OxegynOS has a secret data collection and logging service!

Search This thread

shirohige4

Member
Sep 10, 2012
11
2
Hey guys, so, I don't know if you have already discussed this matter or not, but,
I just found out that OxygenOS has some service called ODM which collects data and logs etc, and submit it to the company! the service has the Package name of ‏net.oneplus.odm.


23DuABI.jpg
 

gohan040

Senior Member
May 14, 2011
230
115
Eindhoven
Isn't that mostly used for sending log files to them in case of reporting issues? Do you know for sure that this is sending information outside of when the user specifically accesses this app?

Specifically referring to this:
https://forum.xda-developers.com/showthread.php?p=73320816

Sent from my ONEPLUS A5000 using Tapatalk

Nope... OnePlus is collecting way to much and often.
https://www.chrisdcmoore.co.uk/post/oneplus-analytics/

http://www.androidpolice.com/2017/1...ounts-personally-identifiable-analytics-data/
 

CaptShaft

Senior Member
Dec 2, 2013
123
86
Vinnlund
What a bunch of diqfuqs. Not surprising at all. At lot of these chinese smart phone companies think it's cool to spy on the userbase. AdUps anyone?

Apparently "Never Settle" really just means "We're going to bend you over for all that sweet, sweet Big Data, you peons!"

FYI, from the link above this sends off the to the mothership:

Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.

I seriously doubt there's any mention of this in their "terms of service".

The specific APK I'm seeing which is responsible for this is called Insight Provider, at least on my OOS-based ROM. If rooted, you can simply disable it with Titanium Backup. Ideally you should uninstall it and be done with it permanently.

Also, open.oneplus.net should be added to your AdAway blacklist, post haste.

If not rooted, you have to turn on ADB in developer options and run the following command from your ADB console:

Code:
adb start-server
adb shell
pm uninstall -k --user 0 net.oneplus.odm

ROM-makers: You might wish to pull this module from any OOS ROM's you are making in the days ahead. That will clear the air for us going forward.

---------- Post added at 09:14 PM ---------- Previous post was at 09:12 PM ----------

Is Lineage more secure privacy wise?

LineageOS is quite a bit better in a lot of regards. It is stripped down AOSP to the bare bones, no bloatware, and you have the option of built-in root functionality plus a Privacy Guard, which lets you restrict what apps can access or do what with your phone.

Even our OOS custom roms don't have the last part, sadly. :(

EDIT:

more info here:

https://www.bleepingcomputer.com/ne...lets-os-maker-tie-phones-to-individual-users/

https://news.ycombinator.com/item?id=15441430

https://twitter.com/JaCzekanski/status/917691128807395328
 
Last edited:

OcazPrime

Senior Member
Mar 30, 2016
449
108
Is Lineage more secure privacy wise?

Yeah, im almost 100% certain that lineage only rips the drivers for the device's hardware so that the fingerprint and camera and junk can work with their customized OS.

---------- Post added at 03:39 PM ---------- Previous post was at 03:23 PM ----------

so upon checking my system apps, does OnePlusLogKit have something to do with it as well? Its currently cached on my phone and the name suggests it has something to do with it this collection.
 

Devhux

Senior Member
Mar 1, 2008
1,683
471
The LogKit is how they get people to send in logs when problems arise.

Seems not the same as this analytics stuff

Sent from my ONEPLUS A5000 using Tapatalk
 

heov

Senior Member
Jun 21, 2007
144
48
Does this affect OP5? This issue is from 2016. I do t see the analytics service running on my OP5.

The article is about the OP2.
 

LimitsX

Senior Member
Nov 14, 2010
868
144
im on FreedomOS 1.8, i first disabled the device manager services. Then completely deleted the folder and rebooted phone.

Permanently done with it. It's good to have a rooted phone lol
 

Mu009

Member
Dec 26, 2016
26
13
Jabalpur
Any issues after deleting?

im on FreedomOS 1.8, i first disabled the device manager services. Then completely deleted the folder and rebooted phone.

Permanently done with it. It's good to have a rooted phone lol

I'm rooted too.
I've moved the folder out from system for now (just in case it breaks something else), and I'm rebooting.
But if you had no worries deleting the bastard completely, I'd be more than glad to do that myself.
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,899
1,773
Does this affect OP5? This issue is from 2016. I do t see the analytics service running on my OP5.

The article is about the OP2.

of course, it affects O+5

---------- Post added at 07:16 AM ---------- Previous post was at 07:15 AM ----------

I'm rooted too.
I've moved the folder out from system for now (just in case it breaks something else), and I'm rebooting.
But if you had no worries deleting the bastard completely, I'd be more than glad to do that myself.

/system/priv-app/OPDeviceManager ?
 

Mu009

Member
Dec 26, 2016
26
13
Jabalpur
/system/priv-app/OPDeviceManager ?

Yes, I moved the folder out of /system, and in to/sdcard.
That way, if something got broken, I could simply restore the folder and then use magisk to block the process.
But since nothing seems to be broken comma and this is a more powerful fix in brackets so to speak, I prefer it.
 

bartito

Inactive Recognized Developer
Dec 1, 2005
3,899
1,773
I have removed 2 folders

Code:
/system/priv-app/OPDeviceManager
/system/priv-app/OPDeviceManagerProvider

and all seems working fine...

Yes, I moved the folder out of /system, and in to/sdcard.
That way, if something got broken, I could simply restore the folder and then use magisk to block the process.
But since nothing seems to be broken comma and this is a more powerful fix in brackets so to speak, I prefer it.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    What a bunch of diqfuqs. Not surprising at all. At lot of these chinese smart phone companies think it's cool to spy on the userbase. AdUps anyone?

    Apparently "Never Settle" really just means "We're going to bend you over for all that sweet, sweet Big Data, you peons!"

    FYI, from the link above this sends off the to the mothership:

    Amongst other things, this time we have the phone’s IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, as well as my wireless network ESSID and BSSID and, of course, the phone’s serial number. Wow, that’s quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities.

    I seriously doubt there's any mention of this in their "terms of service".

    The specific APK I'm seeing which is responsible for this is called Insight Provider, at least on my OOS-based ROM. If rooted, you can simply disable it with Titanium Backup. Ideally you should uninstall it and be done with it permanently.

    Also, open.oneplus.net should be added to your AdAway blacklist, post haste.

    If not rooted, you have to turn on ADB in developer options and run the following command from your ADB console:

    Code:
    adb start-server
    adb shell
    pm uninstall -k --user 0 net.oneplus.odm

    ROM-makers: You might wish to pull this module from any OOS ROM's you are making in the days ahead. That will clear the air for us going forward.

    ---------- Post added at 09:14 PM ---------- Previous post was at 09:12 PM ----------

    Is Lineage more secure privacy wise?

    LineageOS is quite a bit better in a lot of regards. It is stripped down AOSP to the bare bones, no bloatware, and you have the option of built-in root functionality plus a Privacy Guard, which lets you restrict what apps can access or do what with your phone.

    Even our OOS custom roms don't have the last part, sadly. :(

    EDIT:

    more info here:

    https://www.bleepingcomputer.com/ne...lets-os-maker-tie-phones-to-individual-users/

    https://news.ycombinator.com/item?id=15441430

    https://twitter.com/JaCzekanski/status/917691128807395328
    4
    Hi guys!! Carl Pei put out a brief statement on this affair which you can see below.

    https://forums.oneplus.net/threads/lets-talk-about-oxygenos-analytics.654820/

    However he's a very busy man - he's off to get his pedicure right now - so he's asked me to step on in and fill in a few details which he may have inadvertently left out of his statement. I've done so below. Please enjoy.

    Carl Pei said:
    Bros, homies, pals, buddies, & assorted chumps:

    Carl Pei said:
    We take our users - and their data privacy - very seriously.

    Where have we heard this standard PR opening line before? Equifax? Target? Home Depot?

    Carl Pei said:
    We want to take this opportunity to tell you a little more about data collection on OnePlus devices; explain what we are collecting and why; and map the changes we will make going forward to address your concerns.
    Translation: We got caught with our grubby hands in your big data cookie jar, and were sorry we got caught.
    We had a good thing going on for a while, and you jabbering malcontents purposely ruined it all for us here at my fine company. Were big into Big Data - you little peons are the "product," after all - and now you woolly-headed numbskulls have trashed all my fine work. Thanks, thanks a lot.

    Carl Pei said:
    While data collection is a standard industry practice,

    Everybody else's doing it so we're going to do it as well. What's good for the goose, and all that…

    Carl Pei said:
    we realize that our users have the right to understand how and why it is done.

    We care so much about your petty "rights" that we somehow neglected to tell you the whole details of this entire data collection shenanigan before we rushed the product out the door and shoved it before your beady little eyes. But, hey, it's cool, right? No harm, no foul, right? "Mistakes were made," as Nixon said one time, remember?

    Carl Pei said:
    Please know that we take this matter seriously and will proactively take steps to improve going forward.

    In fact take it so seriously we just didn't seriously take it seriously enough to seriously do something about it ahead of time. No one in our head office ever thought that your personal data being thrown around like this, without the slightest hint of anonymization, salting, hashes, etc., would cause anyone to get their pantyhose tied in a knot. But as I said before, hey, these things just send a happen. All by themselves, apparently.

    Carl Pei said:
    OnePlus devices using OxygenOS securely transmit analytics in two different streams, usage analytics and device information.

    Had you given us your government personal identification number, mother's maiden name, and bank account information, we would've "securely" transmitted all that as well. Why didn't you tell us that ahead of time?

    Carl Pei said:
    The reason we collect usage analytics through the user experience program is so we can better understand general phone behavior and optimize OxygenOS for a better overall user experience. At any time, users can opt-out of usage analytics collection by navigating to 'Settings' -> 'Advanced' -> 'Join user experience program'.

    Thanks for letting me opt out, bub. Why was I no asked to opt-in in the first place?

    Carl Pei said:
    The reason we collect some device information is to better provide after-sales support. If you opt out of the user experience program, your usage analytics will not be tied to your device information.

    Nobody in this world ever figured out a way to support any device after sales without collecting this sort of in-depth information ahead of time. Nope, there's just no way to do it with this kind of product. Or with any product, really. We couldn't bother to ask you say, when you purchased it, what your order number was, would your email is, etc., to provide any sort of "support."

    And rest assured, when we say "support" we don't mean the typical level of Dell-type "support" where you're talking to "Joe" or "Sally" in India, or stuck navigating through an endless series of phone menus – Push 2 for this option - before reaching a "customer service representative" which politely apologizes and then says, apparently it's something you've done or it's a problem with your phone after you've used it.

    No, we would never do anything like that. We're better than them. "Never Settle" and all that jazz…

    Carl Pei said:
    We'd like to emphasize that at no point have we shared this information with outside parties. The analytics we're discussing in this post, which we only look at in aggregate, are collected with the intention of improving our product and service offerings.

    That's really heartwarming, Carl. I can't tell you how happy that makes me. BTW, how do you know if you've been hacked? Would you tell us the truth if the government politely "requested" this data from you in the name of "stopping terror"? Would you tell us the truth if you turned around and sold all the data to multiple ad agencies?
    Does "improving our product and service offerings" includes serving up targeted advertising? Also, what "service offerings" those OnePlus offer the end-users, exactly? If were just buying hardware from you, what's the "service" we're getting which we just can't live without?
    How critical is it to "improve service offerings" by collecting things like Wi-Fi network names, MAC addresses, and IMEI / phone serial numbers? How does that help you or me in any way shape or form?
    Can anyone in this world gets serious answers to these questions without getting the runaround from you or your company?

    Carl Pei said:
    By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program.

    There was some reason why we didn't bother to ask you this beforehand but, huh, it kinda slips my mind now. Can't think of why you weren't asked before all this collection started in the first place. Oh well, it can't be that important. Moving along…

    Carl Pei said:
    The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.

    Why then were you collecting it in the first place? What is this do for users?

    Carl Pei said:
    We take privacy very seriously and do not share analytics with third parties.

    Promises, promises. Don't all these other companies in a similar situation say exactly the same thing?

    Carl Pei said:
    Our intention has always been to better serve our users.

    …to ad networks on a silver platter. Or: https://www.youtube.com/watch?v=NIufLRpJYnI

    Carl Pei said:
    Looking ahead, we will continue working directly with our users to do so. We appreciate your patience and feedback.

    Please however, don't bother me with your petty complaints in the near future. My stock options were surging right before this entire story broke, and now you whining small-town pissants ruined it all for me. I hope you're all happy with yourselves.

    Well, continue to buy my products, and in the near future try to keep your mouths shut and stop whining. Now, I'm off to get the ski slopes. Keep it quiet down there.

    Thanks & XOXOXO!!
    Carl
    3
    I have removed 2 folders

    Code:
    /system/priv-app/OPDeviceManager
    /system/priv-app/OPDeviceManagerProvider

    and all seems working fine...

    Yes, I moved the folder out of /system, and in to/sdcard.
    That way, if something got broken, I could simply restore the folder and then use magisk to block the process.
    But since nothing seems to be broken comma and this is a more powerful fix in brackets so to speak, I prefer it.
    2
    Hey guys, so, I don't know if you have already discussed this matter or not, but,
    I just found out that OxygenOS has some service called ODM which collects data and logs etc, and submit it to the company! the service has the Package name of ‏net.oneplus.odm.


    23DuABI.jpg
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone