Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.
A Twitter user, who goes by the name “Elliot Anderson” (named after Mr. Robot’s main character), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.
This APK comes pre-installed (accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.
You can also check if this application is installed on your OnePlus device or not. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list.
EngineerMode has been designed to diagnose issues with GPS, check the root status of the device, perform a series of automated ‘production line’ tests, and many more.
After decompiling the EngineerMod APK, the Twitter user found ‘DiagEnabled’ activity, which if opened with a specific password (It is “Angela”, found after reverse engineering) allows users to gain full root access on the smartphone—without even unlocking the bootloader.
Meanwhile, in order to protect themselves and their devices, OnePlus owners can simply disable root on their phones. To do so, run following command on ADB shell:
The Twitter user has promised to release a one-click rooting app for OnePlus devices using this exploit. We will update the article as soon as it is available.