OnePlus rolls out a probable spyware app with OnePlus 5T stable Oreo update 5.0.2: Report

Karandeep Singh
By Karandeep Singh
4 Min Read

Within a day of releasing the Android Oreo update for the OnePlus 5T, the company has been accused of including a spyware app in the update. The update is rolling out slowly and is yet to reach most of the users, but those who have received it are reporting about this suspicious app – Mkey. Above all, OnePlus has even acknowledged that the app is officially a part of the OxygenOS 5.0.2 update.

The OnePlus 5T users who have got the update installed are reporting about the app on Reddit and OnePlus Forum and the app was also spotted by HiTricks. According to the report, the concerned app came only after installing the OxygenOS 5.0.2 update with Android Oreo and wasn’t present earlier with Nougat. MKey asks for a number of permissions that are way more than what it needs for its claimed core functions, and the app wouldn’t start without them being granted.

OnePlus 5T MKey

On the front, MKey looks like a multi-use app that tries to be the phone’s default SMS app as well as keyboard app. Starting the app for the first time, a screen would appear asking the user to make MKey the default SMS app, while Its keyboard prowess includes support for various Indian languages. Moreover, the app isn’t made by OnePlus or Google, it is a third-party app being used by OnePlus for its latest flagship.

HiTricks’s report found on further investigation that the MKey is gathering much more data from your device than it should. It was found in its Cookie Policy or Privacy Policy that the app keeps note of all the websites you visit or register to, third parties are used to track your device performance and analytics, interpret mobile sessions, store username and password of your accounts on various websites for autofill, suggest products based on your browsing history, and sell your location information to advertisers.

The OnePlus representative had to say this on the OnePlus Forum:

The MKey APK is a font resource that was provided officially for India for local font compatibility needs. This can be uninstalled by users if not needed or wanted, but we are required to provide it.

Thankfully, the app can be uninstalled like a normal one. Head to the Apps section in the Settings and uninstall the notorious MKey app. This is applicable to all the cases if you have granted the app all the permissions it asked for or not. And the OnePlus 5T users that are yet to receive the Oreo update should uninstall the app soon after the update is installed.

Also Read: OnePlus 6 coming by Q2 2018 with Snapdragon 845, OnePlus CEO confirms

For the record, this is surely not the first time OnePlus has been accused of data breaches and other privacy concerns. The company first left the “EngineerMode” app in the final versions of the OxygenOS for OnePlus 3, 3T, and 5 that acted as a backdoor to root access. Recently, OnePlus devices were found to be sending clipboard information to servers in China and then later, the users’ credit card information leaked from the OnePlus’ website.


Source: OnePlus Forum, Reddit | Via: HiTricks

 

Share This Article
Follow:
When not imparting tech gyaan, Karan can be found engrossed in his favourite TV show with a mug full of coffee on one side and nachos on the other. A good laugh, some striking stories and a lot of catchy music is all he needs to pacify his anxious mind.
Leave a Comment

Within a day of releasing the Android Oreo update for the OnePlus 5T, the company has been accused of including a spyware app in the update. The update is rolling out slowly and is yet to reach most of the users, but those who have received it are reporting about this suspicious app – Mkey. Above all, OnePlus has even acknowledged that the app is officially a part of the OxygenOS 5.0.2 update.

The OnePlus 5T users who have got the update installed are reporting about the app on Reddit and OnePlus Forum and the app was also spotted by HiTricks. According to the report, the concerned app came only after installing the OxygenOS 5.0.2 update with Android Oreo and wasn’t present earlier with Nougat. MKey asks for a number of permissions that are way more than what it needs for its claimed core functions, and the app wouldn’t start without them being granted.

OnePlus 5T MKey

On the front, MKey looks like a multi-use app that tries to be the phone’s default SMS app as well as keyboard app. Starting the app for the first time, a screen would appear asking the user to make MKey the default SMS app, while Its keyboard prowess includes support for various Indian languages. Moreover, the app isn’t made by OnePlus or Google, it is a third-party app being used by OnePlus for its latest flagship.

HiTricks’s report found on further investigation that the MKey is gathering much more data from your device than it should. It was found in its Cookie Policy or Privacy Policy that the app keeps note of all the websites you visit or register to, third parties are used to track your device performance and analytics, interpret mobile sessions, store username and password of your accounts on various websites for autofill, suggest products based on your browsing history, and sell your location information to advertisers.

The OnePlus representative had to say this on the OnePlus Forum:

The MKey APK is a font resource that was provided officially for India for local font compatibility needs. This can be uninstalled by users if not needed or wanted, but we are required to provide it.

Thankfully, the app can be uninstalled like a normal one. Head to the Apps section in the Settings and uninstall the notorious MKey app. This is applicable to all the cases if you have granted the app all the permissions it asked for or not. And the OnePlus 5T users that are yet to receive the Oreo update should uninstall the app soon after the update is installed.

Also Read: OnePlus 6 coming by Q2 2018 with Snapdragon 845, OnePlus CEO confirms

For the record, this is surely not the first time OnePlus has been accused of data breaches and other privacy concerns. The company first left the “EngineerMode” app in the final versions of the OxygenOS for OnePlus 3, 3T, and 5 that acted as a backdoor to root access. Recently, OnePlus devices were found to be sending clipboard information to servers in China and then later, the users’ credit card information leaked from the OnePlus’ website.


Source: OnePlus Forum, Reddit | Via: HiTricks

 

Share This Article
Follow:
When not imparting tech gyaan, Karan can be found engrossed in his favourite TV show with a mug full of coffee on one side and nachos on the other. A good laugh, some striking stories and a lot of catchy music is all he needs to pacify his anxious mind.
Leave a Comment