App on several OnePlus devices grants backdoor root access

OnePlus co-founder Carl Pei says that the company is "looking into" the presence of EngineerMode, assessing just how widespread the issue is and ways to prevent users from being subject to the security fault. If you have a OnePlus phone, you may be interested - and a little disturbed - to learn that the company is preinstalling an app that acts as a backdoor to root access.

According to one developer named as Elliot Alderson, OnePlus has an application called as "EngineerMode", which is basically used to check whether the unit is working properly or not in the factory.

In this app, the developer has found activity known as "DiagEnabled", if enabled with a specific password, grants the root access. The application is found on all OnePlus 3, OnePlus 3T, and OnePlus 5 devices, and is easily accessible through any activity launcher. The company claimed the data was simply for performance analytics but agreed to scale back what it collected. The app has the ability to diagnose Global Positioning System, check root status and perform a series of tests. Having root access essentially means the user has complete control over the device, including privileged control over features that would otherwise be locked up. With the help of a few cybersecurity experts, the required password was discovered, making rooting a OnePlus phone as easy as running a few commands. Of course, expecting the developers to unlock the bootloader for each device during its testing phases would be ridiculous, but its inclusion does pose security risks for everyday users.

We've also reached out to OnePlus for comment. The app is normally hidden until you tell Android to show system apps, so you might not notice it unless you went looking for it. Hopefully, that ends with an update that removes the app.

Vanessa Coleman

Comments