A key vulnerability in the API is a ‘gid’ which is an alphanumeric code used to identify a user.
Chinese smartphone maker OnePlus had earlier had scruffs with data leaks back in 2017 when it was found that the company was
**collecting detailed information about users' data** without their permission. Now it appears OnePlus is back in the news again with more data leaks and this time it concerns in the Shot on OnePlus app. [caption id=“attachment_6729081” align=“alignnone” width=“1280”]![The biggest improvement is on the back where the OnePlus 7 gets a bigger 48 MP camera. Image: Tech2/Omkar P]()
OnePlus 6T and OnePlus 7. Image: Tech2/Omkar P[/caption] The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally. However, as per a
9to5Google report, it would seem that that API which made the connection between the app and OnePlus server was leaking important user data such as email addresses, names and countries associated with the users who shared the photos. The API, which was hosted on open.oneplus.net, is quite easy to access with an access token, said the report. “It is unclear for how long this leak was happening, but because OnePlus had no reason to make this data public after the application was out, we believe it was leaking data since its release — multiple years, at least,” the report notes. A key vulnerability in the API is a ‘gid’ which is an alphanumeric code used to identify a user. The gid has two parts which are two letters that mark whether a user is from China (CN) or somewhere else (EN) and a unique number like 123456. As per the report “this ID is used by OnePlus’s API to find photos uploaded by a particular user or to delete them. It could also be used to get information about that user (name, email, country) and even update this information without any real security.” Currently, there have been no reports of user data being exploited by this flaw. When 9to5Google asked OnePlus about this flaw, the company said “OnePlus takes security seriously, and we investigate all reports we receive.” The report also states that “OnePlus appears to be working on a fix for the API. At the moment, getting and modifying account information is blocked, with the following message appearing: Functionality upgrading, please try again later.”
 "OnePlus working to fix ‘Shot on OnePlus’ wallpaper app that leaked user data")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
