According to a Twitter user Elliot Alderson, some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which acts as a backdoor, giving people root access without the need for unlocking the phone.
Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. NowSecure suggested deleting the app to remove the chances of it being misused. But Elliot Alderson found that the tool could be exploited by hackers to gain root access to a device, essentially gaining backdoor access into it where they could then take over the phone.
The application in question is called 'EngineerMode, ' which is meant to be used in factories to confirm that the device is working properly. In a Twitter thread, the developer explained how he was able to gain root access and surprisingly, the app has been pre-installed on all current OnePlus phones, and on OxygenOS for OnePlus One.
The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more.
Getting root access to a smartphone allows a hacker to access "superuser" mode, making it extremely easy to inject malware with surveillance capabilities. The developer further added that he will publish an application for rooting OnePlus devices without unlocking. OnePlus co-founder Carl Pei tweeted that the company will study the claims made by the developer, according to The Mobile Indian.
Will it affect OnePlus 5T sales? He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain). At the time, OnePlus stated that the whole goal of collecting data was to improve the service.