It’s not been a good week for OnePlus, as after dismissing one potential security backdoor in its devices, yet another has cropped up.
The new issue is both a security and privacy one taking the from of the OnePlusLogKit, which unsurprisingly logs data about users and how they are interacting with OnePlus handsets using the pre-installed app.
The app was discovered by a security researcher going by the name of Elliot Alderson, who posted his findings on Twitter in the same fashion as when he discovered the EngineerMode tool earlier this week that leaves a potential if difficult to exploit backdoor in some OnePlus phones.
<Thread> Hi @Oneplus 👋! Remember me? Let’s talk about another debug app you left in your device.
OnePlusLogKit is a system application which allow you to do a multitude of things: get wifi logs, nfc logs, gps logs pic.twitter.com/HvnErm8rXg
— Elliot Alderson (@fs0c131y) November 15, 2017
He noted that OnePlusLogKit collects data on a handset’s NFC, Bluetooth, GPS, and Wi-Fi use among other sets of data, which could give OnePlus a fairly decent picture on how individuals are using its phones.
Such tools are used as ways to discover problems in handsets when faulty devices are returned, but having OnePlusLogKit left on functional phones seems odd and pointless, while the by-default data collection without a user’s knowledge is a breach of privacy.
And it’s also a security risk as Elliot Alderson told BeepingComputer that hackers could access the logging tool either by physically entering in ‘#800#’ into the phone via its dial pad or using malware to remotely enable access to the data logging and collection. From there they can harvest information and use it for their own nefarious purposes.
We contacted OnePlus for comment on the issue, but they did not respond at the time of writing.
All this comes ahead of the OnePlus 5T launch, potentially souring the reception of a handset that could really challenge flagship phones from the likes of Samsung and Apple.
Related: Best Black Friday deals
Does OnePlus need to reconsider the tools its uses for diagnostics? Have your say on Twitter or Facebook.