OnePlus allegedly collecting user data without consent

OnePlus phone maker is allegedly collecting user data without users' consent and is deleting related queries from its own community forum.

The Chinese smartphone maker OnePlus has allegedly been collecting user data without their consent. A UK-based software engineer Christopher Moore shared on his personal blog how the phone maker is stealing user’s data.

However, it was interesting to see that the smartphone makers were deleting queries related to the above-mentioned privacy issue on its community platform (on the phone). Many users alleged that the phone makers are deleting their queries from the community platform. It is a platform where OnePlus smartphone users post their experience and share pictures and queries related to the phone. However, when we tried looking into the post, the message pop-up was the requested thread could not be found.

It is still not clear why the smartphone manufacturer is deleting the posts, and several users in the group said, “OnePlus is trying to hide something.”

According to Bombay High Court Lawyer and Cyber Policy Expert Prashant Mali, “Collecting data amounts to a violation of privacy and also is a cognizable offense as per section 43(b) read with Section 66 of The IT Act 2000. If customers file class action suits for compensation and damages across the country then that can bring down whole company, a huge legal risk.”

Christopher Moore in his blog said, “Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.”

What amazed him was, he was shocked by the fact that, they even tracked which apps he used and when.

He said, “Those are timestamp ranges (again, unix epoch in milliseconds) of the when I opened and closed applications on my phone. From this data we can see that on Tuesday, 10th Jan 2017, I had Slack open between 20:25:40 UTC and 20:25:52 UTC, and the Microsoft Outlook app open between 21:38:41 UTC and 21:38:53 UTC, to take just two examples, again stamped with my phone’s serial number.”

However, when the engineer contacted the Shenzhen-based smartphone manufacturer OnePlus’s online team via microblogging site Twitter he got a suggestion of troubleshooting his device and later silence.

OnePlus is not the first phone company to collect its users data, according to the privacy policy of Samsung, Apple and tech giant Google, they all have mentioned in their privacy policy that they might take some user information like hardware model, operating system version, mobile network information including phone number, IMEI number, MAC address, IP address, and settings of the device you use to access the Services.

When IDG contacted OnePlus on Twitter it responded with, “We securely transmit analytics in two different streams over HTTPS to an Amazon Web Services server. The first stream is usage analytics, which we collect in order for us to more precisely fine-tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support. We do not share any analytics data with outside parties.”