Collecting data on how someone uses a piece of hardware or software is important if companies and developers are trying to figure out what works and what doesn’t, like what kind of problems users might be running into, whether or not things like battery is optimized and functioning correctly, and so on.
For the most part, these analytics tend to be anonymized, as in they don’t contain data that could identify you or your device specifically. Unfortunately the same cannot be said for OnePlus, where in a report by software engineer Christopher Moore (via Android Police), he has found that OnePlus has been collecting identifiable analytics data from its users, such as IMEI numbers, MAC addresses, mobile network names, IMSI prefixes, and serial numbers, just to name a few.
This was discovered during a Hack Challenge where Moore found that there were a large number of network requests to a domain that appeared to be owned by OnePlus. After decrypting the data that was sent (using the authentication key on his phone), it was found that the data sent was about how his device was performing along with any reports of unexpected reboots, but like we said, it was also discovered that it contained identifiable information about his device.
In a statement provided to Android Police, OnePlus said, “We securely transmit analytics in two different streams over HTTPS to an Amazon server. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support.”