OnePlus has once again found itself in the middle of a controversy when it comes to handling user data. This time around, the controversy stems from the newly released Clipboard app that comes preinstalled on OnePlus smartphones.
A Twitter user claims that the app sends usage statistics including IMEI information and device model to a server in China. The user found a file within the clipboard app that identifies what kind of data is being copied to the clipboard including a list of phrases called “badwords.txt” with method associated to identify bank account numbers.
In a statement shared with BGR India, OnePlus denied the claim that Clipboard app has been sending data to a server. “The code is entirely inactive in OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS,” the company said in a statement.
The company further clarified that “badwords.txt’ exists in HydrogenOS, the operating system specific to company’s devices sold in China but it is meant to filter out data not to be uploaded to any server and not the other way around. “In HydrogenOS, our operating system for the China market, the identified folder exists in order to filter out what data to not upload. Local data in this folder is skipped over and not sent to any server,” the company added.
The bottomline here is that the information discovered by the Twitter user is inactive in the source code and it only exists in HydrogenOS, a software used only in OnePlus devices sold in China. The badwords.txt is also programmed to blacklist the data (mostly critical ones) from being sent to server located in a remote location. The interesting part of this whole controversy is that a lot of OnePlus users didn’t even know about the app as evident from comments in the original Twitter thread.
OnePlus also made it clear that the code was found in OxygenOS open beta and not the final build and the number of open beta users would be quite small. OnePlus should probably be more transparent about what data it collects and transmits and primarily better differentiate its global and China-specific operating system.
The fact that OnePlus was earlier found to be collecting user data by adding a piece of code called “Engineer Mode” to its software made this whole finding more dramatic. The company also recently acknowledged breach of credit card information on its website. The Twitter user has also acknowledged the conditions to send data to a remote server including the need for a Chinese OnePlus phone.
With these technology giants controlling more of our data, it is needless to say that they are more empowered in handling critical data. Early this week, Microsoft announced plans to add a viewer on Windows 10 that will show its users what data is being collected and allow them to decrypt and understand data usage. OnePlus, being a relatively smaller company, should have better transparency in place to ensure user data is not being collected or shared to outside vendors.