While the root backdoor hasn't been verified in other devices yet, reports from Twitter indicate the APK was also found in Asus and Xiaomi devices.
Some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which reportedly acts as a backdoor, giving people root access without the need for unlocking the phone.
Dubbed "EngineedMode", the app has been created by Qualcomm to most certainly test out hardware, but OnePlus has taken it to itself to tamper with the app, customize it, and preload it on a plethora of devices, including but not limited to the OnePlus 5, OnePlus 3, and OnePlus 3T. The "Engineermode" is developed by Qualcomm for Snapdragon-powered devices to help the manufacturers in testing whether all components are working fine or not.
Root access was still hidden behind a password, but once that was cracked, that developer was able to obtain root access on the phone.
The app offers access to a number of tests and commands, including the ability to erase all data.
Root implies to the highest degree of access to an Android operating system that is usually deployed to safeguard the privacy of the user. Anderson says it's "too early to speak about a random app getting root access, but we are on the good tracks". The scary part is that it's laughably easy to run it with a simple command as well as the fact OnePlus has purposefully included it in the software builds of its devices.
He further claims that the company has intentionally left the backdoor on their devices. OnePlus co-founder Carl Pei tweeted that the company will study the claims made by the developer, according to The Mobile Indian.
Thanks for the heads up, we're looking into it.
Will it affect OnePlus 5T sales? Later, Pei confirmed in a blog post that OnePlus it will scale back on data collection on its devices. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain).