OnePlus was in a bit of hot water earlier this month for collecting user data through OxygenOS and sending it back to the company, a practice it has since stopped. While that was deliberate, the company is again in the news for another problem with its devices, where a preloaded app can allow users to root their devices through a backdoor, without unlocking the bootloader.
The app, called EngineerMode, is not normally seen unless you ask to see the device"s system apps. It is provided to OEMs by Qualcomm engineers to allow them to test their devices. It has been found on the OnePlus 5, as well as the OnePlus 3 and 3T.
The app and the subsequent backdoor access was discovered by Twitter user Elliott Alderson (a reference to the Mr. Robot character), who then went into a lot of detail about how to gain root access to the device. Several hack sites have even published the password needed to get into a rooted ADB shell.
The inclusion of the app appears to be an oversight on the part of OnePlus, and company founder Carl Pei said the team is looking into it. A fix could come rather quickly, given that all that is needed is to delete the system app from the device. If it was overlooked, it is likely the upcoming 5T would have it also, which would necessitate removing the app before the device ships on November 16.
If hackers wanted to get into your phone, they would need physical access to it, so if you have any OnePlus devices, just keep them away from any of your playful tech-savvy friends until the app is officially removed.
Update: One Plus issued an official statement about the backdoor and the app, saying it plans to remove ADB root functionality from the app:
"Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don"t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA."
Update 2: It appears Qualcomm is distancing itself from the EngineerMode app, saying it is no longer the program that it used to be. According to a company spokesman:
“After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm. Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided.”
The changes likely were made by OnePlus, given that the company has said it will remove the ADB root function from the app, rather than deleting it altogether from devices.
Original source: XDA Developers