large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

OnePlus says Cyanogen OS backdoor isn’t a ‘major security concern’

OnePlus has responded to the discovery of a backdoor in its Cyanogen OS that affects the OnePlus 5 and other handsets, noting that it is not a “major security issue”.

Yesterday, it came to light that OnePlus had left a hardware testing tool made by Qualcomm called EngineerMode on the OnePlus 5, OnePlus 3 and OnePlus 3T smartphones, which could be reverse engineered and used to root the phones and essentially seize control of them.

However, on its forums a member of staff for OnePlus going by the name of OmegaHsu responded to user fears, highlighting that it would take a hacker a lot of effort and access to a phone to be able to root it and take it over.

“We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges,” said OmegaHsu.

“Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.”

But despite EngineerMode not posing much of a threat in OnePlus’ mind, in good faith it will still remove the root function from the tool on its smartphones through an over the air update.

“While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA,” explained OmegaHsu.

Related: Best Black Friday deals

Are there any dodgy phone tools that you’ve encountered? Let us know on Twitter or Facebook.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.