ALSO READOnePlus 5 comes with better camera, tech specs and OS than its predecessors OnePlus 5T to cost more than predecessor, skip wireless charging feature OnePlus 5 sale to be invite-free; read all about specs of the smartphone No need for invite to buy OnePlus 5; read all about specs of the smartphone Watch live: OnePlus 5 launched globally; know all about specs and price of the flagship smartphone
Chinese smartphone manufacturer OnePlus and some of its latest devices are again making news for the wrong reasons. After allegations of leaking users' key device information without their permission, the concern this time is around a flaw in the operating system used in flagships OnePlus 3, OnePlus 3T and OnePlus 5. According to reports, this flaw gives backdoor root access to third-party apps. Mainly on account of EngineerMode APK, which comes pre-installed in these devices, the devices coould potentially give root access to third-party apps without unlocking the phone bootloader. The EngineerMode APK flaw came to light after a Twitter user Elliot Alderson flagged the concern that the app acted as a backdoor, giving third-party apps a potential root access without unlocking the bootloader. According to Alderson’s tweet, the EngineerMode app is developed by Qualcomm for original equipment makers (OEMs) to test hardware components or diagnostic tests on devices. However, it has the potential of enabling backdoor rooting which can be exploited. <Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build... This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6 Here are the steps:
<Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build... This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6— Elliot Alderson (@fs0c131y) November 13, 2017
Here are the steps:Soon after, OnePlus co-founder Carl Pei acknowledged the issue and tweeted that the company was looking into the matter. Later, the company confirmed the existence of such an app but denied the role of the app as a potential threat that could provide root access to third-party apps. According to the company's blogpost, the app cannot grant root access to any app unless the USB debugging mode is turned on. It claims the mode is turned off by default, so the apps cannot gain complete root access without unlocking bootloader. “The EngineerMode app is a diagnostic tool mainly used for the factory production line functionality testing and after-sales support. We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root, which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges,” read the blogpost. The company confirms that the “adb root function from EngineerMode will be removed in an upcoming OTA,” as users still have concerns. Recently, OnePlus was accused of compromising users’ confidential device data by collecting personal information of users without their permission. The company had later issued a blogpost confirming that OnePlus would scale back on data collection on its devices.