Some OnePlus users found a glaring security flaw in the company’s devices that enable easy root access. That’s not the kind of vulnerability that you want to have in your smartphone. OnePlus took its time to respond but the company has now come forward and said that it’s going to issue a fix for this. The vulnerability was discovered in several OnePlus models, including the OnePlus 5, which was released not too long ago.
It seems that this was on oversight on the company’s part. The models found to be affected have a Qualcomm testing app called EngineerMode. The app will provide root-level access to the phone without requiring a bootloader unlock.
What that means is that anyone with physical access to the device can use the EngineerMode app to install malware or trackers on the phone.
A OnePlus staff member has explained that the EngineerMode app is a diagnostic tool that’s used for functionality testing and for IT support. The member also said that third-party apps can’t get full root privileges from the EngineerMode app.
USB debugging needs to be turned on for it to work and since it’s disabled by default, that’s another line of defense against the misuse of this app.
OnePlus doesn’t see this is a “major security issue,” but agrees that users may still have concerns so the root function will be removed in the next update.