ONEPLUS HAS PLAYED DOWN reports about its smartphones shipping with an app that gives users root-level access to the phones without needing to unlock its bootloader
It was revealed on Tuesday that the internal testing app, dubbed EngineerMode, could be exploited to give root access, and as we all know, that pretty much means anything goes for that device.
XDA Developers reported on the discovery by 'Elliot Alderson' (one for the Mr Robot fans). He reveals that the activity is still installed in OnePlus 3, 3T and OnePlus 5 devices and can be accessed through any activity launcher.
< Thread> Hey @OnePlus! I don't think this EngineerMode APK must be in an user build...🤦♂️— Elliot Alderson (@fs0c131y) November 13, 2017
This app is a system app made by @Qualcomm and customised by @OnePlus. It's used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6
The app's existence had been previously spotted (XDA like to poke and prod in operating systems, it's what they do), but it's only now that we're really realising what it's capable of.
If you know anything about Android, you'll know how bad that could be in the wrong hands. On the plus side, if you like a rooted phone, it means you can root the OnePlus range without unlocking the bootloader too.
OnePlus has responded to the news, and explained in a forum post that users don't have anything to worry about as the app won't grant third-party apps full root privileges.
"Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is," a OnePlus staffer said in the post.
"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
"We've seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges.
"Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device," the staff member added. µ
So that's why she's smiling…
How many Zuckbucks to the pound?
Alexa, is this exploitation?