Is your Google Android phone privacy being invaded by OnePlus? OnePlus is a subsidiary of Guangdong Oppo Mobile Telecommunications Corporation Limited which has been obtaining quite a bit of data from owners of their smartphone devices. To some, they have been collecting too much information about you, the end user.
Developer Christopher Moore noticed some strange network activity from his OnePlus smartphone device. That phone was sending quite a bit of data to open.oneplus.net. This domain is actually legitimate and owned by OnePlus.
Christopher was able to decrypt this data and found out that quite a bit of private information was being sent to this server. Each time that phone was locked, unlocked, and restarted, a timestamp log was sent to open.oneplus.net.
“The phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number.”
This is quite the data information grab, even for a smartphone provider. This server also collects logged information about your application activity. For whatever reason, OnePlus is collecting information about when and why you open and use an application on their smartphones.
IMEI is an acronym that stands for international mobile equipment identity. This number is unique to every smartphone device in the world. This is a fifteen digit serial number used to identify your smartphone.
MAC is an acronym which stands for media access control. This is also a unique identifier. Basically, every networking device has this unique identification number used to identify that device on a computer network.
Another acronym is IMSI, which stands for international mobile subscriber identity. This is another fifteen character number used to help identify your mobile device. This number is unique and often used on global systems for mobile communication and universal mobile telecommunication system networks.
Yet another acronym is ESSID, which stands for extended service set identifier. This is not a unique number but actually an identification on a wireless network. For example, when you connect to a wireless network, you select that name from a list. You can change this name and it will appear as anetwifi as an example.
Finally, the acronym BSSID stands for basic service set identifier. This identifier is actually the media access control address for the radio interface that the client device is currently connected to. This helps to identify which exact physical hardware access point your computer or device is connected to.
A representative from OnePlus claims that an end user can disable this process of data collection. They released a statement to AndroidPolice.com.
“We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’.
The second stream is device information, which we collect to provide better after-sales support.”
That is an interesting way to define spying, at least to me. If it is indeed true that you can turn off all that eavesdropping, then at least you have that option. Another option is to uninstall the OnePlus device manager software application.
HTTPS is an acronym which stands for hyper text transfer protocol secure. This is the secure form of hyper text transfer protocol. This is widely used on networks, especially the Internet.
For example, most websites are now secured using hyper text transfer protocol secure. You will see the uniform resource locator in the address bar on your web browser. Here is an example uniform resource locator that uses hyper text transfer protocol secure.
https://www.anetcomputers.com
Finally, you could obviously stop using your OnePlus device if this type of data gathering is not acceptable.
Android Phone Privacy – Invaded by OnePlus? Video Transcript
0:01
this is Aaron with anetcomputers.com with
0:04
another video for you today I just
0:07
recently updated this blog post
0:08
pertaining to this incident with OnePlus
0:12
which I will get to in this video if
0:14
you're patient
0:16
later on in this video I'm going to
0:18
discuss Google Android phone privacy
0:21
tips now this was a few years ago
0:24
however this is to me an excellent
0:26
example of Google Android phone privacy
0:30
so what occurred was that this developer
0:34
found out that
0:38
on his OnePlus device which OnePlus is a
0:42
subserior of Guangdong Apple mobile
0:45
telecommunications corporation limited
0:48
so basically what was happening is that
0:50
he was since he's a developer he tested
0:55
his own smartphone
0:57
and he found out that there was quite a
0:59
bit of data being transferred 16
1:02
megabytes actually within what was it
1:05
like a day or so and so he decided to
1:08
investigate further but he found out
1:10
that there was quite a bit of data being
1:12
transferred from his smartphone to a
1:15
server that he didn't know about and
1:18
that's in this included in this blog
1:21
post that I wrote
1:22
so he noticed some strange network
1:25
activity from his OnePlus smartphone
1:28
okay now the domain was open.oneplus.net
1:37
and here I'm not going to go over the
1:40
