This is not a good year for OnePlus, as the Chinese smartphone maker had to put several fires out. The most recent issue concerned user privacy, as OnePlus has been found to collect too much data from its phones, the kind of user-identifiable information no smartphone maker should get.
A new report shows that all OnePlus phones that are in use right now, including the OnePlus 5, have a program installed that can be used to root the handset. It’s just like having a backdoor in your phone, which could be used by other apps for spying purposes.
UPDATE: Added OnePlus’s official comments on the matter at the end of this post.
Unlike the user data collection issue, this new PR headache might not be entirely OnePlus’s fault. But it certainly doesn’t look good for the company. Either the firm left the app inside the operating system willingly, fully knowing what it can do, or it did it by mistake. The latter offers OnePlus a plausible excuse, but it also implies there’s a lack of quality assurance testing when it comes to its software. #NeverSettle I guess.
The application is called Engineer Mode and it was discovered by developer Elliot Alderson
who was able to reverse-engineer it to root the handset. According to Android Police, the app is installed on the OnePlus 3, OnePlus 3T, and OnePlus 5.
So yes, if you send the command: adb shell am start -n https://t.co/yYfeX14Ioj.engineeringmode/.qualcomm.DiagEnabled –es "code" "password" with the correct code you can become root!
— Elliot Alderson (@fs0c131y) November 13, 2017
The app’s primary purpose is to test the phones during manufacturing and make sure the device is working correctly, but the app isn’t then wiped from the phone. That appears to be a massive security issue, as hackers may find ways to use it to gain access to OnePlus handsets.
What’s also disconcerting is that OnePlus did not know about it, at least according to this tweet from OnePlus co-founder Carl Pei:
Thanks for the heads up, we're looking into it.
— Carl Pei (@getpeid) November 13, 2017
Alderson did say on Twitter that the app is made by Qualcomm, but customized by OnePlus.
<Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build…🤦♂️
This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6— Elliot Alderson (@fs0c131y) November 13, 2017
Here’s how to find it on your phone:
Once again this app is a system app made by @Qualcomm. So possibly a lot of @Qualcomm based phones are affected. Can you open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the list to check? If you find the app reply to this tweet with your device model
— Elliot Alderson (@fs0c131y) November 14, 2017
The developer will release an app in the PlayStore that will let you root your OnePlus handset. That should be great news for those Android savvy users who want to root their devices.
I will publish an application on the PlayStore to root your @OnePlus device in the next hours
— Elliot Alderson (@fs0c131y) November 13, 2017
But that’s just the byproduct of a security issue that OnePlus needs to address as soon as possible, especially considering that it’s getting ready to launch a brand new OnePlus handset.
UPDATE: OnePlus addressed the matter in a blog post on its forums, explaining that a series of conditions have to be met for hackers to attack a phone using the newly discovered security issue. Nonetheless, OnePlus will fix the problem in a future software update. Here’s the company’s full response:
Friends,
Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.
Thanks,
