<Thread> Hi @Oneplus
! Remember me? Let's talk about another debug app you left in your device.
OnePlusLogKit is a system application which allow you to do a multitude of things: get wifi logs, nfc logs, gps logspic.twitter.com/HvnErm8rXg
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
It's mean, if the persist.sys.assert.panic is set to true and persist.oem.wifi.debug to 1, every time you boot your device a wifi sniff log is created for examplepic.twitter.com/Qs6oygmx4Q
Or if persist.sys.assert.panic is set to true, the RecordNmeaService is launched. This service will create a file which store the history of your locationpic.twitter.com/w1jnlkiUsV
How easy is it to trigger this? 1. Tap *#800# in the dialer 2. Click on "Get Wireless log" 3. Done! You are in the OnePlusLogKit app. You can also send the intent: adb shell am start -n com.oem.oemlogkit/.OneClickLogKitMainActivity
Of course, all the logs are stored unencrypted in /sdcard/oem_log/pic.twitter.com/YOQbNsE7PE
To activate this recording all the time even after a reboot: 1. Tap *#800# in the dialer 2. Click on the "Assertion Toggle" button
This GrabOtherActivity is capable of dumping the media databases aka all your videos, imagespic.twitter.com/8C5uS87ePC
The decompiled source code of the OnePlusLogKit is available. Feel free to dig into it and share what you find https://github.com/fs0c131y/OnePlusLogKit …
So if I summarise: 1. By dialling a number and clicking on a button everybody can record your media, BT logs, Wifi logs, GPS logs,... 2. All this stuff are stored unencrypted in the sdcard 3. Any apps with the READ_EXTERNAL_STORAGE can read these files
cc @AndroidAuth @AndroidPolice @androidcentral @androidandme @Androidheadline @AndroidPolice @xdadevelopers @AndroidSPIN @Gadgets360 @TheHackersNews @verge @CNET @VICE @WIRED you can update/write your article
As far as I know, this logging is disable by default BUT any system apps (and there is plenty @OnePlus apps in the phone) can enable it. They only need to set persist.sys.assert.panic to 0 to log the location for example.
It's also possible that the files created by OnePlusLogKit are read and send to China by another @OnePlus app.
There is more. OnePlusLogKit is using another @OnePlus system application called LogKitSdService. This simple application is a only a service.pic.twitter.com/CNcGHAiGWf
This service is able to receive commands and make file operationpic.twitter.com/mB4pAIKf6j
The decompiled source code of the OnePlus LogKitSdService app is available: https://github.com/fs0c131y/LogKitSdService …
There is also a binary called oemlogkit located in /system/bin/ and it seems to do a LOT of stuffpic.twitter.com/hCFipXIwz2
If some of you want to join the party and give a help, the oemlogkit binary is available: https://github.com/fs0c131y/OnePlusBin/blob/master/oemlogkit …pic.twitter.com/AYtahjTavF
Coverage of the story by @BleepinComputerhttps://www.bleepingcomputer.com/news/security/second-oneplus-factory-app-discovered-this-one-dumps-photos-wifi-and-gps-logs/ …
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.