OnePlus devices feature backdoor for root access, to be removed with update

OnePlus OxygenOS Root Access Backdoor

OnePlus accused of leaving a backdoor to give root access

While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.

With the password cracked, it's now possible for an app to enable root access on any device with the APK preinstalled. "It's used by the operator in the factory to test the devices", reads one of Alderson's tweet.

Some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which reportedly acts as a backdoor, giving people root access without the need for unlocking the phone.

The app is called EngineerMode and it is preinstalled on the OnePlus 3, 3T and 5. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone. With root access, an attacker could change just about anything about the device's software.

The developer, with the help of few cybersecurity experts, was able to discover the password and was able to root a OnePlus device with few commands. It is actually a modified version of a testing application created by Qualcomm.

Russian Federation accuses United States coalition of hampering its anti-IS operation in Syria
"Regarding Abu Kamal, this is not the only case when the USA spares terrorists", Russian Foreign Minister Lavrov was quoted as saying by Russia's official TASS news agency on Tuesday.

You can also check if this application is installed on your OnePlus device or not.

We've also we've reached out to OnePlus and will update this story when we receive comment.

Earlier, according to a post on Christopher Moore's blog, OnePlus is collecting sensitive private data like IMEI numbers, mobile network names and IMSI prefixes, MAC addresses, and more. The company claimed the data was simply for performance analytics but agreed to scale back what it collected.

The application in question is EngineerMode, in which its objective is to test Qualcomm processors easily.

The discoverer of the app had a problem.

Latest News