Clipboard data of OnePlus Chinese users is sending data to teddymobile servers

arka.b

Member
Jan 29, 2018
18
2
0
Mumbai
Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.

The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...

Details here: Pastebin Link



This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt


All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/


As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%


According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile


In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:

- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels



Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...


This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...


Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here

After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.


This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.




The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!



So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
 
Last edited:
  • Like
Reactions: benny3

arka.b

Member
Jan 29, 2018
18
2
0
Mumbai
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

Please read and inform yourself before spreading false information.

And god what is it with the massive font and broken OP ?
 

Lossyx

Senior Member
Jan 14, 2014
1,396
552
133
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
https://www.reddit.com/r/android/comments/7t6joy

https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
 
Last edited:
  • Like
Reactions: tids2k

tids2k

Senior Member
Apr 21, 2009
2,543
829
0
Sydney
I am eager too. but did someone including mods looked at thw screenshot i sent, is it a safe apk to have in the phone ?

---------- Post added at 02:17 PM ---------- Previous post was at 02:16 PM ----------

it seeks like the clipboard app was controversial. it has been removed in beta 3.
 

Paradoxxx

Senior Member
Aug 14, 2008
5,580
5,956
0
Krakow
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
I know who he is, I have seen this couple of days before you even posted here, and unlike you, I actually done some research on other website to find more info regarding this.

Please read AndroidPolice's article on this.
 

chas123

Senior Member
Oct 29, 2008
733
1,099
133
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.
 
Last edited:

Paradoxxx

Senior Member
Aug 14, 2008
5,580
5,956
0
Krakow
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.
yeah, right. Appreciate your concern!
To add on top of that, some people actually tried to trigger the application activities, and no contact to any server could be made.