A potentially risky backdoor in multiple OnePlus devices has been just unearthed by a knowing developer, revealing a hidden app that can be potentially used to gain root access and take control over the device. According to Android Police, the app is installed on the OnePlus 3, OnePlus 3T, and OnePlus 5. The app, developed by Qualcomm, has been essentially designed for OEMs to test hardware components or diagnostic tests on device. According to Alderson, the app is installed on some of the OnePlus devices. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests. "There's an activity - dubbed 'DiagEnabled" - associated with this app, which if launched with the correct password will give you the root access.
Getting root access to a smartphone allows a hacker to access "superuser" mode, making it extremely easy to inject malware with surveillance capabilities.
Root implies to the highest degree of access to an Android operating system that is usually deployed to safeguard the privacy of the user.
Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics.
Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands. It looks like the Chinese smartphone company has accidentally left behind the app on some of its smartphone units.
Connected toys have 'worrying' security issues
Another safety advice is to always talk to your children, keep communication open when it comes to being safe online. Security experts warned that some toys which used Bluetooth wireless technology had few or no security measures.
For its part, OnePlus has confirmed that the company is looking into the claims made by the developer.
Will it affect OnePlus 5T sales?
Unlike the user data collection issue, this new PR headache might not be entirely OnePlus's fault.
OnePlus has recently accused of collecting a vast amount of sensitive private data from users' smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access.