New report claims that OnePlus was leaking user emails in its “Shot on OnePlus” app

Chinese companies have been under fire in the past for their leniency towards user privacy which has led to data leaks in the past. Now, 9to5google (via Android Authority) has published a detailed report exposing a critical flaw in OnePlus’s native Shot on OnePlus app that allows users to watermark their images.

The good news is that the flaw has been fixed by OnePlus but it doesn’t change the fact that OnePlus was leaking user emails. If you’re a OnePlus user, you might have noticed the Shot on OnePlus app that watermarks your images and allows users to share their images so the community can use them as wallpapers. The app can be accessed from the Wallpaper menu and allows users to submit their images as well. However, to submit the images, users will need to login in using their email IDs and those are stored by OnePlus. According to 9t05google, OnePlus was storing the APIs to access the data on open.oneplus.net. This meant that anyone with an Access Token could easily access the private data which shouldn’t see the light of day.

9to5google said they contacted OnePlus about the bug but didn’t hear back. The company did, however, fixed the API soon after. Unfortunately, they also revealed that the data was leaking since the app was first launched a couple of years back. Not only that, but OnePlus knew about the flaw since May but didn’t notify the public about the leak. OnePlus has patched the issue for the moment which should make it tough for hackers but not impossible. To completely fix the issue, OnePlus will need to rework the API from scratch and update the app accordingly for the changes to take effect.

Comments