OnePlus Leaked User Email Addresses Caused By Security Flaw
OnePlus has seen a great degree of success in the global market, especially India. The smartphone manufacturer is cementing its place with various critically acclaimed devices. However, A new report uncovers a critical flaw in OnePlus’s various devices that are widely known and owned. The Chinese company has allegedly had its user’s email addresses leaked by a security flaw.
Every new device carries (by default) the ‘Shot on OnePlus’ app that has a security flaw that revealed email addresses of several hundreds of its user base. The aforementioned application provides a platform for OnePlus users to upload that can be used and seen by other customers globally. However, it was discovered that the API that enables the link between OnePlus servers and the app was allegedly leaking email addresses associated with photo submissions.
The company was made aware of the flaw in May and has since patched the mistake but more changes have yet to be made for a complete fix. This app can be accessed through the Wallpapers selection menu and asks users to log in with their email addresses to upload images. The selected pictures that get publicized on the company’s website were found to have an easily accessible API. This API required an unencrypted key to retrieve an access token that allowed anyone to view email addresses of original uploaders.
The API was hosted on the OnePlus official website and the company is not sure of how long the leak has existed. The company has started investigating the serious matter and are taking users reports received into account as well. Regardless of the fix, the API that got patched can still be bypassed, with an update for the same being worked on. OnePlus has reportedly obscured the email addresses available through the API by adding asterisks to its local parts.
No reports have yet surfaced that point at any sort of exploitation caused by the security flaw. This was not the first time the company has faced a security issue, facing criticism for storing user data without consent back in 2017 via OxygenOS. A bootloader vulnerability on the OnePlus 6 had also hit the headlines in the year 2018.
Just a couple of years ago a company named OnePlus was barely heard of apart from the odd enthusiasts. Now the smartphone manufacturer has seen widespread popularity and growth in sales, especially in India. The company had arguably started the trend of manufacturing premium-grade smartphones at relatively affordable prices. Hence, the company’s stance on security and privacy is integral for the “Never Settle” moniker.