OnePlus accused of collecting data through clipboard app
The app featured a list of keywords along with a method to identify bank accounts.tech Updated: Jan 27, 2018 16:08 IST
A French security researcher on Friday reported spotting a strange file called “badwords.text” in the OnePlus clipboard application that featured various keywords, indicating the company was sending identifiable data to its servers in China.
Elliot Alderson’s discovery was considered as another privacy breach as the data was being sent to a company called TeddyMobile. The data was allegedly being transmitted without users’ permission.
The file called “badwords.text” included keywords such as Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address and email among others. The file also included a method to trace bank accounts.
OnePlus, however, responded to Elliot’s discovery stating the code was exclusively aimed at the Chinese market and that it was inactive in other markets.
“There’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS , our global operating system. No user data is being sent to any server without consent in OxygenOS,” said the company.
The conditions to send your data to teddymobile server are:— Elliot Alderson (@fs0c131y) January 26, 2018
- clip data is not numeric
- not an email
- Chinese @OnePlus phone
- clipboard data matched the express pattern.
It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 usecases pic.twitter.com/Rp9HvZTF48
“In the open beta for HydrogenOS, our operating system for the China market, the identified folder exists in order to filter out what data to not upload. Local data in this folder is skipped over and not sent to any server,” it added.
In the crossfire
OnePlus may have managed to avoid another round of negative PR for the Chinese company, but it’s not the first time it has come under scanner over the privacy issues.
Last week, the Chinese handset company confirmed that nearly 40,000 credit card holders were affected by a major credit card data hack. The breach forced the company to suspend credit card payments for its online store..
In October last year, OnePlus drew major heat from its users after it was discovered that the company was collecting users’ data without their consent. After backlash, OnePlus announced it will limit the data it collects and ensure users know what data they are sharing with the company.
Another similar incident occurred in November 2017 when Alderson reported about a backdoor in OnePlus phones that could allow hackers to obtain root access to the devices.