OnePlus left a backdoor app installed on OnePlus 3, 3T, 5 that easily provides root


We understand that a small-ish company like OnePlus – relatively small compared to behemoths like Samsung, LG, and Apple – would probably make mistakes along the way. And make mistakes they did – with the recent OnePlus 5 a constant target of criticism. Now it has been discovered that the software team behind OnePlus’s OxygenOS has left an app in the OnePlus 3, OnePlus 3T, and OnePlus 5 that serves as a backdoor to gain root access.

The app called “EngineerMode” was recently discovered – and it’s supposed to function as a diagnostic app available for manufacturers to easily test hardware components of these devices. The problem is that once discovered and decompiled, the app has a feature that easily gives root access to the device even without unlocking the devices’ bootloader. In some ways, it’s pretty cool, but also a bit dangerous, eh?

The discoverer of the app had a problem. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices. With the help of some other Twitter users, the password was discovered, and now we have a legit root method that would not even require an unlocked bootloader.

It’s only going to be a matter of time before the aftermarket community goes after this. But on the other hand, we do hope that OnePlus patches this as well, because it is provides a legitimate backdoor to OnePlus 3, 3T, and OnePlus 5 devices.


via Android Community

November 14, 2017 at 12:07PM