Teddymobile app comes preinstalled by oneplus and had been added in OxygenOS Open Beta 2. This app is sending data to Teddymobile servers in China without users consent.
The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...
Details here: Pastebin Link
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:
- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels
Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
The OnePlus clipboard app contains a strange file called badword.txt ? In these words, you can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...
Details here: Pastebin Link
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txt
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile. TeddyMobile is a Chinese company, they worked with a lot of manufacturers including oppo. Their website http://teddymobile.cn/
As far it can be understood that teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%
According to the code OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods:
- getAndroidID
- getCPUSerial
- getDeviceId
- getHardwareSerialNumber
- getIMEI
- getIPAddress
- getMacAddress
- getPhoneNumber
- getScreenPixels
Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
Verify it yourself from the Oneplus clipboard apk available at koodous project. Link is here
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline.
This parserOnline will send what you have in your clipboard data to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.
The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 use cases!
So finally word of caution, whoever has installed OxygenOS Open Beta 2, there is a good chance your data is with Teddymobile right now.
Last edited: