OnePlus leaves a backdoor in its devices in the form of ‘EngineerMode’ apk; allows root access with simple command

A Twitter user by the name ‘ Elliot Alderson’ has discovered that OnePlus is leaking a backdoor in all its devices that can allow anyone with physical access to the device to gain root access to the device. [caption id=“attachment_4146385” align=“alignleft” width=“380”] OnePlus 3T. Image: tech2/Rehan Hooda[/caption] This is a grave security concern on part of OnePlus as ‘root’ access can be achieved by a simple command. This kind of software is not something that smartphone makers are supposed to ship with their devices. The reason for this is that ‘root’ access can allow anyone to access the ‘superuser’ mode where they can install any malware with surveillance capabilities in the victim’s smartphone. What’s scary is the fact that the user will have no idea about the presence of the software as it can be hidden inside the operating system. Even security software in the smartphone will not be able to detect a well-designed malware that is installed using ‘superuser’ access.

Using @fridadotre and the script attached, I managed to bypass the escalate and isEscalated methods and become root pic.twitter.com/oXGGEIqFad

— Baptiste Robert (@fs0c131y) November 13, 2017

The entire problem stems from the presence of ‘EngineerMode.apk’ on OnePlus devices. On the surface, this app is made by Qualcomm and then customised by OnePlus for engineers to check the functioning of the device in the factory. Engineers can conduct tests to diagnose problems with GPS including a number of ‘Production line’ tests. The interesting thing to note here is the fact that this app is present in almost all the OnePlus devices back to the OxygenOS version of OnePlus One as reported by Android Police. The report pointed out that this APK was not present in the CyanogenOS that OnePlus One shipped with in the beginning.

EngineerMode APK is not the only interesting app left by @Oneplus. More thread to come :)

— Baptiste Robert (@fs0c131y) November 13, 2017

The developer explored the APK to discover that by launching ‘DiagEnabled’ activity in that APK along with a password, that particular OnePlus device can be rooted. He revealed that he intends to release an app to gain root access to all the OnePlus devices. He further stated that ‘EngineerMode’ is not the only interesting thing that OnePlus is left in its OS. The likelihood of anyone exploiting this is relatively low as the attacker will need to ‘root’ and then send the malicious app to install anything that can cause harm. But, regardless of the steps involved, this is a major flaw in the OxygenOS at the time of writing. The developer reached out to Carl Pei, the co-founder of OnePlus for a comment. Pei replied that the company is looking into the matter.

**OnePlus** has been the focal point of news since last few months. Sometimes the focus on  **the latest devices** that it was and is about to release now and other times the focus was on the **software updates** that it has been releasing on a regular basis. However, the company has been under scrutiny after it was discovered that the **company was collecting data** from OnePlus devices that could ‘personally identify’ the user with the help of the detailed analytics. The company issued a statement stating that it will **scale back its data collection** programme.