OnePlusLogKit Tracks all your WiFi, GPS, NFC, Photos and the list of Running Processes in the Phone

The same researcher has discovered another preinstalled app in OnePlus Phones sold to customers around the world. Called OnePlusLogKit by researchers, the app commands with system privileges and has a way to user’s GPS logs, WiFI data, Bluetooth, NFC, photos, videos, and list of the running methods All that without the user’s consent or knowledge.

This proposes while EngineerMode recognized an attacker to root the device; OnePlusLogKit lets criminals access individual data of OnePlus users. However, in this case, an intruder has to have physical entrance to the targeted machine and then dial *#800# click on “Get Wireless log.” In case of no real access, an attacker can use social communications to fool users into enabling the app and collect data.

Originally, the app was used by companies for testing purposes, but its proximity to the devices used by the customer is a huge privacy and security threat. There has been no explanation from OnePlus yet, however, in a forum post; staff member of OxygenOS Team OmegaHsu discussed the neighborhood of EngineerMode app in OnePlus devices:

“We’ve seen numerous statements by community developers that are worried because these apk presents root privileges. While it can enable adb root which provides privileges for adb rules, it will not let 3rd-party apps obtain full root privileges. Additionally, the adb root is only available if USB debugging, which is off by default, is used on, and any sort of root access would still require physical access to your device.While we don’t see this as a major security issue, we note that users may still have interests and therefore we will remove the adb root purpose from EngineerMode in an upcoming OTA.”

This is not the first time when Chinese firm OnePlus is in the account for all the wrong reasons. Last month the firm was also involved of collecting user data through OxygenOS while in July this year, a Reddit user from Seattle, United States gave video evidence that whenever he dialed the crisis telephone number 911, his Android-based OnePlus 5 (OP5) smartphone rebooted itself for no apparent reason.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil