OnePlus, the company known for making smartphones and other electronics has been collecting its users data, and even worse, its not making it anonymous. The startup has built its own flavor of Android for its devices which it calls OxygenOS.
According to security researcher Chris Moore (link to report HERE), the data collected by OnePlus might be pretty standard information but its tied to the individual user and device. This information is incredibly valuable to retailers and major companies as it allows them to gather usage data (such as apps and devices used) which can be used to tailor marketing and other materials to the market as a whole.
OnePlus released a statement on the issue (full statement below) saying that they collect 2 streams of data, one is usage statistics (used to make software and hardware better) and the other is device information, which helps improve after sales support.
We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.
While this type of information is commonly collected, most collectors aggregate this data to make it impossible for specific user and device data to be singled out. With the massive leaks of personal information that have occurred in recent weeks it raises another concern for exactly how much of your data could be available for anyone to find.
The only thing for sure in this situation is that an incident like this could severely damage the company’s reputation. I only hope that OnePlus makes this type of data annonymous in the future (like most companies do with this type of data) and that no other personal data was collected without users direct knowledge.