Elliot Anderson (mobile security researcher) has found a pre-installed factory app in all OnePlus devices running OxygenOS that could enable anyone to gain root access to the devices.
OnePlus devices (most of them) come preinstalled with an app called EngineerMode that can be used to root the device and may be turned into a completely-fledged backdoor by smart attackers.
EngineerMode is a diagnostic testing app created by Qualcomm for device manufacturers to quickly test all hardware elements of the device. It can make a series of intrusive hardware diagnosis tests, but can also check for root status, diagnose the GPS function, and more.
According to the researcher:
“Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices.”
The researcher said that anyone with physical access to a device can run the following command to root the device:
adb shell am start -n com.android .engineeringmode/.qualcomm.DiagEnabled –es “CODE” “PASSWORD”, where CODE = code and PASSWORD = angela
Anyone can check if this app is installed on the OnePlus device or not by going to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the apps list.