According to a post on the OnePlus forums, “While checking what kind of network traffic is being sent when checking for updates I happened to notice that my IMEI is being sent over plain HTTP for some reason? I don’t think this needs any explaining why this is a very bad idea, since it means anyone else on the same network as me could easily intercept my IMEI (think of untrusted wifi networks, for example).”
For those unfamiliar as to why this is a big deal, your device’s IMEI is unique to your handset. This means that just like your car engine’s VIN, every phone has an IMEI that identifies the device specifically. If someone got ahold of your IMEI, it is possible that they could have your device blacklisted, cloned and used to conduct illegal business transactions, and so on.
However we should point out that this is assuming that you are updating over an unsecured network and have someone else on the same network fishing for IMEIs, which we reckon would be a rather slim chance, but still this is something OnePlus ought to look at.
Filed in OnePlus.. Read more about