OnePlus was quick to respond to the recent root backdoor found by a developer in its devices. We reported this issue yesterday, and Carl Pei, co-founder of OnePlus promised to follow up on this matter. The company has posted an explanation of the matter on its forums today.
In short, the company says that the “EngineerMode” apk can grant adb root, it won’t allow third part apps full root access. Even then, one would need the device itself, and USB debugging turned on for this to work. If this still concerns users, OnePlus will be delivering an OTA to remove the adb root function from the app. Below is the full response:
“Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.”