You can open the EngineerMode app like this: 1. Open Dialer app 2. Dial *#*#83781#*#* If you swipe to the "HARDWARETEST" section, you will find the item "root check". Sounds like something interesting, no?pic.twitter.com/QWxdDbmbMO
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
You can open the EngineerMode app like this: 1. Open Dialer app 2. Dial *#*#83781#*#* If you swipe to the "HARDWARETEST" section, you will find the item "root check". Sounds like something interesting, no?pic.twitter.com/QWxdDbmbMO
This item is set to "rooted" if the method get_rootflag returns 1. This method is a native method defined in the jni_engineermode lib.pic.twitter.com/wcTpspt2W5
In the strings of libjni_engineermode.so we can find: - /data/misc/rootrecorder - [root_recorder] magic=%d\n - [root_recorder] rootflag=%d\n - [root_recorder] sprd magic verify pass.\n - [root_recorder] sprd magic verify failed.\npic.twitter.com/YlrgCMYykn
By disassembling the method get_rootflag we can see the following flow: 1) Open and read /data/misc/rootrecorder 2) Compare the value with 'ROOT' 3) Returns 1 if equals, otherwise 0pic.twitter.com/IhsyqA9g7R
As I didn't root my device yet, I can't write to /data/misc/rootrecorder
. Moreover, I didn't find any use of this backdoor in the limited part of the firmware I have. I will continue to dig 
It's just the mediatek Engineer Mode though? This is in every single phone that uses mediatek chips, and it's absolutely not a backdoor lmao
No there's no such options in MTK's Eng Mode, and there's no traces of anything exposed above (no match on "rootrecorder", etc... in it's source code) it's ARCHOS specific (seems like they yolo'ed their mtk EM app)pic.twitter.com/X8BWXoKJqp
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.