comscore OnePlus caught leaking email addresses via 'Shot on OnePlus' app

OnePlus caught leaking user email addresses via 'Shot on OnePlus' wallpapers app: Report

Apparently, OnePlus was intimated about the flaw in early May, but the issue didn't get resolve despite the fix was rolled out. The company indeed silently leaked email addresses of the app users.

  • Published: June 16, 2019 1:57 PM IST

(Representational image)

OnePlus has reportedly leaked out email addresses of hundreds of their users for multiple years through the Shot on OnePlus wallpapers app. According to a report by 9to5Google, the API which establishes a link between OnePlus server and the ‘Shot on OnePlus’ app found leaking the email addresses associated with the photos. It essentially allows users to submit images with details to feature as wallpapers for everyone, and get credit for it. Also Read - Xiaomi India teases Redmi K20 Pro as 'World's Fastest Phone'; again takes a dig at OnePlus 7 Pro

Also Read - OnePlus 6T discount on Amazon India extended; now available for Rs 27,999

When users upload a photo on the wallpapers app, the company lets them enter a title, a location, and a description of the image they submit. Then the photo gets evaluated and approved by the company. It then appears publicly as a wallpaper and gets available to all the users. It also appears within the gallery on the company’s website. Also Read - OnePlus 7 Pro Almond color variant goes on sale today: Price, Specifications

“It is unclear for how long this leak was happening, but because OnePlus had no reason to make this data public after the application was out, we believe is was leaking data since its release – multiple years, at least,” noted report.

In early May, the Chinese company was reportedly informed about the security flaw. However, the issue didn’t get resolve despite the fix. Now it appears, the company indeed silently leaked email addresses of the app users. As per report, a “gid” in the API is used to identify users. It had two alphabets and unique numbers that could potentially be used to access sensitive data, including the name and email addresses.

Watch Video: OnePlus 7 Pro First Look

Having said that, no user has so far reported about the details being exploited through this security flaw. Also, the report mentions that emails collected by the app are not publicly accessible. The company initially didn’t respond to 9to5Google. But later provided a statement noting that the, “OnePlus takes security seriously, and we investigate all reports we receive.”

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: June 16, 2019 1:57 PM IST

You Might be Interested

OnePlus 7 Pro


Android 9 Pie
Qualcomm Snapdragon 855
Triple - 48MP + 16MP + 8MP
OnePlus 7


Android 9 Pie
Qualcomm Snapdragon 855 SoC
48MP + 5MP

new arrivals in india

Best Sellers