent to OnePlus servers included the phone’s IMEI number, phone number, MAC addresses, mobile network names and IMSI prefixes, Wi-Fi connection info, and the phone’s serial number. At the time of this writing, it is not clear if this data collection is specific to the OnePlus 2 that was used for testing this. For its part, OnePlus says that the data collection can be disabled,
