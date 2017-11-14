ONEPLUS HAS been accused of accidentally installing a backdoor in its products that could allow hostile actors to take control of the device.

The company, which is on the verge of launching the OnePlus 5T, has already been in trouble this year for collecting analytics which could be attributed to a specific user.

With that resolved (you can now opt out of Oxygen OS analytics) it now appears that the company has left an internal testing app within the operating system which could be exploited to give root access, and as we all know, that pretty much means anything goes for that device.

XDA Developers reports on the discovery by 'Elliot Alderson' (one for the Mr Robot fans). He reveals that the activity is still installed in OnePlus 3, 3T and OnePlus 5 devices and can be accessed through any activity launcher.

< Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build...🤦‍♂️

This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6 — Elliot Alderson (@fs0c131y) November 13, 2017

The app's existence had been previously spotted (XDA like to poke and prod in operating systems, it's what they do), but it's only now that we're really realising what it's capable of.

If you want to read the complicated version of what the heck is going on, then slide over and speak to them. But the top line is it allows you to run ADB in root mode without unlocking the bootloader.

If you know anything about Android, you'll know how bad that could be in the wrong hands. On the plus side, if you like a rooted phone, it means you can root the OnePlus range without unlocking the bootloader too.

It appears to be either a coincidence or something more, but the password is 'Angela' and that's another Mr Robot character. Is that because Qualcomm has the same sense of humour? Or could this be an inside job?

Everything here is done at your own risk. We've asked OnePlus for comment. µ