OnePlus 5: OxygenOS 5.0.1 OTA Update to Android 8 Re-Introduces the Backdoor

Update 2018-01-27: Evidence for theft of data through clipboard

A couple of monts ago, I wrote about my OnePlus 5 mobile which had a backdoor pre-installed. It was covered in tech media and people had to manually remove the backdoor software themselves.

Yesterday, I installed the OTA-update which brought Android 8 to my OnePlus 5 OxygenOS.

Fun thing: after downloading the 1.6GB update and starting the update process, my usually really stable WiFi router had an issue. This resulted in a non-functioning WiFi. Right after the first boot with OxygenOS 5.0.1 I had no WiFi connection. Unfortunately, I thought this is related to the update. However, it could be resolved by a router reboot.

I just deleted my message on how the #OnePlus5 #OxygenOS 5.0.1 OTA update broke the WiFi. Truth is that during the upgrade(!), my WiFi router developed an issue 😒 which was resolved by a router reboot. 😎 Sorry #OnePlus! #coincidence — Screenshot from my Mastodon account.

Otherwise, the update went fine. However, I had to read that the backdoor I was mentioning before returned with a different app name. According to the article, EngineerMode is now called FactoryMode.

I had to disable the backdoor using the adb method again. In my case, the idProduct identifier changed with the update. This might apply to your side as well.

Theft of Secrets through Clipboard

There is evidence that the pre-installed software steals things like bank account numbers from your clipboard:

The @OnePlus #clipboard app contains a strange file called badword.txt 🤔 In these words, we can find — Tweet by fs0c131y with link to https://pastebin.com/kfvJWKJB

If this is true, OnePlus is totally dead to me.