OnePlus phones have a backdoor entry app for root access, company promises fix

Some of OnePlus devices come with EngineerMode APK app pre-loaded on them, which reportedly acts as a backdoor, giving people root access without the need for unlocking the phone.

OnePlus smartphones including OnePlus 3, 3T and 5 can be rooted without unlocking the bootloader via EngineerMode APK app. According to a Twitter user Elliot Alderson,  OnePlus devices come with EngineerMode APK app pre-loaded on them, which acts as a backdoor, giving third-party apps potential root access without the need for unlocking the phone.

“Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…🤦‍♂️ This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices,” reads one of Alderson’s tweet. The app, developed by Qualcomm, has been essentially designed for OEMs to test hardware components or diagnostic tests on device. However, it can be exploited to enable backdoor rooting.

“If you have an OnePlus device, I’m pretty sure you have this app pre-installed. To check open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the app list to check,” Alderson said in another tweet.

OnePlus co-founder Carl Pei has acknowledged the issue, and insisted that the company is looking into it. “Thanks for the heads up, we’re looking into it,” Pei said on Twitter. It looks like the Chinese smartphone company has accidentally left behind the app on some of its smartphone units.

As Alderson pointed out users can actually go to their settings and see the app in the System apps option. According to the tweet, a user should take the following steps: Settings> Apps> Menu> Show system apps and search for EngineerMode in the list to check. If the app is present and running, there’s a backdoor entry available to the phone.

OnePlus also wrote a blogpost acknowledging the issue, but also said they don’t see it as a major security issue because it will not let third party apps get full root privileges until USB debugging is turned on by a user. In OnePlus phones, the company says the USB debugging mode is turned off by default.

OnePlus’ post says, “EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support. We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges.” 

The post adds that any root access will require actual physical access to the device. The company says they don’t see “this as a major security issue,” but it will remove “adb root function from EngineerMode in an upcoming OTA,” as users still have concerns.

This is not the first time that OnePlus has been accused of compromising privacy of its users. The company recently admitted to collecting personal information of users without their permission. Later, Pei confirmed in a blog post that OnePlus it will scale back on data collection on its devices.

<Thread> Hey @OnePlus! I don’t think this EngineerMode APK must be in an user build…🤦‍♂️
This app is a system app made by @Qualcomm and customised by @OnePlus. It’s used by the operator in the factory to test the devices. pic.twitter.com/lCV5euYiO6

— Elliot Alderson (@fs0c131y) November 13, 2017

If you have an OnePlus device, I’m pretty sure you have this app pre-installed. To check open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the app list to check

— Elliot Alderson (@fs0c131y) November 13, 2017

Thanks for the heads up, we’re looking into it.

— Carl Pei (@getpeid) November 13, 2017

OnePlus’ co-founder clarified that the company was collecting data to “better understand general phone behavior and optimize OxygenOS for a better overall user experience”.