Submitted via IRC for Bytram and SoyCow1937
OnePlus mobiles are phoning home rather detailed information about handsets without any obvious permission or warnings, setting off another debate about what information our smartphones are emitting.
Software engineer Christopher Moore discovered that the information collected included the phone's International Mobile Equipment Identity, phone numbers, MAC addresses, and mobile network among other things. Moore further found that his OnePlus 2 was sending information about when he opened and closed applications or unlocked his phone to a domain at net.oneplus.odm.
OnePlus, for the uninitiated, is a Chinese smartphone manufacturer that specialises in developing and marketing Android phones, recently launching a higher-end model. Its earlier models gained a lot of cachet from their by-invitation-only status.
[...] Privacy-focused users have the option of stopping these data collecting system services every time they boot the phone or removing these via ADB (Android Debug Bridge utility), a process that wouldn't require an initial rooting of the device.
Source: https://www.theregister.co.uk/2017/10/12/oneplus_privacy_concerns/
According to The Verge,
Chinese smartphone manufacturer OnePlus is collecting data from its users and transmitting it to a server along with each device's serial number, according to security researcher Chris Moore. In a January blog post (which has gained newfound attention this week), Moore detailed how OnePlus devices running OxygenOS record data at various points, including when a user locks or unlocks the screen; when apps are opened, used, and closed; and which Wi-Fi networks the device connects to. That's all relatively standard.
But OnePlus also collects the phone's IMEI, phone number, and mobile network names, so the data sent is identifiable to you personally with little to no effort required, which is what makes this very problematic. According to Moore, the code responsible for the data collection is part of OnePlus Device Manager and OnePlus Device Manager Provider. Moore says in his case, the services had sent off 16MB of data in 10 hours.
(Score: 3, Insightful) by bob_super on Monday October 16 2017, @04:41PM (3 children)
You need to open an office on one of the US's coast, and then this will be considered perfectly normal business. Spy on the whole world for maximum stock value!
It helps if you change your name, and get a new one that starts with F, U, M, A, or G...
(Score: 0) by Anonymous Coward on Monday October 16 2017, @04:51PM
Facebook, Uber, Microsoft, Apple, Google
...Right?
(Score: 5, Interesting) by Runaway1956 on Monday October 16 2017, @04:59PM (1 child)
Yep. We have pretty invasive monitoring by our own phone companies, but in this case, it's the Chinese. The only difference is, when an American company does it, it's expected, when a Chinese company does it, it's evil. Same story we had with the Russians and Kaspersky antivirus. https://soylentnews.org/article.pl?sid=17/10/13/0510225 [soylentnews.org]
Some folks may not understand how much spyware is installed on their telephones by their telcos. This article doesn't explicitly name telcos, but it does assert that the malware was installed somwhere in the supply chain, before the customer ever took possession. https://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/ [checkpoint.com]
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @08:47AM
For most people the bigger threat is the government of the country they live in than some government in some other country. So I'd be more afraid of using that phone if I were someone in China than if I were a US citizen.
For similar reasons that's why you might want to get an iPhone if you're living in China. Doesn't matter if the NSA is spying on you if you're stay in China and never leave[1].
[1] Merely avoiding the USA doesn't mean you're safe. As Kim Dotcom, Snowden, Assange, Roman Seleznev, etc have proven the arm of the US Gov regularly extends further than the USA and to levels lower than "ruler class" (like Saddam, Gaddafi, Assad, Kim) and top executives. That said the Chinese Gov might be more willing to sacrifice a random citizen to the US Gov than the Russian Gov (I'm just going by gutfeel here - e.g. the USA would have to pay less in $$$ or secrets/politics to China to get you).
(Score: 0) by Anonymous Coward on Monday October 16 2017, @05:18PM (14 children)
This is not the technological future I was promised.
I am being used. What choice do I have, though?
