 "Beware: OnePlus phones giving backdoor access to apps; patch coming soon")
Chinese smartphone manufacturer OnePlus and some of its latest devices are again making news for the wrong reasons. After allegations of leaking users' key device information without their permission, the concern this time is around a flaw in the operating system used in flagships OnePlus 3, OnePlus 3T and OnePlus 5. According to reports, this flaw gives backdoor root access to third-party apps. Mainly on account of EngineerMode APK, which comes pre-installed in these devices, the devices coould potentially give root access to third-party apps without unlocking the phone bootloader.
The EngineerMode APK flaw came to light after a Twitter user Elliot Alderson flagged the concern that the app acted as a backdoor, giving third-party apps a potential root access without unlocking the bootloader. According to Alderson’s tweet, the EngineerMode app is developed by Qualcomm for original equipment makers (OEMs) to test hardware components or diagnostic tests on devices. However, it has the potential of enabling backdoor rooting which can be exploited.
Anderson also explained how one could check the device to know if one's smartphone had the EngineerMode app pre-installed. Here are the steps:
Soon after, OnePlus co-founder Carl Pei acknowledged the issue and tweeted that the company was looking into the matter. Later, the company confirmed the existence of such an app but denied the role of the app as a potential threat that could provide root access to third-party apps.
According to the company's blogpost, the app cannot grant root access to any app unless the USB debugging mode is turned on. It claims the mode is turned off by default, so the apps cannot gain complete root access without unlocking bootloader.
“The EngineerMode app is a diagnostic tool mainly used for the factory production line functionality testing and after-sales support. We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root, which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges,” read the blogpost.
The company confirms that the “adb root function from EngineerMode will be removed in an upcoming OTA,” as users still have concerns.
Recently, OnePlus was accused of compromising users’ confidential device data by collecting personal information of users without their permission. The company had later issued a blogpost confirming that OnePlus would scale back on data collection on its devices.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%