Alderson said that he would publish an app soon to allow users to simply gain root access to their devices. Intended for internal use only by the company's engineering team to test if devices are working properly, the application has managed to remain on OnePlus devices that have been shipped to consumers-and may present a threat to their security.
On Tuesday, developer Elliot Alderson tweeted that OnePlus has left behind an app that can act as a backdoor to get root access to a device without unlocking it. It's not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.
Unfortunately, it seems someone at OnePlus forgot to remove or disable the package before kicking the handsets out to the general public, and as a result multiple users now have access to what is effectively a back door in their Android phones. It is actually a modified version of a testing application created by Qualcomm.
Dubbed "EngineerMode" the tool has been designed as an easy way for phone makers to test the hardware on their devices.
Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. It is also possible to delete the app once it is discovered.
You can also check if this application is installed on your OnePlus device or not.
OnePlus did not immediately respond to a request for comment.