OnePlus co-founder Carl Pei took to the forums in an attempt to reassure users that OnePlus’ data collection is all in good faith.
Just last week, OnePlus was caught harvesting personally identifiable information from OnePlus devices. This information included your device’s IMEI number, phone number, serial number, MAC addresses, names of mobile networks and even IMSI prefix codes. The company also collected information on irregular boots, app startup, shutdown times, etc.
To be clear, OnePlus did all of this data collection without notifying the user that it was doing so. Any of this personally identifiable information can be misused to identify and track individual devices and users.
When asked for clarification on why this data collection was happening, OnePlus claimed that the usage analytics and other data was being collected to help OnePlus improve its services and provide better support.
We specifically asked OnePlus why the company needs personally identifiable information and to cite examples of how this personally identifiable information benefited the user. We’re yet to hear back from OnePlus.
In response to backlash from the users, Carl Pei finally broke his silence to say that, “We take our users - and their data privacy - very seriously.” He claimed that data collection was “standard industry practice”, and it is, and that users had a right to know why the data was being collected and how it was used.
Now the analytics data collection was already adequately explained away as necessary for improving the OS and services, and this is fine, if it is anonymised. Pei’s response focussed on this aspect and, as OnePlus already explained in its initial statement, explained how to opt out of this.
And that’s it. He literally had nothing else to say, whether about why the company was collecting personally identifiable information or what the company was doing with it. Pei also did not explain what the company would do with the data that was already harvested.
Pei did have more to add, but little of the rest is truly relevant and in the absence of any kind of mechanism for accountability, amounts only to idle promises.
Pei claimed that the data that has been harvested has not been shared with third parties and that “by the end of October, all OnePlus phones running OxygenOS” will ask users if they want to share data with OnePlus and that the setup wizard “will indicate that the program will collect usage analytics.” The terms of service will also “explain the analytics collection.”
All of this is pointless because most phones collect analytics data.
Most importantly, Pei says that, “we will no longer be collecting telephone numbers, MAC Addresses and WiFi information” which is an implicit acknowledgement that OnePlus was collecting personally identifiable user data.
Again, we’d like to point out that Pei has not explained what they needed the data for, nor what the company intends to do with the data already harvested.
We're not convinced that OnePlus was collecting user data in good faith, and judging by the responses on Pei's forum post, many users are of the same opinion. OnePlus just can't seem to stop shooting itself in its own foot.
If you’re a OnePlus user who cares about their privacy, here’s a solution.
Pei’s complete statement can be found here.
Updated Date: Oct 14, 2017 17:03 PM