The dust has barely settled on OnePlus' private data collection issue, and already a new challenge has cropped up for the company. Now, a developer has confirmed that it's possible to obtain root access on OnePlus phones without unlocking them.
Basically, OnePlus devices contain an app called 'EngineerMode,' which is used for factory testing (to confirm whether or not the unit is working properly). There's an activity - dubbed 'DiagEnabled' - associated with this app, which if launched with the correct password will give you the root access.
So yes, if you send the command: adb shell am start -n https://t.co/yYfeX14Ioj.engineeringmode/.qualcomm.DiagEnabled --es "code" "password" with the correct code you can become root!— Elliot Alderson (@fs0c131y) November 13, 2017
And if you are thinking how did the developer get the password, it was with the help of some security experts.
The developer further claims that the Chinese company has intentionally left the backdoor in their devices.
The best thing in this story is the password. It's angela (see the reference?). This backdoor is here intentionally. When the fiction become a reality. Good luck @getpeid, you will need a very good explanation.— Elliot Alderson (@fs0c131y) November 14, 2017
cc @whoismrrobot pic.twitter.com/IJgsu6hCEc
For its part, OnePlus has confirmed that the company is looking into the claims made by the developer.
Thanks for the heads up, we're looking into it.— Carl Pei (@getpeid) November 13, 2017