After credit card data breach, OnePlus has now come under the radar for allegedly sending clipboard data back to a Chinese server. Reacting to the allegations, OnePlus, however, said that no user data was being sent to any server without consent in OxygenOS.
A French security researcher with the name of Elliot Alderson alleged that the file in the OxygenOS beta called badwords.txt may have helped the company to identify some data and send it back to a Chinese server without a user’s consent.
A badwords.text file includes a list of words such as “Chairman”, “Vice President”, “Deputy Director”, “Associate Professor”, “Shipping”, “Address”, Email”, and others. The file has been found in compression archive file called “pattern” along with a number of other files. It has been revealed that “all these files are used in an obfuscated package which seems to be an #Android library from teddymobile”, Alderson tweeted.
For those who are not aware, TeddyMobile is a Chinese company that currently works with leading phone manufacturers, including OnePlus, Oppo, Vivo, Gionee, Xiaomi, and Lenovo, among others. It appears that the company has been able to recognise words and details in texts messages. OnePlus has been accused of sending users’ IEMI number (including bank account details) to a Chinese server owned by TeddyMobile.
Given the sensitivity of the issue, OnePlus responded with a statement (via Reddit) that reads:
0 comments:
Post a Comment