OnePlus is at it again: New covert data collection app found

AndroidPIT oneplus 5t 2903
© NextPit

Just over a month after OnePlus was caught running covert analytics on users through discreet analytics on OxygenOS, a new alarming system app has been discovered to be sending user information back to Singapore every 6 hours.

You'd think that after OnePlus was caught red-handed harvesting sensitive user data (battery life, Android version, mobile phone signal, IMEI, serial number, the numbers you call, WiFi information, detailed app activity, screen on/off) through a hidden, difficult-to-disable app in their OS, they'd take extra care to be open when it comes to user privacy.

As it happens, the sly data collection is still going on, and it's potentially even worse than before. This time it comes in the form of a system app called OPBugReportLite, the details of which were brought to light by the Twitter account of a certain Mr. Robot fan known as Elliot Alderson.

You can read through Elliot's entire thread here, but we've condensed the most salient points about the process below:

This app is a pre-installed system app which sends silently, every 6 hours, the battery stats, kernel panics, watchdogs, ANRs and all crashes of your device to Singapore.

To check if you have this app, go to Settings -> Apps -> Show system apps -> Search BugReportLite in the list. This app has 13 permissions: INTERNET, READ_LOGS, READ_FRAME_BUFFER, WRITE_SECURE_SETTINGS, ACCESS_NETWORK_STATE, READ_EXTERNAL_STORAGE…

When you boot your device, the OPReportReceiver start the BugReportLiteService. By default, it log the system crashes, watchdogs and the power consumption of your device

Did I forget to mention that they can modify this configuration remotely. Yes, you heard me REMOTELY! It’s a global mechanism they implemented in the Android framework and they used it a lot.

They can access very detailed information with the command “dumpsys batterystats”: get the list of installed apps, which apps are most active,

Every 6 hours, these logs are zipped in /sdcard/oem_log/ and upload to a server located in Singapore.

What does this mean for users?

What this means for OnePlus phone users is that the system app OPBugReportLite on your OnePlus device right now is recording your system and battery statistics, GPS, camera, app activity, crash data etc. and sending data to a server in Singapore every 6 hours.

AndroidPIT oneplus 5t 2953
Disappointing news for fans of OnePlus phones. / © NextPit

This information is not anonymous and is way, way more detail than can be justified by after-sales use. Even worse, this behind-the-scenes process can be configured remotely by OnePlus, which means that, should HQ decide to, it could capture and end other types of information, for example your media files, without you knowing anything had changed.

Readers might remember that after the recent OnePlus data harvesting controversy, they agreed to make a clear opt-in process to their user experience program and thus allow the customer to explicitly permit the data collection. But this isn't the case with OPBugReportLite.

We've checked out our own OnePlus 5T and been dismayed to find OPBugReportLite active on it. It's an very disappointing downside to find on an otherwise great device. The user isn't warned about this process and it's not possible to stop this data logging, though it is possible, although tricky, to stop the upload (by disabling the system app, with root access).

Of course, OnePlus is not the only corporation interested in harvesting our valuable personal data, but this pattern of repeated invasive practices in the software can only erode the trust that users have in the company.

We are waiting for a response OnePlus about the issue and will follow up as the story develops. 

What do you think? Does this kind of sly data harvesting make your blood boil? Or is it no big deal?

Go to comment (6)
Nicholas Montegriffo

Nicholas Montegriffo

A cyberpunk and actual punk, Nicholas is the Androidpit team's hardcore gamer, writing with a focus on future tech, VR/AR, AI & robotics. Out of office, he can be found hanging around in goth clubs, eating too many chillies, or at home telling an unlucky nerd that their 8th level wizard died from a poisoned spike trap.

View all articles
Liked this article? Share now!

Recommended articles

Latest articles


Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • Kapila Wansa Feb 21, 2018 Link to comment

    I also agree with who recommend OnePlus. They need battery info etc to improve the divice. Customers only know to complain about the fauls of battery etc without telling how they use the device. And such info has no such sensitivity of privacy too. Yes, also this is not a news at least to concern. OnePlus is the best now in phone market who could satisfy common folk... All the best 1+ as far as giving good things for less price and that is the need which others fail to do...!!!

  • Adrian Edwards Nov 22, 2017 Link to comment

    Why do tech websites always give One Plus phones a glowing review when they are secretly harvesting sensitive user data. They've been caught out once, but they're still at it, no wonder they're selling near flagship quality at a huge discount. They profit a vast amount through sharing their loyal customers data with the highest bidder it seems. Disgusting to say the least!!! and all these websites still give raving reviews you are nearly as bad as One Plus.

    • Bastian Siewers Nov 23, 2017 Link to comment

      Hi Adrian,
      we are still giving it a good rating because it simply is one of the best phones right now. Are we happy about the mess? No, not at all and we do think that OnePlus should be honest about this kind of stuff. But, I would be rather careful with the allegations you are making here. There is no proof whatsoever that OnePlus is selling the data and not just using it to improve their hard- and software. Btw. pretty much any other manufacturer is collecting the same data, with the difference that they are actually asking the user before they do so. There is no reason to destroy this phone as it is because of this issue. There is no question that they need to fix the situation though.

      •   31
        Deactivated Account Nov 23, 2017 Link to comment

        I'm more than certain the information One Plus collects is shared with third parties that will probably never make the news..
        in my country ALL data is intercepted by my caring sharing "democratically" voted for government..
        exactly the same thing that happens in other countries..
        what do you think is happening in the centre of the smartphone manufacturing industry..

  • storm Nov 22, 2017 Link to comment

    And they gloss over the engineering and software stupidity routinely as well.

  •   31
    Deactivated Account Nov 22, 2017 Link to comment

    you have recommended One Plus again and again ...
    keep up the good work cos privacy for One Plus owners doesn't mean anything..
    what would be really interesting to know is exactly who they share the vast amount of personal info they collect and how much they profit by customers data..

Write new comment:
All changes will be saved. No drafts are saved when editing