The Shenzhen based Chinese smartphone manufacturer OnePlus allegedly has been collecting sensitive information on users without their consent from their devices. Interestingly, he found HTTPS requests being sent to a domain called open.oneplus.net. He decided to explore further.After decrypting the data, he figured out that OxygenOS's analytics is sending user data regularly to the OnePlus's AWS servers. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior.This transmission of usage activity can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The second stream is device information, which we collect to provide better after-sales support."

Source: Economic Times October 11, 2017 08:18 UTC