Recently we wrote that from the official website of OnePlus company stole bank card data of 40 thousand users. And today, on the Internet, information has appeared that the company collects user data and sends it to China.
What is known
One French security researcher (as it is written in his profile) with the name Elliot Alderson wrote on his Twitter that he found a suspicious file called "badword.txt" in the beta version of OxygenOS. He was lying in the application for the clipboard.
In "badword.txt" there were many different words: address, email, home, birthday, private message, shipping, etc. But the most suspicious is that this file was in the encrypted Android TeddyMobile library.
TeddyMobile is a Chinese company that identifies phone numbers using SMS messages. On the official site you can see a list of partners: Vivo, Oppo and other Chinese smartphone manufacturers.
Elliot provided a screenshot of the code, which shows that TeddyMobile collects user data: IMEI phones, addresses and even bank card numbers.
In the dry residue
It is difficult to answer for the reliability of all this information. Yes, and the company OnePlus keeps silence. But this whole situation can greatly damage the reputation of the Chinese manufacturer of smartphones.
Read in Russian: Возможно, OnePlus следит за своими пользователями