This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txtpic.twitter.com/pqJgdGJyuj
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txtpic.twitter.com/pqJgdGJyuj
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile
TeddyMobile is a Chinese company, they worked with a lot of manufacturers including @oppo.
http://teddymobile.cn pic.twitter.com/A4SOJeqBw2
As far as I understand, teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%pic.twitter.com/KdQV4Zj1Xc
According to the code @OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
pic.twitter.com/Au0u1sdpNi
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods: - getAndroidID - getCPUSerial - getDeviceId - getHardwareSerialNumber - getIMEI - getIPAddress - getMacAddress - getPhoneNumbe - getScreenPixelspic.twitter.com/9A8UhsOXae
Except getIPAddress and getScreenPixels, all the other methods are used.
They also send JSON messages to their servers with a "telephone" and "messageText" fields...
pic.twitter.com/vuteISH0Tj
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
pic.twitter.com/U21J2jrXcN
I uploaded the @OnePlus #clipboard APK on @koodous_project
https://koodous.com/apks/2f8a01035e0409d1a44c5d658bac0ba4e900df6f017556ce07b33a6c5c9ffa99 …
I didn't manage to trigger the network communications to the teddymobile servers but I will continue later. Moreover, I have other ideas in mind regarding this app 
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline. https://twitter.com/fs0c131y/status/956945666898628608 …pic.twitter.com/RckQB4JVf3
This parserOnline will send what you have in your clipboard to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.pic.twitter.com/qrPuKSqdc6
So we can definitively say that clipboard data of @OnePlus Chinese users is send to teddymobile servers without their consent.
The conditions to send your data to teddymobile server are:
- clip data is not numeric
- not an email
- Chinese @OnePlus phone
- clipboard data matched the express pattern.
It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 usecasespic.twitter.com/Rp9HvZTF48
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.