Essentially, Moore monitored the incoming and outgoing traffic from his phone to discover that his OnePlus 2 was making traffic requests to open.oneplus.net. Specifically, it's been gathering massive amounts of analytics data that includes MAC addresses, IMEI numbers, IMSI prefixes, phone numbers, and serial numbers. Moore claimed that even basic things like screen on/off and unlock activities are being sent to company's servers.
He continued: "One alternative would be to stop the service every time you boot your phone (assuming it doesn't get periodically restarted) or using an app to achieve the same effect, or perhaps prevent communication with open.oneplus.net somehow". The company also stated that none of the data collected was sold for advertising, but that doesn't explain why it's been seizing so much excess information in the first place.
OnePlus is once again in the news for the fact that, the device was uploading users data to the company serves. What Moore considered excessive however is collecting data related to when users lock and unlock their phones.
He discovered that the data being sent to OnePlus' servers included the phone's IMEI number, the phone number, MAC addresses, mobile network names and IMSI prefixes, info on Wi-Fi connection and the phone's serial number.
Android Authority was able to speak to a OnePlus representative about this issue, but received an unsatisfactory response. There's no simple way for a user to know the extent of the data tracking happening, nor to disable it. Thankfully, Twitter user Jakub Czekanski, tweeted that the data transmission can be disabled permanently using ADB tool with USB debugging enabled on the device.
OnePlus later told Android Police that it securely transmits analytics over HTTPS to an Amazon server in 2 streams. OnePlus has said that the data only contains "usage analytics" which is used to "fine tune our software". The company also mention that users can also switch off data transmission activity by navigating to "Settings" - "Advanced" - "Join user experience program". In a time where user information and security of sensitive information is becoming more important, a transparent and comprehensive understanding of what information is being collected and for what objective (as well as the option to completely opt out of such collection) would be greatly appreciated in any situation. So you just hook your phone to the PC, and run the following adb command: pm uninstall -k -user 0 pkg. "The second stream is device information, which we collect to provide better after-sales support", OnePlus' statement reads.