OnePlus says Cyanogen OS backdoor isn’t a ‘major security concern’

OnePlus has responded to the discovery of a backdoor in its Cyanogen OS that affects the OnePlus 5 and other handsets, noting that it is not a “major security issue”.

Yesterday, it came to light that OnePlus had left a hardware testing tool made by Qualcomm called EngineerMode on the OnePlus 5, OnePlus 3 and OnePlus 3T smartphones, which could be reverse engineered and used to root the phones and essentially seize control of them.

However, on its forums a member of staff for OnePlus going by the name of OmegaHsu responded to user fears, highlighting that it would take a hacker a lot of effort and access to a phone to be able to root it and take it over.

“We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges,” said OmegaHsu.

“Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.”

But despite EngineerMode not posing much of a threat in OnePlus’ mind, in good faith it will still remove the root function from the tool on its smartphones through an over the air update.

“While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA,” explained OmegaHsu.

Related: Best Black Friday deals

Are there any dodgy phone tools that you’ve encountered? Let us know on Twitter or Facebook.