Apple competitor OnePlus was recently found to be collecting much more identifiable user data than it should have been—and not informing its users as to how or why.
Security researchers found that the company’s OxygenOS, which is a modified version of Android, was collecting analytics data from users and then linking it to personally identifiable information such as device serial numbers.
The data allegedly relates to which apps are being used and the length of time they’re being used for, as well as how often the phone is unlocked. This is then connected to a second stream of information that could allow the company to tie it to distinct user data.
Users can opt out of the first stream of information by disconnecting themselves from the company’s “user experience program” in the device’s settings—but they cannot opt out of the second stream.
In response to these findings, OnePlus co-founder Carl Pei had this to say:
We take privacy very seriously and do not share analytics with third parties. Our intention has always been to better serve our users. Looking ahead, we will continue working directly with our users to do so. We appreciate your patience and feedback.
However, Pei defended the company’s data logging, saying that it created a “a better overall user experience”, and the company isn’t moving to a no-log model. Instead, their OS will now have a splash screen asking users whether they want to be involved in the program and telling them what exactly that involves. It will still enroll them by default.
The good news, however, is that certain data, like telephone numbers, MAC addresses and WiFi info, will be cut from the program entirely.
Whether or not the company can be trusted to really protect their users’ information remains to be seen, but its worth keeping an eye on this one—and, as ever, staying vigilant with the permissions you allow on your OnePlus device.