OnePlus' OxygenOS found to be linking device IDs to collected analytics data

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Smartphone maker OnePlus, a competitor against Apple's iPhone, is both collecting a lot of analytics data from users and linking it to personally identifiable information, according to one security researcher.

The analytics data includes information such as how often a phone is unlocked, and which apps are being opened and for how long, said Christopher Moore. While that sort of collection is not atypical — and can be switched off by opting out of the company's "user experience program" in OxygenOS settings — the company is connecting it to device information in a second stream containing things such a phone's serial number.

"We securely transmit analytics in two different streams over HTTPS to an Amazon server," OnePlus said in a statement seen by Engadget. "The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'. The second stream is device information, which we collect to provide better after-sales support."

Users can't opt out of this second stream.

OnePlus is best known for making smartphones that deliver high-end specifications for a relatively low cost. The OnePlus 5 is $479, but includes 6 gigabytes of RAM, 64 gigabytes of storage, and a dual-lens camera. A 64-gigabyte iPhone 8, while faster, ships with a single-lens camera and less RAM for $699.

OxygenOS is a modified version of Google's Android, which has sometimes come under fire for its own data collection.