Clipboard data of OnePlus Chinese users is sending data to teddymobile servers

Search This thread
By:
Advanced…
A

arka.b

Member
Jan 29, 2018
18
2
Mumbai
Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.

The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...

Details here: Pastebin Link
DUag0paXUAASbk2.jpg

DUafp1uW0AcGaDv.jpg


This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
DUalSGIWAAEEwPy.jpg


All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
DUaogJLXUAID0vc.jpg


As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
DUao8KzWAAI96cg.jpg


According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
DUauPKWW0AIVp4X.jpg


In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:

- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels
DUaw8YdVMAAxjsX.jpg


Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
DUayO9dWsAcwgID.jpg


This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
DUazebwXkAgnwB6.jpg


Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here

After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
DUfG5LTX4AAUzNm.jpg


This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
DUfFsvJW4AAROEt.jpg

DUfF9nNWsAEoA9L.jpg

DUfHMu_W0AEHpv0.jpg


The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
DUfJy0fX4AEaLUV.jpg

DUfJy1YWkAAYqEK.jpg


So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
noewUpL.jpg
 
Last edited:
  • Like
Reactions: benny3
P

poiplemonkeespank

New member
Jan 27, 2018
4
2
Uh oh the hysteria! A tech company may be collecting information???? Never heard of that happening before...

Wasn't this already debunked over on Reddit?
 
Paradoxxx

Paradoxxx

Senior Member
Aug 14, 2008
5,584
5,959
Krakow
Please read and inform yourself before spreading false information.

And god what is it with the massive font and broken OP ?
 
A

arka.b

Member
Jan 29, 2018
18
2
Mumbai
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.

Paradoxxx said:
Please read and inform yourself before spreading false information.

And god what is it with the massive font and broken OP ?
Click to expand...
Click to collapse
 
L

Lossyx

Senior Member
Jan 14, 2014
1,561
853
OnePlus 7T Pro
Google Pixel 7 Pro
arka.b said:
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
Click to expand...
Click to collapse

https://www.reddit.com/r/android/comments/7t6joy

https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
 
Last edited:
  • Like
Reactions: tids2k
T

tids2k

Senior Member
Apr 21, 2009
2,740
955
Sydney
Google Pixel 6 Pro
I am eager too. but did someone including mods looked at thw screenshot i sent, is it a safe apk to have in the phone ?

---------- Post added at 02:17 PM ---------- Previous post was at 02:16 PM ----------

it seeks like the clipboard app was controversial. it has been removed in beta 3.
 
Paradoxxx

Paradoxxx

Senior Member
Aug 14, 2008
5,584
5,959
Krakow
arka.b said:
False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
Click to expand...
Click to collapse

I know who he is, I have seen this couple of days before you even posted here, and unlike you, I actually done some research on other website to find more info regarding this.

Please read AndroidPolice's article on this.
 
chas123

chas123

Senior Member
Oct 29, 2008
733
1,099
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.
 
Last edited:
A

arka.b

Member
Jan 29, 2018
18
2
Mumbai
Paradoxxx

Paradoxxx

Senior Member
Aug 14, 2008
5,584
5,959
Krakow
chas123 said:
The web is full of misinformation. The code is/was there. The fact that it was 'inactive' on US handsets means - exactly- doodily squat. If you know anything about linux code then you know that it wouldn't take very much for the proprietors of said code to 'activate'. Especially with the code being in ROM at a place where it is given any permissions they deem fit w/out the typical end-user's knowledge.

It was wise on op's part to remove it. They already have the credit card fiasco to deal w/.

Excerpts from the aforementioned AndroidPolice article:

- but the company says

-the company is wasting no time issuing a clear explanation of the situation

-According to OnePlus,

-So, it sounds like OnePlus' only mistake here was including files from HydrogenOS in the OxygenOS


Hardly a hard hitting piece that rises to the bar of journalistic integrity.
Click to expand...
Click to collapse

arka.b said:
yeah, right. Appreciate your concern!
Click to expand...
Click to collapse

To add on top of that, some people actually tried to trigger the application activities, and no contact to any server could be made.
 
You must log in or register to reply here.

Similar threads

Funk Wizard
  • Sticky
[OFFICIAL] OxygenOS Android 10 Open Beta 3 for OnePlus 5T (dumpling)
Replies
6K
Views
773K
Feedmeeeee
Feedmeeeee
Funk Wizard
  • Sticky
[OFFICIAL] OxygenOS 10.0.1 (Android Q 10.0) OTA for OnePlus 5T (dumpling)
Replies
4K
Views
658K
DrScrad
DrScrad
ganeshbiyer
Codename Phoenix For OnePlus 5/5T by siankatabg
Replies
3K
Views
255K
sjamie
sjamie
Funk Wizard
  • Sticky
OnePlus 5T: Unlock Bootloader | Flash TWRP | Root | Nandroid & EFS Backup & More !!
Replies
739
Views
267K
A
Alphadroid
Bradl79
OnePlus 5T Unbricking Tool
Replies
193
Views
143K
T
tropango

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 1
    A
    arka.b
    Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.

    The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...

    Details here: Pastebin Link
    DUag0paXUAASbk2.jpg

    DUafp1uW0AcGaDv.jpg


    This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
    DUalSGIWAAEEwPy.jpg


    All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
    DUaogJLXUAID0vc.jpg


    As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
    DUao8KzWAAI96cg.jpg


    According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
    DUauPKWW0AIVp4X.jpg


    In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:

    - getAndroidID
    - getCPUSerial
    - getDeviceId
    - getHardwareSerialNumber
    - getIMEI
    - getIPAddress
    - getMacAddress
    - getPhoneNumber
    - getScreenPixels
    DUaw8YdVMAAxjsX.jpg


    Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
    DUayO9dWsAcwgID.jpg


    This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
    DUazebwXkAgnwB6.jpg


    Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here

    After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
    DUfG5LTX4AAUzNm.jpg


    This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
    DUfFsvJW4AAROEt.jpg

    DUfF9nNWsAEoA9L.jpg

    DUfHMu_W0AEHpv0.jpg


    The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
    DUfJy0fX4AEaLUV.jpg

    DUfJy1YWkAAYqEK.jpg


    So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
    noewUpL.jpg
    View
    1
    L
    Lossyx
    arka.b said:
    False Information!! This looks like false information to you? Did you even bother to read all the technical explanation being mentioned here. Company will obviously deny the allegations saying it as baseless.
    I have mentioned everything step by step which are revealed by a renowned hacker Elliot Alderson‏ . Check his twitter bio - https://twitter.com/fs0c131y

    Apologies for the large fonts, corrected them. By the way, I am an Oneplus 5T user since Oneplus One.
    Click to expand...
    Click to collapse

    https://www.reddit.com/r/android/comments/7t6joy

    https://www.reddit.com/r/android/comments/7t6joy/_/dtaggn3
    View

New posts