(Score: 2) by takyon on Monday October 16 2017, @05:31PM
It's benefiting Management Engine
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by Runaway1956 on Monday October 16 2017, @06:05PM (11 children)
Don't blame the tech. Blame management. Blame government. Blame greedy investors. Blame consumers. No one CARES that they are being watched, they "have no secrets to hide". Until, one day, they do have secrets, but then it will be to late to do anything about the constant surveillance. But, don't blame the tech. That phone does exactly what it is designed and programmed to do. The phone is faultless.
(Score: 5, Insightful) by bob_super on Monday October 16 2017, @06:41PM (3 children)
In short: Blame money.
We could live in a great utopian society where anyone can communicate with anyone else, learn anything, share ideas, see the world, build spaceships to other worlds...
But we are dealing with the legacy of hundreds of years of lunacy, violence and hate, and the great driver of it all: greed. We can do so much, yet we squander it because we're a bunch of selfish squabbling morons.
Human are really a sad species.
(Score: 1, Informative) by Anonymous Coward on Monday October 16 2017, @06:54PM
"Human are really a sad species."
Disagree. Most species behave similarly. It's only sad if you think people are something other than animals.
Hint: we are very smart apes. Adjust your expectations accordingly.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @12:57AM
More precise, blame usury, which is prohibited by most of the major religions.
(Score: 2) by DeathMonkey on Tuesday October 17 2017, @06:49PM
Without money how would we force children to make those utopian communications devices?
(Score: 0) by Anonymous Coward on Monday October 16 2017, @07:03PM (6 children)
I will blame tech.
Tech is the enabler that allows assholes to strip mine your privacy.
It's like saying, "Guns don't kill people, people kill people." Big no-duh there, but leaves out the essential part that "People with guns can easily kill a hell of a lot more people."
(Score: 0) by Anonymous Coward on Monday October 16 2017, @09:34PM (3 children)
Good news!
There's no second amendment equivalent of tech. So you can just outlaw it much more easily than the whole nasty gun thing.
Go on, you go first. I'll watch how you do it.
(Score: 0) by Anonymous Coward on Monday October 16 2017, @10:56PM (1 child)
That does nothing to take away from the truth of what I said.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @12:16AM
Wait, which AC are you? the first one? the previous one? or this one?
I'm so confused...
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @11:47PM
You're talking about the U.S. If the government were to (attempt to) take away people's phones the First Amendment would pertane.
(Score: 2) by Runaway1956 on Tuesday October 17 2017, @12:53AM (1 child)
If you can blame inanimate objects for people's actions, yeah, it's tech's fault.
The "enablers" you are looking for can be found in the capitals around the world.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @05:13AM
Hey gun nut, try using your brain and rereading what I wrote.
The tech is an ENABLER that because of its efficiency makes practical what was once impossible or at least much, much smaller in scope at best. Tracking people is trivial now due to tech that would have previously required way too many people to pull off with more manual methods. The USA was not East Germany not so much out of principle as that we weren't willing to devote so many resources to it. With modern tech, tracking is almost free so we now do it routinely. The tech made it possible.
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @05:39AM
WHEN was tech supposed to benefit you? Friendly reminder that luddites will be eventually right.
(Score: 3, Funny) by MichaelDavidCrawford on Monday October 16 2017, @06:48PM (6 children)
A couple weeks ago I used safari to google "spinal surgery". The first website I visited advised me to try Chiropractic first. My Chiropractor is doing well at stopping the pain from the pinched nerve in my neck.
Starting today, Facebook is showing me ads for spinal surgery. FB also showed me an ad for one of the companies I list in The Global Computer Employer Index
That I'm being shown such carefully individual advertisements makes me feel unsafe. Consider also the problem faced by closeted gay Republican politicians.
When I get home it will be:
128.0.0.1 ssl.googleanalytics.com
128.0.0.1 hosted-pixel.com # I Am Absolutely Serious
That will work on my Mac mini but I'll need to jailbreak my iPhone 7 so I can edit its hosts file. I've been reluctant to jailbreak because Apple warned that jailbroken devices might brick themselves during a firmware update.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by coolgopher on Tuesday October 17 2017, @01:27AM (4 children)
Or you could configure your local DNS server to deal with those resolutions for all devices on your network. Just make sure you redirect any traffic to 8.8.8.8 and 8.8.4.4 to your DNS server.
