OnePlus' Security Flaw Has Finally Been Fixed
Har Devarukhkar - Aug 16, 2019
OnePlus is found to have been leaking users’ personal data for years. Fortunately, the company has reportedly fixed this security flaw.
- AnTuTu Reveals Best Smartphones in October In Flagship & Mid-Range Segment
- Apple Promises To Fix macOS Flaw That Left Encrypted Mail Messages Unprotected
- OnePlus 8 Pro Leaked To Feature A 120Hz Display & Snapdragon 865 SoC
OnePlus, a Chinese smartphone manufacturer has eventually dealt with its users’ personal information leak security flaw that has happened for years ever since OnePlus One was introduced to the public. In June, 9to5Google published a report saying that smartphones of this brand had “unknowingly” exposed sensitive data of hundreds of users for a long period of time. However, not until this security issue was made known to the firm did it start an investigation into the problem.
Although OnePlus has made no official statement about the fix, according to a recent report of 9to5Google, the security flaw has been addressed.
The serious flaw in security was detected a month ago in a pre-installed application called “Shot on OnePlus”, which can be found through the Wallpapers selection menu. The app offers a platform where users can upload their photos. Every day OnePlus will select one photo to publicly feature within the app as well as on its website and other users across the globe can use these photos as wallpapers.
To get started, users have to be logged in to the OnePlus account using their email address. When uploading a photo to the app, they are required to add a title, a location and a description of the photo. In this way, the app gets information about users’ names, locations, and email addresses and the data was reportedly leaked via the application.
All OnePlus users having “Shot on OnePlus” app on their devices got affected by this security flaw. It is still not clear how long users’ personal information had been leaking through the app, but the leak must have happened for no less than a year. The problem was allegedly due to the weak API (Application Programming Interface), which established a link between the app and its server. According to 9to5Google, OnePlus API is “hosted on open.oneplus.net — can be used by anyone with an access token”.