quotations later on in this video I'm
1:43
going to go over some of the acronyms
1:45
included in my blog post but for now I'm
1:47
just going to just give you a quick
1:49
summary and then I will start discussing
1:52
some tips on Google Android phone
1:55
privacy tips that you could use
2:00
now that they responded with claiming
2:02
that
2:05
the type of data that they were
2:07
accumulating in this quotation
2:11
it was quite a bit of data it was like
2:13
16 megabytes I think in a 24-hour period
2:16
something like that
2:18
okay so that server that I provided
2:22
collected
2:24
logging information about application
2:27
activity so what that means is that
2:29
here's a quick example this individual
2:32
was using Google or what excuse me
2:37
Microsoft Outlook mobile
2:40
so they install Microsoft Outlook on
2:42
their smartphone and they were using it
2:45
to access their email that's pretty
2:46
normal right well this company was
2:50
accumulating
2:52
data every time they would check their
2:55
email and the application it would log
2:58
when they would open the application and
3:00
even what kind of you know data that you
3:03
know what I'm saying
3:06
and then as every time they locked that
3:09
smartphone it would log it and upload it
3:12
to that server every time they unlocked
3:15
their smartphone it would lock it and
3:17
upload it to that server
3:20
all right
3:23
now this is where the acronym parade
3:26
began later on this video I'll discuss
3:28
those acronyms
3:32
now one of the representatives form
3:35
OnePlus claimed that an end user could
3:37
disable the
3:40
data collection
3:41
okay now here was a statement they
3:44
claimed that they securely transmit
3:46
analytics in two different streams over
3:48
hypertext transfer protocol secure to an
3:51
Amazon server okay
3:53
the First Data stream they claimed was
3:56
just Analytics
3:58
to help them precisely tune their
4:01
software according to user Behavior
4:05
they claimed that you could turn it off
4:07
by navigating to settings Advanced join
4:10
user experience program all right
4:13
the second stream they claimed was used
4:15
to collect data to prove by better after
4:18
sales support
4:20
Malarkey I'll just be blunt I think they
4:23
were [ __ ] just no again you you
4:28
might want to read over this blog post
4:30
you know what I'm saying in its entirety
4:32
and the I did provide a link to the
4:36
developer and his findings now it's very
4:39
technical I read through the entire blog
4:42
post now this was six years ago but
4:43
again I updated my blog post
4:45
you know what I'm saying and then I
4:47
found out that I didn't ever recorded
4:49
the video and so I'm going to record the
4:51
video now it's older information however
4:54
same problem same problemos we're
4:57
talking about Google Android phone
4:59
privacy
5:00
tips now let me give you some tips
5:05
what you can do and I'll try to keep it
5:08
in layman's terms I'll try not to use
5:10
too many acronyms or too many technical
5:13
terms but basically what you can do is
5:16
on your smartphone even now and even in
5:19
the future you can just monitor it like
5:22
he did he noticed some suspicious
5:24
activity at first you can go through
5:26
your program list in on a Google Android
5:29
just go in and periodically or whenever
5:33
you are suspicious
5:35
and check your application list what
5:39
what applications are installed you can
5:41
also go and look in and find out what
5:44
system services and system processes are
5:47
running another thing you can do is if
5:50
you have unlimited data you may not even
5:54
you know monitor your data usage but you
5:57
could start to monitor your data usage
5:59
how much data are you using now
6:02
obviously if it's Unlimited
6:05
yeah you know what I mean you may not
6:07
even bother but you could you could you
6:09
could try to contact your service
6:10
provider look it up on the internet
6:13
and find out if they actually give you a
6:16
report
6:17
and tells you how much data you've been
6:19
using that could be very you know useful
6:22
if there's a ton of data being used and
6:25
you
6:26
you know swear or whatever oh my bad on
6:30
you excuse me political correctness on
6:32
WE censor YouTube they do not like it if
6:34
you [ __ ] swear but that's not what I
6:36
meant you know that you're not using
6:39
your smartphone that much but you got
6:41
all this bandwidth being used against
6:44
your you know if if you have a data plan
6:47
or even if it's unlimited all right
6:50
another thing is you can just kind of
6:52
study
6:54
Google Android
6:56
privacy just study it learn it I don't I
6:59
wouldn't expect an average consumer to
7:01
well let's see you know I the system
7:05
process you know it you know blah blah
7:08
blah and well it looks like it's you
7:10
know you know what I'm saying no I
7:12
wouldn't expect them to be that
7:13
technical but you can learn so those are
7:15
some quick tips
7:18
and then some possible other tips to
7:21
solve the problem is if it is a
7:24
application in this scenario they were
7:26
actually able to and I think I included
7:30
it
7:32
let me search it I'm going to search my
7:34
own blog post
7:36
I think ADB which nope
7:40
I'll remove
7:42
no I think it was manager
7:48
yeah right here
7:49
now this is this is just for the
7:52
specific
7:53
incident but you could also use this tip
7:57
okay
8:00
now I don't think you could turn it off
8:08
sorry about that that was my timer
8:12
I'm at the eight minute Mark so I need
8:15
to
8:15
you know
8:17
hurry up
8:19
and I forgot that I was using Bluetooth
8:22
I have an A Google Android a dumb device
8:26
I mean and I have timers and then I also
8:31
use it to stream music from the Android
8:33
to my laptop over Bluetooth okay so
8:36
quickly what you can do is that you now
8:39
in the sense scenario
8:42
what happens was they ended up
8:44
uninstalling the OnePlus device manager
8:47
software application all right that's
8:49
what they had to do although they had to
8:51
use this tool
8:54
that you may or may not be familiar with
8:56
it's called ADB which is an acronym it's
8:59
just a piece of software that allows you
9:01
to access your Android
9:04
and now one problem is root this OnePlus
9:08
device was not rooted
9:12
see even the developer in their blog
9:14
post they basically stipulated that they
9:19
would probably have to root it in order
9:21
to be able to
9:23
stop the process and
9:26
you know I mean and uninstall the
9:28
software what but what they found they
9:30
updated their blog post which is yeah
9:32
that's a good good idea you get a lot of
9:34
traffic that way Google likes that when
9:35
you
9:36
update your blog post so here's a tip if
9:39
you're a content creator
9:41
update your blog post okay I'm not
9:43
telling you what to do I'm just saying
9:44
that's a tip you could you can spend
9:46
time and update your blog post okay
9:49
well they later found out that if they
9:51
use the ADB tool which you have to set
9:53
your Android into developer mode and
9:55
then on depends on if it's micro crap
9:58
Microsoft Wind Blows or if it's Apple
9:59
Mac and crop or if it's Linux operating
10:02
system you have to install software that
10:05
uses ADB what it does is it connects to
10:07
your Android command line and from there
10:10
you can possibly
10:11
but they they actually didn't have to
10:14
well no my bad they were able to that's
10:17
right they were able to remove the
10:20
the device manager software but they had
10:24
to use ADB
10:26
and that was the solution
10:30
because they could not stop that system
10:32
process and they could not they noticed
10:34
that there was a software called device
10:37
manager and that device manager had
10:41
collected about 16 megabytes of data
10:43
what within a day or whatever it was and
10:46
then transmitted it to that one that
10:49
Amazon server that OnePlus created
10:51
and then there was a lot of
10:53
eavesdropping
10:55
so that so those are some additional
10:57
tips you may have to study you may have
10:59
to learn you may have to root your
11:02
device you may have to to install for
11:05
another tool like ADB or something
11:08
similar
11:09
in order for you to remove the software
11:12
that that is that it could be a privacy
11:16
security risk another possibility is you
11:20
may install software that you think is
11:23
legitimate you even off the Google Play
11:25
Store that is actually malware and
11:27
spyware and then you would use the same
11:30
tips that I went over earlier in this
11:32
video to troubleshoot to try to figure
11:34
out what application
11:36
is spying on me I mean is it YouTube I
11:39
mean is it Google is it the government I
11:41
do not know or is it this goddamn
11:43
Corporation
11:44
that thinks that they need to know
11:46
everything
11:47
you know what I'm saying and then you
11:49
can troubleshoot then you then you try
11:51
to find the source the root cause
11:53
analysis what application is collecting
11:57
all this data and sending it whether
11:59
they're collecting it or not to me is
12:01
you know I don't really care
12:03
if they if they send it to a server yeah
12:07
that's adding insult to entry I don't
12:08
want people collecting data about my
12:11
usage period you know what I'm saying I
12:14
don't know if any of this was legal or
12:15
not I'm not a legal expert you know what
12:18
I'm saying I just I'm not when it comes
12:20
to law I'm not an expert when it comes
12:22
to Information Technology law because
12:25
there's a lot these corporations get
12:26
away with a lot and a lot of times they
12:28
do write it into their privacy policies
12:31
or terms of agreement you download a
12:34
piece of software and you notice there's
12:35
like a 1000 page dissertation also known
12:38
as the terms of service and you just
12:40
scroll through and there's a bunch of
12:41
legal legalese somewhere in there
12:44
may give these companies the ability to
12:48
