
OnePlus OxygenOS built-in analytics - os7borne
https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
======
mxstbr
TL;DR: OxygenOS tracks your every activity in every app, and there's no
settings to disable the tracking.

To get rid of it you have to uninstall the tracking app via adb: (no root
access needed)

    
    
      $ adb start-server
      $ adb shell
      > pm uninstall -k --user 0 net.oneplus.odm
    

Note: This requires adb to be installed, your phone to be connected and USB
debugging to be enabled.

~~~
tuxxy
I caught them doing this a while ago when I first got my OnePlus 3:

[https://twitter.com/__Tux/status/754085708843786240](https://twitter.com/__Tux/status/754085708843786240)

~~~
darklajid
You _are_ featured in the article with that exact tweet, right? :)

~~~
tuxxy
Haha, yeah. Jumped the gun and pasted the tweet while making breakfast before
reading it.

That was a bit surreal.

------
CharlesDodgson
I have absolutely no doubt there is some data centre in Shenzhen full of my
Huawei phone metrics! I think this is the biggest issue with android phones,
they are full of potential data leakages like this. Privacy is definitely a
concern and a pull factor to getting an iPhone again. There is a lot to be
said for a company that is focused on hardware and not on serving content to
that device. Then again it's also a reason to get a Pixel2, I feel I can trust
Google with my data more than some other android manufacturer or reseller.
Sure they'll serve me more adverts, but it's to some ends at least.

~~~
amelius
This makes me wonder: why can we have a top of the line desktop PC which is
totally libre, but not a smartphone? What has gone wrong?

~~~
api
Smart phones followed a very different path of evolution that was heavily
influenced by cell carriers. Apple had to fight really hard to get the iPhone
carried, and to do that they had to lock it down to comply with what I am sure
were a long laundry list of carrier demands.

This was the era of flip phones when carriers had full control. They really
didn't want to lose that control. I doubt a company smaller and less
influential than Apple could possibly have gotten a full-fledge computer of
any kind onto cell networks.

This led the entire mobile ecosystem down a path where the device is locked
down by design even though today carriers are less able to influence that.

Add to that the emergence of surveillance-driven advertising as a way to
monetize "free." It's very hard to compete with free (or subsidized) products.
Most people compare price vs feature set, not privacy or security. So there
was a huge economic incentive to turn phones into little surveillance devices
to siphon up data to be used to drive advertising.

Without surveillance capitalism most apps would cost money and phones would
probably cost a lot more.

~~~
sampo
> I doubt a company smaller and less influential than Apple could possibly
> have gotten a full-fledge computer of any kind onto cell networks.

In Europe, Nokia did it in 1996, 11 years before Apple's iPhone.

[https://en.wikipedia.org/wiki/Nokia_9000_Communicator](https://en.wikipedia.org/wiki/Nokia_9000_Communicator)

~~~
api
Europe has always had more open cell networks.

~~~
Feniks
This is true. In my country all phones have always been unlocked. Your mobile
operator just sends you a SIM card that you can then put in any phone you
want. Mobile operators don't mess with hardware. Thank god- OEM bloatware is
enough.

------
AndrewCHM
Google's is similarly excessive
[https://i.imgur.com/fWvV7R4.png](https://i.imgur.com/fWvV7R4.png)

Though I get the feeling google's approach of trying to desensitize me
(emailing me about how great I am for traveling to mcdonalds like a slob, and
gamifying my use of google maps, for example) instead of shamefully hiding it,
is a fair bit worse

~~~
Klathmon
Wait so google's approach of explicitly showing you the information they
gather is worse than hiding the information they gather?

~~~
MildlySerious
I wouldn't say worse per se, but it is bad in its own right for the reason the
parent comment stated.

If it's "normal" to track every step and shove it in your face, surely you
must be paranoid to not let them do at least some of that stuff.

I'm not saying there's no use for the data, and the services provided. It's
just the opt-out nature of invading my privacy that I personally don't approve
of.

------
pieter_mj
In this case there's a rootless solution using dns66 (the issue affects all
oneplus devices) :

[https://www.reddit.com/r/MovieHDLite/comments/5zfj9y/how_to_...](https://www.reddit.com/r/MovieHDLite/comments/5zfj9y/how_to_block_ads_in_apps_using_dns66_no_root/)

redirect server open.oneplus.net.

Ofcourse, it is likely many other android devices have a similar setup.

------
the_dege
I wonder if this is even legal in Europe (probably not in Germany).

~~~
mike-cardwell
This definitely feels like it would have a high chance of being illegal in the
EU.

------
mike-cardwell
This is why I have no desire to upgrade to a new Android device and why I put
my money into the Librem 5 project.

This data collection is beyond ridiculous and if it's not already illegal, it
should be.

~~~
gman83
Or just run LineageOS?

~~~
cyphar
There's are still many privacy problems with Android beyond just this. Lineage
has the proprietary Google Play Services (luckily they don't support SafetyNet
\-- one the most ridiculous breach of privacy and user's rights).

~~~
lgp171188
> Lineage has the proprietary Google Play Services

Lineage doesn't ship the proprietary Google Apps. It is up to the users to
flash it after flashing Lineage

------
snvzz
I own a oneplus3 device. Since I switched to LineageOS, it's faster, the
battery lasts way longer, and it doesn't even get warm on 3d games where it
got burning hot before.

The devices are a mixed bag, some of them are quite decent.

OxygenOS, however, is garbage.

~~~
482794793792894
Did you install the Google Play Services along LineageOS or not? Those by
themselves also already make a big difference in the aspects that you named...

~~~
snvzz
Yes, I did. Whatever is wrong with OxygenOS isn't due to Google Play Services.

------
rqs
It's funny how OnePlus Support _helping_ him to disable that application.

> OnePlus Support: Alright. Please try doing a hard reset
> [http://bit.ly/1TbY1RZ](http://bit.ly/1TbY1RZ) and see if there are
> improvements.

How this could help improve that situations at all? Do OnePlus Support Team
even read user's problem detail?

Very unprofessional I must say.

~~~
boomboomsubban
The question sounds enough like "how do I stop this app from eating data cap"
that running them through standard malware fixes makes sense. Tech support
deals with a lot of people that are terrible at wording their questions, so
you tend to look for key phrases and suggest easy fixes first.

------
boomboomsubban
I bought a OnePlus phone because I knew it had an unlocked bootloader, good
LineageOS support, and at least a small chance of someday being supported by
Replicant. OxygenOS sounded sketchy from the start.

------
KuiN

      > ping open.oneplus.net                                                                           
      PING hadoop-1219418324.us-east-1.elb.amazonaws.com 
    

Your phone usage data going straight into OnePlus' Hadoop cluster?

~~~
dkersten
Can we start sending it dummy data to make it useless?

~~~
WorkLobster
My guess is we'll need someone to provide OAuth tokens to spoof data for. Or
at the minimum, details on what fields are required by "/oauth/token" for it
to issue new ones.

------
tmikaeld
Anyone know what data iOS send to Apple?

~~~
princekolt
[https://www.apple.com/privacy/](https://www.apple.com/privacy/)

~~~
SimplyUnknown
The sales page is nice and all, but this is the page that matters:
[https://www.apple.com/legal/privacy/en-
ww/](https://www.apple.com/legal/privacy/en-ww/).

TL;DR: we collect the shit out of you and share it with third parties as we
see fit. If you disagree you will get a crippled experience

~~~
princekolt
Yes, but be careful:

> Personal information will only be shared by Apple to provide or improve our
> products, services and advertising; it will not be shared with third parties
> for their marketing purposes.

This goes in contrast with most tech companies such as Amazon and Google.
However, Apple does have the horrible clause:

> in the event of a reorganization, merger, or sale we may transfer any and
> all personal information we collect to the relevant third party.

This clause should be considered the antichrist of clauses, because it just
makes the entire policy void in case of a merger. Not that I see Apple being
acquired by anyone soon, but still.

~~~
ProAm
Does Apple define what 'Personal Information' is or encompasses?

