<Thread> Hi @Oneplus
! Remember me? Let's talk about another debug app you left in your device.
OnePlusLogKit is a system application which allow you to do a multitude of things: get wifi logs, nfc logs, gps logspic.twitter.com/HvnErm8rXg
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
The decompiled source code of the OnePlusLogKit is available. Feel free to dig into it and share what you find https://github.com/fs0c131y/OnePlusLogKit …
So if I summarise: 1. By dialling a number and clicking on a button everybody can record your media, BT logs, Wifi logs, GPS logs,... 2. All this stuff are stored unencrypted in the sdcard 3. Any apps with the READ_EXTERNAL_STORAGE can read these files
cc @AndroidAuth @AndroidPolice @androidcentral @androidandme @Androidheadline @AndroidPolice @xdadevelopers @AndroidSPIN @Gadgets360 @TheHackersNews @verge @CNET @VICE @WIRED you can update/write your article
As far as I know, this logging is disable by default BUT any system apps (and there is plenty @OnePlus apps in the phone) can enable it. They only need to set persist.sys.assert.panic to 0 to log the location for example.
It's also possible that the files created by OnePlusLogKit are read and send to China by another @OnePlus app.
There is more. OnePlusLogKit is using another @OnePlus system application called LogKitSdService. This simple application is a only a service.pic.twitter.com/CNcGHAiGWf
This service is able to receive commands and make file operationpic.twitter.com/mB4pAIKf6j
The decompiled source code of the OnePlus LogKitSdService app is available: https://github.com/fs0c131y/LogKitSdService …
There is also a binary called oemlogkit located in /system/bin/ and it seems to do a LOT of stuffpic.twitter.com/hCFipXIwz2
If some of you want to join the party and give a help, the oemlogkit binary is available: https://github.com/fs0c131y/OnePlusBin/blob/master/oemlogkit …pic.twitter.com/AYtahjTavF
Coverage of the story by @BleepinComputerhttps://www.bleepingcomputer.com/news/security/second-oneplus-factory-app-discovered-this-one-dumps-photos-wifi-and-gps-logs/ …
Holyshit that's some breach of privacy right there
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.