Become a fan of Slashdot on Facebook


Forgot your password?
Android Privacy Security

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices ( 73

Catalin Cimpanu, writing for BleepingComputer: Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers. The app was discovered by a mobile security researcher who goes online by the pseudonym of Elliot Alderson -- the name of the main character in the Mr. Robot TV series. Speaking to Bleeping Computer, the researcher said he started investigating OnePlus devices after a story he saw online last month detailing a hidden stream of telemetry data sent by OnePlus devices to the company's servers.
This discussion has been archived. No new comments can be posted.

OnePlus Phones Come Preinstalled With a Factory App That Can Root Devices

Comments Filter:
  • by CptLoRes ( 4510239 ) on Tuesday November 14, 2017 @10:12AM (#55546711)
    Seriously no joke. Once you have gotten used to a rooted phone features like full file access etc, there is no going back.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Going from the Nexus4 running LineageOS to a Nexus6P, I stopped rooting. Stock Android had become "good enough" for what I wanted and the only thing I was "missing" was arrow keys in the navbar to move the cursor, which you're now able to turn on through ADB.

      But yeah, reading the headline I thought it was describing a feature, not a complaint. I was thinking "that sure is convenient that they can just press a 'be rooted' button in an app and not need to use a PC"

    • by alexo ( 9335 )

      Serious question:

      I have an non-rooted Nexus 5 which I've been quite happy with, as it does what I want it to do.
      Unfortunately, Google no longer offers security updates for the phone, so I guess that my best option going forward is to root it and install Lineage or some other ROM.

      What would be the most straightforward and least painful way of going about it? I understand that backup can be a problem.


    • Sure is! Can't wait until every cop who pulls you over clones your entire phone with the backdoor!

  • Awesome! (Score:5, Insightful)

    by Opportunist ( 166417 ) on Tuesday November 14, 2017 @10:15AM (#55546717)

    No longer you have to tinker around and find an app you can install to root your device, now you can root it out of the box, delete the app to root it and you have a rooted device.

    And even one where OnePlus cannot complain about you voiding your warranty by rooting it. Because who said you did it and not some malicious actor, using what they themselves handed to him?

    • by Anonymous Coward

      OnePlus don't invalidate warranties for rooting anyway.

  • Oneplus X (Score:4, Interesting)

    by ichthus ( 72442 ) on Tuesday November 14, 2017 @10:20AM (#55546739) Homepage

    I have an X, and I love it. The first thing I did after taking it out of the box was install TWRP and Cyanogen. Currently running LineageOS 14.1. Aside from the so-so camera, this is a great phone.

    • Same. Lineage OS on my OPO; looking at Resurrection Remix for OnePlus 5.
      • by Anonymous Coward

        posting AC to protect moderation

        Oneplus One here with LineageOS ( and except for compass calibration it runs better than it did with original firmware. And I can have current security patch level within a week

  • Exists on OnePlus 3T (Score:4, Interesting)

    by chill ( 34294 ) on Tuesday November 14, 2017 @10:25AM (#55546777) Journal

    This exists on my OnePlus 3T. When listing apps on the phone, there is an option to Show System Apps. You need to turn that on to see EngineerMode.

    "Test Root" is one of the many functions it offers from the main screen. I don't see a way to *gain* root without using the adb command.

  • by ( 3412475 ) on Tuesday November 14, 2017 @10:42AM (#55546865)

    Let's get some facts straight:

    System apps are (or can easily become) root by design, so they can do a lot of things other apps can't. This is true for ANY OEM ROM since the anals of Android - preloaded apps are signed with developer keys, so they get API and Linux system privileges.

    System apps chose to perform anything they want, silently. They don't need to ask permission through UI for stuff like Runtime.exec("su"..., or access protected/secured Android API - they just do it. And even if they don't do it from factory, OEMs like Samsung can just put in place a system-level updater that force app updates (they do this actually with samsung store), and eventually turn system apps into something they originally were not.

    Now, Oneplus having an app, a preloaded one at that, which enables third-party apps to have root access is effectively unusual. I am indeed surprised Google sanctioned a ROM with such a feature, because Google does not want typical users circumventing most things Google Play, which can be done with root (common examples are adblocking through hosts files, or changing device properties such as for overclocking) . But then again, this feature is nothing special from a security standpoint. You will still get prompted by the OS whenever an app requests root even after this app turns root on for third-parties.

