OnePlus has been leaking your data for a year now; Here’s how?

Aadil Raval
By Aadil Raval
3 Min Read

OnePlus is one of the fastest growing OEM in the world and especially in India and China which are by far one of the largest smartphone markets in the world. Apparently, OnePlus has been ‘unintentionally’ leaking the data of some of the OnePlus users subjected to a specific app which was revealed recently.

To put things into context, OnePlus has a “Shot on OnePlus” app within the Wallpapers settings where users can check out thousands of crowd-sourced wallpapers every day. They can upload the best photos to their apps which is then scrutinized by the Chinese OEM and then, selected few are published to the public. The thing is, OnePlus collects information like title, location, and description while the app requires users to login using their email addresses while submitting the photos. This creates a well-fit stash of data obtained from a single user and now multiply it with millions of users worldwide and that’s how much data OnePlus has been unknowingly leaking.

OnePlus has been leaking your data for an year now; Here's how?
Via 9to5Google

The report also quotes that OnePlus has been doing the same for at least a year now which means user data was blatantly available to anyone seeking for it and has an access token to find it out within the Shot on OnePlus API.

Mashable explains how the Shot on OnePlus app uses a specific API to connect the app from the data server through which, all the data goes before saving it on the data server. However, the concerning report by Mashable mentions how anyone can access ‘open.oneplus.net’ where he/she can access the data if they have an access token for the same. In fact, the data stored in this API is pretty much unencrypted which means there’s no algorithm or encryption method used to cipher the data such as name, email address, location, etc.

- Advertisement -

However, OnePlus is taking steps by placing robust security measures to secure some parts of the responsible API. It will further investigate the matter and put stringent security measures in place to prevent any misuse of the data.

 

Via

Share This Article
Follow:
A wordsmith, a kin tech observer, a sci-fi fanatic and a scientific documentary buff.
Leave a comment

OnePlus is one of the fastest growing OEM in the world and especially in India and China which are by far one of the largest smartphone markets in the world. Apparently, OnePlus has been ‘unintentionally’ leaking the data of some of the OnePlus users subjected to a specific app which was revealed recently.

To put things into context, OnePlus has a “Shot on OnePlus” app within the Wallpapers settings where users can check out thousands of crowd-sourced wallpapers every day. They can upload the best photos to their apps which is then scrutinized by the Chinese OEM and then, selected few are published to the public. The thing is, OnePlus collects information like title, location, and description while the app requires users to login using their email addresses while submitting the photos. This creates a well-fit stash of data obtained from a single user and now multiply it with millions of users worldwide and that’s how much data OnePlus has been unknowingly leaking.

OnePlus has been leaking your data for an year now; Here's how?
Via 9to5Google

The report also quotes that OnePlus has been doing the same for at least a year now which means user data was blatantly available to anyone seeking for it and has an access token to find it out within the Shot on OnePlus API.

Mashable explains how the Shot on OnePlus app uses a specific API to connect the app from the data server through which, all the data goes before saving it on the data server. However, the concerning report by Mashable mentions how anyone can access ‘open.oneplus.net’ where he/she can access the data if they have an access token for the same. In fact, the data stored in this API is pretty much unencrypted which means there’s no algorithm or encryption method used to cipher the data such as name, email address, location, etc.

- Advertisement -

However, OnePlus is taking steps by placing robust security measures to secure some parts of the responsible API. It will further investigate the matter and put stringent security measures in place to prevent any misuse of the data.

 

Via

Share This Article
Follow:
A wordsmith, a kin tech observer, a sci-fi fanatic and a scientific documentary buff.
Leave a comment