(Score: 2) by kazzie on Tuesday October 17 2017, @01:11PM (3 children)
That'll help at home, but what about cellular data when aout and about?
(Score: 0) by Anonymous Coward on Tuesday October 17 2017, @02:18PM (1 child)
there's not much stopping your celluar data problem. perhaps don't use cellular data except for emergencies and stop relying on it as a convenience?
it's possible to also get a cheap phone for actual phone usage and then a wifi only device for data usage.
i realize some people can't live the dream when requiring they apply mental filters like that, but really it's their behavior that fueled this fire to begin with. click next to continue agree, free app won't pay for anything except within the app itself and click like/share contact list with some company to "share" with friends instead of purposefully emailing a link no one will trace (depending on your email service anyway)
ignorant people ruined the internet and allowed commercial interests to take over.
if you dont want commercials I guess the best option is not to tune in. you cant put your phone in tin foil and still hope to get calls, so maybe it is better to use different devices to achieve various purposes.
all-in-wonders have drawbacks. sometimes it helps to not sync it all together into one magical device that can lie to you and sell you out as it profits off your secrets. better to control what it knows
or get a cheap android like the one reporting to china... and just dont put your entire life into it. just use it for specific purposes. no reason to reject it all.. just be careful with what you do with these toys.
(Score: 1, Informative) by Anonymous Coward on Tuesday October 17 2017, @11:50PM
> there's not much stopping your celluar data problem.
He could install Orbot. https://www.guardianproject.info/apps/orbot [guardianproject.info]
(Score: 2) by urza9814 on Thursday October 19 2017, @12:39PM
Install a VPN server in your router and run your cellular data through the VPN so everything resolves through your home servers.
(Score: 2, Funny) by Anonymous Coward on Tuesday October 17 2017, @02:41PM
hey man you say this a lot
i guess its worth repeating
but at least get your loopbacks right.
128.0.0.1 belongs to some cable/dsl company in the netherlands. I am pretty sure you don't want some cable operator elsewhere profiting off your misrouted guidance. think of the latency!
its like that guy that registered a@a.com before I did. he said he got all sorts of weird shit in that address. i am so unhappy i didnt register it in time.
(Score: 4, Insightful) by Rich on Tuesday October 17 2017, @05:59PM
It must've been about two years ago that I bought a china phone out of pure curiosity about how bad they are. 80 Euros for a Doogee X5 Pro. Aside from the questionable name (Doggy Poo?) the only crap thing was the camera (but they were honest enough to give both the physical and interpolated specs in their advertising). Aside from that, everything else is top notch (1280p IPS, replaceable battery, sd slot, twin sim, proper unpacking experience). Side by side, it doesn't look or feel any worse than an iPhone 4C. I use it as PDF reader in the gym. There's also a cheaper variant (X5) that doesn't have the 64-bit quad core, but only 32 bits, that today can be had for 55 Euros, shipping and VAT included. That leaves 40 Euros for the device leaving China. Take that, whoever analyses the BOM costs for the top brands.
This price is so low that I don't believe even the Chinese can build something like that and have it delivered to my doorstep for it. Where's the catch? The only thing that looks murky to me, is a pre-installed software called "Adups", which purports to be be a Firmware over the Air provider. However, it seems that Adups makes Windows 10 look like a schoolboy when it comes to spying on the user. Cf. https://www.digitaltrends.com/mobile/kryptowire-adups-news/ [digitaltrends.com]. Being a firmware updater, it also has root to start with.
Doing the math, if I was a government, and wanted to completely map the telecommunications of other countries, and have access to everyone over not more than one indirection, I guess I'd have to subvert about 5% of the installed device base (assuming each endpoint has more than 20 contacts on average). For 1 bn people in the western world, that's 50 million phones. Assuming a subsidy of 50 Euros each, the total sum would be 2.5bn EUR. Which doesn't look particularly expensive for a state actor to me.