At the heart of the issue is the telemetry data OnePlus is collecting, the expansiveness of which some people feel is too great, plus the fact that certain bits of data could theoretically make it possible for the company to connect the particular user with the particular data collected.
While it may seem like a massive treasure trove of information that shouldn’t be leaving the phone, this sort of diagnostic and usage data is collected routinely, with rare exception, on smartphones. First of all, this was all demonstrated with Moores OnePlus 2.
The data that OnePlus is accessing ranges from device information like the phone’s IMEI and serial number to user data like reboot, charging, screen timestamps as well as application timestamps.
Despite this being something that’s been happening for some time on OnePlus phones and that’s several months since first being discovered, users have just now been reminded of it and are (rightfully) concerned over just how much is being collected and what’s being done with it. Thats when another user on Twitter suggested he dig around on the OnePlus forums to see what he could find. He was able to decrypt the data (using the authentication key on the phone) which revealed that his OP2 was sending time-stamped information about locks, unlocks, and unexpected reboots. The app cant be turned off since it is part of the System, but it can be manually disabled every time the phone is restarted. More recently, someone discovered a workaround that will allow OnePlus users to disable OnePlus Analytics without having to root their devices. Unfortunately the same can not be said for OnePlus, where in a report by software engineer Christopher Moore (via Android Police), he has found that OnePlus has been collecting identifiable analytics data from its users, such as IMEI numbers, MAC addresses, mobile network names, IMSI prefixes, and serial numbers, just to name a few. These apps were found to be the OnePlus Device Manager and OnePlus Device Manager Provider.
In its defense, the company released a statement saying, “We securely transmit analytics in two different streams over HTTPS to an Amazon server”. This transmission of usage activity can be turned off by navigating to Settings – Advanced – Join user experience program. The second stream is device information, which we collect to provide better after-sales support.
There’s a chance this could break other functionality of the system, since Device Manager could be responsible for other tasks, so do this at your own risk.