~~~
SimplyUnknown
The EU does that for them. It's anything that can be traced to an individual.
Same goes for 'handling personal information'; it's literally everything you
can think of where PI comes into play.

------
pkrefta
Holy moly O_o.

Those kind of stories are keeping me back from buying any Android devices in
nearest future. Somebody might say that I can flash it with clean Android ROM
but that's great for people who have too much time :-)

~~~
SimplyUnknown
What other options do you have if you want a smartphone? I severely doubt that
other devices (most notably Apple) are any better. I think that if you don't
want this to happen you have to buy a dumbphone, which may or may not be an
option for some people.

~~~
jiggunjer
I'd settle for a dumbphone with WhatsApp and a solid browser. I miss having to
only recharge once a week.

~~~
rtkwe
To get a solid browser with a decent experience though you're going to pretty
much need most of a smart phone's performance anyways and most of the power
drain because you'll probably want a good screen and decent performance on the
browser so a good processor too. Dumb phones lasted so long because they had
really low power processors and beyond texting and calls there was no reason
to constantly interact with them so they could be in a really low power state
90% of the time.

------
zeveb
This is part of why Google's move to forbid users from installing SSL
certificates is so anti-security and anti-privacy: it disables the ability to
MITM one's own device in order to observe traffic.

I'd support regulation forcing Google to permit users to install our own root
CA certs.

~~~
sprayk
You can definitely install your own CA certs on Android.
[https://support.google.com/nexus/answer/2844832?hl=en](https://support.google.com/nexus/answer/2844832?hl=en)

Only problem is that you have to explicitly enable the use of custom CA certs
in your app, so it won't work with Google apps as you say.

Is there no other way to get at this traffic? Possibly something at the
application level, like throwing a debugger at the calls that are originating
the telemetry traffic?

~~~
zeveb
> Only problem is that you have to explicitly enable the use of custom CA
> certs in your app, so it won't work with Google apps as you say.

Or any other app doing nefarious things.

Enabling apps to ignore user-installed certs is flat-out evil an inexcusable.

~~~
pas
Evil, herp derp. It was done by malware, to steal user data, hence the change.

If you want to log Google data traffic, you have to put a CA cert into the
system cert store (needs root access).

~~~
zeveb
If a user installs malware from the Play Store, that's his fault, and it's
Google's fault for allowing that malware on the store. If he sideloads
malware, that's his fault entirely.

Preventing me from controlling my phone is evil. Preventing me from seeing
what the apps on my phone are doing is evil. If I wanted a padded room or a
walled garden, I'd be using iOS.

~~~
pas
Defense in depth.

Google can't catch everything from the Play store, hence the CA cert store
change.

------
nicolasbistolfi
This should have been asked when you're first booting up. I'll receive my one
plus in a few days and track whats going on. Transparency is always the best
path and supports that you've the best intentions.

------
basemi
I think (just a feeling) that every vendor and a lot of app devs is phoning
home collecting data. I'm using Netguard to block net access to most of apps.
On a rooted device I would use AFWall+.

------
melvintamray
The purpose of buying a OnePlus device is to get decent hardware for an okay
price (I have the 3T), and then take advantage of their unlocked bootloader
and the multitudes of highly functional kernels for it. Sultan's LineageOS
ROMs are quite nice and even include WireGuard. If you're not immediately
removing non-free OxygenOS when you receive your phone, you're most certainly
already doing it wrong, data collection or not.

~~~
darklajid
So, I owned the OnePlus One, two OnePlus 3T and currently run the OnePlus 5.

I always used CM (or LineageOS) before the 5, they never completed the first
setup once before I unlocked the bootloader, thereby reset to factory and I
flashed a different ROM right away. Right now I'm on the stock ROM (and
affected ofc) though.

Question time:

1) Do you use your camera? I had the feeling that everytime I went from stock
to CM/LineageOS I lost features and quality.

2) Why would you pick "Sultan's LineageOS ROM" (not trying to slight Sultan,
whoever that might be. I'm curious) instead of going with the official
LineageOS builds?

~~~
def-
At least for the OPO, Sultan includes the improved camera stuff that stock
LineageOS is missing.

------
victornomad
Is it different than any other Android from a different vendor? Android,
sadly, is a bit about that, grabbing data from the user in one form or
another.

~~~
jchw
Google is a bit about that. Android was about crushing Microsoft's mobile
strategy, ironically.

Still, it's not like Apple is really significantly better.

------
nocoder
This is really shocking, this data along with my google data can be used to
learn a lot more about the user like what i surf when, how much time i use my
mobile in office and what do i use it for. I am wondering if there is a way to
corrupt the data being sent by some way masking or sending gibberish data. For
me rooting is not an option because my office email will not work on a rooted
device.

~~~
orliesaurus
got you, bud: [https://www.xda-developers.com/uninstall-carrier-oem-
bloatwa...](https://www.xda-developers.com/uninstall-carrier-oem-bloatware-
without-root-access/)

------
JeromeShaw
It can be turned off, just turn off the"join users experience
program"in"advance"option,

------
ForHackernews
Does anyone know if Google or other companies collect similar data as part of
their background services on Android devices? What kinds of OS permissions
would a service need to monitor activity in other applications?

------
raresp
OK.. now what should I say about my Xiaomi "smart"phone?

------
Loofe
Hey how do i actually uninstall that ''thing'' so they cant track my data. I
am a noob :(

------
ProAm
Could you add a host file entry and send open.oneplus.net to 127.0.0.1?
Similiar to how DNS66 works?

~~~
orliesaurus
I did that as soon as I read the article...gonna check back later to see if it
worked

~~~
ProAm
Let me know. I added it too, how are you verifying it works? DNS66 logs? or
Network Connections app?

------
taobility
why no Tesla users complain against with them? [https://www.quora.com/Does-
Tesla-collect-data-from-the-cars-...](https://www.quora.com/Does-Tesla-
collect-data-from-the-cars-owned-by-Tesla-drivers)

------
loki22
Are similar services found in other more popular phones such as by Samsung or
LG?

------
Loofe
How do i actually stop this? im kind of a noob when it comes to this

------
ajjai
pathetic

------
HalfwayToDice
If this data collection is not declared in the user-agreement, then is it
illegal?

~~~
lokerfoi
Of course not. One of the reasons why this kind of industry popped out of no
where is because these kinds of things are not regulated. If they were,
targeted ads would be a much harder problem.

~~~
dkersten
I don't think this is legal in the EU. I suppose somebody has to complain to
the correct commission or sue to find out for sure though.

------
sgwealti
I'm a OP3 owner and I love my phone. I don't mind that they do this --
especially if it means that they can use the data to improve the OS/fix bugs
but they should clearly notify users that they do this kind of logging/data
gathering so that people can make an informed decision about the device they
are buying.

~~~
dom96
I'm an OP3T owner and I dislike my phone. This may just be the straw that
breaks the camels back for me. It would be fine if they asked me explicitly
whether I am happy for them to collect these statistics and to offer a way to
disable this, but as it is right now this is just unacceptable.

The more time I spend with this phone the more I believe that Apple aligns
with my interests more (plus their hardware is simply better). Sure, I'll
spend a bit more money but at least I won't have Google + OnePlus collecting
stats on what apps I use.

~~~
snvzz
OP3 owner, I love my device.

But I run LineageOS. It's far better than OxygenOS, which trouble knows no
end.

~~~
djhworld
Do you void the warranty if you install Lineage?

~~~
radium3d
No. You can relock your bootloader and reflash the stock rom provided by
OnePlus if you wish.

~~~
pas
Isn't there an eFUSE that gets set on the unlock?

~~~
radium3d
[https://oneplus.net/support/answer/will-rooting-or-
unlocking...](https://oneplus.net/support/answer/will-rooting-or-unlocking-
the-bootloader-void-my-warranty)