basically you know Snoop on you or spy
12:52
on you or collect data or whatever you
12:54
know what I'm saying okay so those are
12:56
some quick tips now if you now if you
12:58
think it's malware or spyware you can
13:00
install
13:02
programs that will possibly detect
13:05
malware and spyware on your your smart
13:08
bunk I think that about covers the
13:10
basics it can get very convoluted and
13:12
complex so now this video is already way
13:15
too long so I'm just gonna really go
13:18
fast I'm not gonna even go into much
13:21
description but where did I oh yeah
13:24
there was a locker a lot of Acura I hate
13:26
acronyms there were a lot of acronyms in
13:28
this in this report in the quotations
13:30
from this company so the first one is
13:32
IMEI ime stands for international mobile
13:36
equipment identity all right so we went
13:38
over that one Mac address stands for
13:41
that's another acronym
13:43
you know what I'm saying media access
13:46
control then there's another acronym
13:49
imsi let's go over that one real quick
13:52
that stands for international mobile
13:54
subscriber identity
13:56
than the other the fourth one was
14:00
now before that I have an advertisement
14:03
so let's take a break quickly if you
14:06
ever need any online computer technical
14:08
support you can ask a computer
14:09
technician now and get your computer
14:13
problem solved solve your computer
14:15
problem now you can browse to
14:17
anacarebearers.com or you can click on
14:20
the get Tech help
14:22
tab which will take you
14:24
to my page I have partnered with a
14:28
larger company called just answer they
14:30
have hundreds of computer technicians
14:34
that are vetted
14:38
available basically 24 hours a day seven
14:40
days a week 365 over
14:43
online chat real time chat text message
14:46
and over the telephone and and even
14:49
remote they can remotely Connect into
14:51
your computer and
14:54
help diagnose solve your computer
14:56
problem okay so back to my
14:59
blog post
15:01
now if you want to gain access to my
15:04
blog post whenever I write a new blog
15:06
post or I update an older blog post you
15:09
can follow me on Twitter twitter.com
15:10
computers my Facebook page you can like
15:13
and or follow my Facebook page
15:15
facebook.com a-n-e-t-c-o-m-p-u-t-e
15:20
and you will get notified on both
15:22
Twitter Facebook and Twitter whenever I
15:25
create a new blog post you'll get
15:27
notified or I update an older blog post
15:30
you'll get notified okay now in this
15:32
blog post I included a link to the
15:34
developers blog post
15:37
and it's very lengthy it's very
15:39
technical but you might want to read it
15:40
because you can learn a lot from them
15:43
I thought they it's very technical at
15:45
times but I thought they did a good job
15:47
of turning the technical speak into
15:50
layman's terms that even I could
15:52
understand again I'm not a developer I'm
15:56
not a security expert but I do have an
15:59
information technology background but
16:01
when it comes to development level
16:03
software level The OSI model level I
16:06
know I you know that's my not my
16:09
expertise but I do learn a lot
16:12
okay so let's there were some more
16:15
acronyms and then and then I need to run
16:17
okay essid is another acronym that was
16:20
used which stands for extended service
16:22
set identifier and then bssid another
16:25
acronym which stands for basic service
16:27
set identifier so all those actors and
16:30
then another acronym
16:33
okay so you notice in their second
16:36
quotation they use This Acronym https
16:39
which stands for hypertext transfer
16:41
protocol secure and I will go over this
16:43
one because the other ones are quite
16:45
lengthy and blah blah this one is pretty
16:47
quick
16:49
hypertext transfer protocol is what web
16:52
sites use
16:55
a web page a hypertext markup language
16:58
web page uses the hypertext transfer
17:00
protocol which is a you know the web
17:03
server serves web pages using that
17:05
protocol the S stands for secure a quick
17:08
example is in the URL the uniform is
17:11
first locator on screen https stands for
17:14
hypertext transfer protocol secure and
17:16
then
17:17
www.anacompress.com so most websites now
17:20
because of Google because of how
17:22
controlling it they are
17:24
are encrypted nowadays no not not just
17:27
e-commerce not just a store on your
17:30
website or a shop or you're selling an
17:33
ebook and you just have a web page that
17:35
is secure with SSL secure sockets layer
17:38
no
17:39
17:40
basically I would almost consider or
17:44
decided to start forcing people to
17:47
encrypt their their entire website you
17:51
know what I'm saying anyway so that's
17:52
what that stands for and that's a quick
17:54
example just to not make it too
17:56
technical
17:57
that was the last acronym I I think
18:00
that's my video I went over the original
18:03
intelligence gathering that the
18:06
developer and I went over some tips
18:08
and I even went over some of these
18:11
absurd technical acronyms that were
18:14
obsessively used oh let me this is a
18:17
little bit of overtime I went before I
18:20
recorded this video and I actually went
18:24
and read through a some comments
18:28
and I think this company was trying to
18:32
become be deceitful I don't believe I
18:36
don't I don't know you know I don't have
18:37
a OnePlus I've never had a OnePlus I
18:39
don't know if you could go to settings
18:41
Advanced join user experience program
18:43
and then that would disable it I just do
18:45
not know if that was actually but what I
18:49
didn't notice is that this same
18:50
developer he contacted OnePlus directly
18:53
over Twitter and then he got into
18:56
contact with her tech support or their
18:59
online support and this this was absurd
19:01
they told him to clear his cache
19:04
go into and use the bootloader
19:08
which has a whole nother video they but
19:11
basically what they told them is to
19:12
clear the smartphone cache
19:16
shut it down put it put it into
19:18
bootloader bootloader has a menu option
19:21
where you can clear your cache if you
19:22
did not know that on a smartphone
19:25
well when I read that I was like no no
19:27
get it
19:28
one plus to me they were basically
19:31
spying on people they were
19:34
logging and
19:37
and
19:42
issues I'm getting interrupted I need to
19:45
drink some water man
19:47
I went outside today and
19:52
they captured a bunch of user data that
19:55
to me was not necessary why did they
19:58
need to know when it when you unlocked
20:00
and locked your smartphone why did they
20:03
need to know as soon as an application
20:05
opened oh they're using you know
20:07
Microsoft Outlook oh they just checked
20:10
their email at seven o'clock
20:12
why
20:15
that's not a solution get it just
20:17
clearing your cash does not disable the
20:20
intelligence gathering they kept they
20:23
kept capturing all this data and this
20:25
even a developer didn't know how to stop
20:28
that
20:29
you know what I'm saying that no then he
20:32
contacted then he responded with him
20:35
saying no that didn't solve the problem
20:37
then their next solution was absurd they
20:40
told him
20:41
Factor reset his smartphone if you're
20:44
not aware what what that does is it base
20:47
it it removes your data and it
20:49
reinstalls Google Android operating
20:51
system back to when they manufactured
20:55
those smartphones and install Google
20:58
Android hence the term factory reset
21:00
back to back to when you know in the
21:03
factory and then from there they sell
21:05
them to you total [ __ ] again that
21:08
would not disable
21:11
OnePlus from
21:13
accumulating your data now would it
21:17
was not until he so their support their
21:21
support either did not well then I found
21:23
out that there's their technical support
21:25
they were not supposed to give they give
21:28
out instructions telling people how to
21:31
remove the software or how to disable
21:33
the services or how to disable an
21:35
application
21:36
now whether or not they were just
21:39
clueless or they were following orders
21:42
or they knew they knew that they were
21:44
that company was up to no good I do not
21:46
know just to let you know that a lot of
21:48
[ __ ] was going on he finally
21:50
contacted
21:52
people hire up in management and they
21:55
finally finally took it serious and
21:58
that's when he found out that he could
22:01
remove the device manager software
22:04
from the smartphone even though it was
22:07
rooted even though it was technically
22:09
locked but he had to use the ADB tool
22:12
then finally he was able to disable
22:15
OnePlus from continuing to accumulate
22:19
data that he did not want accumulated
22:22
because it to me yeah I this is a
22:26
privacy concern okay this video is long
22:28
enough so hopefully my video pertaining
22:30
to Google Android for our own privacy
22:32
tips was productive you can always
22:34
browse to anycomputers.com and fix your
22:37
most common computer problems you can
22:39
follow me on Twitter twitter.com
22:42
facebook.compute and ET c-o-m-p-u-t-e I
22:46
am on trouble
22:48
trouble.livecomputers twitch.tv
22:50
computers drobo and twitch I live stream
22:53
My Links here in real life video
22:56
podcasts
22:57
Twitter and Facebook I share whenever I
23:02
create new content whether it's video a
23:05
live stream or a blog post I share it on
23:06
Twitter and Facebook
23:08
and whenever I update blog posts I'm
23:10
also on instagram.com
23:13
computers ticktock.com at sign in at
23:17
computers if you want short form video
23:19
content they're for the reels you know
23:22
what I'm saying there are short rails
23:23
that I actually create using Facebook
23:25
and then I download them and save them
23:28
to my computer since they're mine I
23:30
create them and I upload them on
23:32
Facebook excuse me I upload them on
23:35
Instagram and tick tock
23:37
adios