    So, what kind of exploit can be attained from this kind of app in OnePlus devices? Is there anything different than what you could with an app that is signed with dev keys and already has root access? If an actor is managing to trigger root through the EngineeringMode app automagically, he likely also can do similar stuff with system apps that do NOT allow root to thrid-party apps. They are already injecting code or input after all, they can very well go the extra mile and do it all at once. Why bother escalating another app when you're already in control of an escalated process?

    • by ( 3412475 ) on Tuesday November 14, 2017 @10:44AM (#55546877)

      I just want to add the fact that before Samsung, Google Play itself updates without user prompt as soon as you get internet. The very first app that was self-updatable, and such an update is unblockable, is Google Play and Google Play Services themselves.

    • What kind of insane dystopia is it, where even geeks do not question paying for computers that they do not control?
      • Indeed. Maybe my comment read otherwise, but I completely with you. Unfortunately this is becoming standard, and Android is just one example. Windows Home and it's snooping, it's Administrative Templates who nobody really cares about (wasn't regedit enough of a hassle?), it's unblockablae, P2P-based updates that will work on caped networks as long as one PC in the network has the update; Amazon and it's Kindle Fires and their closed stores; Apple...oh Apple; And Cloud services and storage - that is the drea

    • I am triple posting just to make one thing very clear: Google, Samsung, and whatever OEM has an app that self-updates or that updates other apps unnatendedly, and most of all, without an opt-out setting, has a backdoor built-in. I'm gonna make it short and bold:

      • Any Android device with Google Play Services can potentially have a backdoor pushed at Google's discretion.
      • Same for Samsung's discretion, on any device with Galaxy Apps preinstalled (or whatever it's called this week), only by Samsung.
      • Same for
    • by Hentes ( 2461350 )

      According to the article this "vulnerability" can only be exploited through adb which pretty much limits it to cases where the attacker already has physical access to the device.

      • Which in turn means dev options must be on, for which the OnePlus must be unlocked (screenlock-dismissed) to do so if not already. I'm also assuming it will need to allow the adb-triggering device to be authorized for adb on first prompt, again only doable on an unlocked OnePlus unless the attacker also has the user's PC.

        When a phone doesn't have security lockscreens in place, you can assume it's pretty much an open book - most installed apps such as gmail should have been "trusted" by now, and 2-factor aut

  • UMIDIGI Crystal Settings>DeveloperOptions>Root (switch) then enter 12 digit code (copypaste) and press root. After 2 minutes you can get a rooted device!
  • From the article ... a hidden stream of telemetry data sent by OnePlus devices to the company's servers.

    When are we going to find out that this is a.) privacy violation; and b.) just dumb? Even if you can learn things about your users, even if that helps you, how is this better than talking to users? Asking questions? Getting honest feedback? Collecting telemetry is somehow ... dishonest. It's like you're lying to yourself, looking for a better picture, but what you're really getting is obfuscated view o
  • As we have found out in the past.
  • by Dishevel ( 1105119 ) on Tuesday November 14, 2017 @02:26PM (#55548693)
    This is what the owners of these phones WANT!
    They want full ownership over their device. Take you sensationalist bullshit and fuck off.
    • Actually, as I tried to explain in my comment, they are simply stating something for OnePlus hat actually also happens in any device. Any OEM can potentially covert one of its preloaded apps into a backdoor, or simply force installation of one signed with their keys, which grants them root.

      I believe this is called cherry-picking - in this case picking one OEM that does one (supposedly bad) thing, but not actually admiting everyone else can do the exact same...

      Every OEM app has root. Every OEM can turn your

      • It is almost like you are retarded. That App is there to give the owner of the phone, wait for it ....

        Ownership over their phone! There are some companies that restrict the, "Owner" from owning their phone. One Plus though gives you the power.

        Bitching at people for allowing you to control your own phone because someone else might use it makes you a fucking idiot at best.
        • I love the way I actually agreed with you, yet somehow you're so dumb, some might even say "almost retarded", to actually notice...

          If it wasn't clear: I APPRECIATE THE FACT ONEPLUS DOES THIS, AND MORE COMPANIES SHOULD ALLOW ROOT JUST LIKE SONY DID BACK IN 2011 BY JUST CLICKING A LINK. ...All I wanted was to make a fucking point that while OnePlus allows third-party, every other OEM also has the means to do it. In fact, they pretty much do it by preloading self-updater apps on their hardware such as Faceboo

          • Then don't start your reply post with "actually", which isn't often used when agreeing with someone. You caused this confusion. You used way more words than being straight to your point. You really don't have a point. Or the point that anyone CAN do this is immaterial, fucking talk about the others that do this NOW.

Competence, like truth, beauty, and contact lenses, is in the eye of the beholder. -- Dr. Laurence J. Peter