Here’s one more finding that is going to keep OnePlus worried for some more time. A developer posted on Twitter today that OnePlus phones can be rooted without the need to unlock them. The dev also said that this was possible due to an app that OnePlus itself put on their phones.
Here the source code of the EngineerMode apk: https://t.co/0HXn7ueBF8. Feel free to dig on your own and share your findings!
— Elliot Alderson (@fs0c131y) November 13, 2017
The application is “EngineerMode” which is used to test to factory test the hardware. The app performs tests on GPS, root status, and other components. It can be found even on the OnePlus One with Oxygen OS.
According to the developer, you just need to launch the ‘DiagEnabled’ activity in the APK with a specified password. And that’s all. However, he did need help from some cyber security experts to discover the password.
The same developer also plans to launch an app to root OnePlus devices today itself. Of course, on the one hand, this is good news as the rooting process will get simplified. On the other, it can pose serious security risks too. Apps will still require ADB to root via this method. What is more alarming is that the dev has claimed that OnePlus has kept the door open intentionally.
Carl Pei, CEO of OnePlus has responded to the discovery, and has said the company is looking into it. It is expected that the “EngineerMode” app will be removed altogether through an update. Although they will have to patch this up fast as the cat is now out of the bag.