Clipboard data of OnePlus Chinese users is sending data to teddymobile servers

Search This thread

arka.b

Member
Jan 29, 2018
18
2
Mumbai
Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.

The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...

Details here: Pastebin Link
DUag0paXUAASbk2.jpg

DUafp1uW0AcGaDv.jpg


This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
DUalSGIWAAEEwPy.jpg


All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
DUaogJLXUAID0vc.jpg


As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
DUao8KzWAAI96cg.jpg


According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
DUauPKWW0AIVp4X.jpg


In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:

- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels

DUaw8YdVMAAxjsX.jpg


Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
DUayO9dWsAcwgID.jpg


This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
DUazebwXkAgnwB6.jpg


Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here

After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
DUfG5LTX4AAUzNm.jpg


This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
DUfFsvJW4AAROEt.jpg

DUfF9nNWsAEoA9L.jpg

DUfHMu_W0AEHpv0.jpg


The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
DUfJy0fX4AEaLUV.jpg

DUfJy1YWkAAYqEK.jpg


So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
noewUpL.jpg
 
Last edited:
  • Like
Reactions: benny3

arka.b

Member
Jan 29, 2018
18
2
Mumbai
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

Please read and inform yourself before spreading false information.

And god what is it with the massive font and broken OP ?
 

Lossyx

Senior Member
Jan 14, 2014
1,466
601
OnePlus 7T Pro
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

https://www.reddit.com/r/android/comments/7t6joy

https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
 
Last edited:
  • Like
Reactions: tids2k

tids2k

Senior Member
Apr 21, 2009
2,543
829
Sydney
I am eager too. but did someone including mods looked at thw screenshot i sent, is it a safe apk to have in the phone ?

---------- Post added at 02:17 PM ---------- Previous post was at 02:16 PM ----------

it seeks like the clipboard app was controversial. it has been removed in beta 3.
 

Paradoxxx

Senior Member
Aug 14, 2008
5,580
5,957
Krakow
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

I know who he is, I have seen this couple of days before you even posted here, and unlike you, I actually done some research on other website to find more info regarding this.

Please read AndroidPolice's article on this.
 

chas123

Senior Member
Oct 29, 2008
733
1,099
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.
 
Last edited:

Paradoxxx

Senior Member
Aug 14, 2008
5,580
5,957
Krakow
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.

yeah, right. Appreciate your concern!

To add on top of that, some people actually tried to trigger the application activities, and no contact to any server could be made.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.

    The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...

    Details here: Pastebin Link
    DUag0paXUAASbk2.jpg

    DUafp1uW0AcGaDv.jpg


    This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
    DUalSGIWAAEEwPy.jpg


    All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
    DUaogJLXUAID0vc.jpg


    As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
    DUao8KzWAAI96cg.jpg


    According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
    DUauPKWW0AIVp4X.jpg


    In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:

    - getAndroidID
    - getCPUSerial
    - getDeviceId
    - getHardwareSerialNumber
    - getIMEI
    - getIPAddress
    - getMacAddress
    - getPhoneNumber
    - getScreenPixels

    DUaw8YdVMAAxjsX.jpg


    Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
    DUayO9dWsAcwgID.jpg


    This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
    DUazebwXkAgnwB6.jpg


    Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here

    After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
    DUfG5LTX4AAUzNm.jpg


    This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
    DUfFsvJW4AAROEt.jpg

    DUfF9nNWsAEoA9L.jpg

    DUfHMu_W0AEHpv0.jpg


    The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
    DUfJy0fX4AEaLUV.jpg

    DUfJy1YWkAAYqEK.jpg


    So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
    noewUpL.jpg
    1
    False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
    I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

    Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

    https://www.reddit.com/r/android/comments/7t6joy

    https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone