There might be a serious problem on the horizon for OnePlus users. An app developer has discovered that it¡¯s possible to breach some of the company¡¯s smartphones and root them, without ever even unlocking the bootloader. All because OnePlus accidentally left an internal app in the phone¡¯s UI.
The app is called ¡®Engineering Mode¡¯, developed by Qualcomm and subsequently customised by OnePlus for use in their own phones. It¡¯s an app solely used for factory testing and should never have been removed before the devices left the factory. Unfortunately, it remained pre-installed in the OnePlus 3, OnePlus 3T, and the OnePlus 5.
Consequently, the developer that tweeted the warning realised that initiating one of the app¡¯s functions with the correct password grants root privileges to the person in control. This password was easy enough to obtain with the aid of a few cybersecurity experts.?
Basically, it means an attacker can get into your OnePlus smartphone with a password not under your control, and pretty much do whatever he/she wants. OnePlus co-founder Carl Pei has since tweeted saying the company has taken note of the issue and is investigating.
Hopefully it won¡¯t be too long before the company can roll out a patch to hotfix the loophole. In the meantime, there¡¯s not much else you can do except sit tight.