Elliot Alderson (a mobile security researcher) has discovered another factory application that was installed on OnePlus devices delivered to buyers, and this app can be exploited to steal the user’s photos and videos, but also GPS, WiFi, Bluetooth, and various other logs.
The application’s name is OnePlusLogKit, which is an application that comes preinstalled on OnePlus devices with the system privileges.
According to the researcher:
Hi @Oneplus ?! Remember me? Let’s talk about another debug app you left in your device.
OnePlusLogKit is a system application which allow you to do a multitude of things: get wifi logs, nfc logs, gps logs
Elliot wrote in a tweet that all of the user data saved by the vulnerable app is unencrypted, and this data could also likely be sent to China.
The researcher also said that all one had to do to trigger the application into logging the data and obtaining it was to dial *#800# on the device’s dial pad. This operation automatically opens up the app’s interface with which one can either switch the logging feature on or off.
Until now, It is unclear what OnePlusLogKit app actually do and why the app came pre-installed on devices.
