Why did the OnePlus 3T’s Oreo beta send clipboard data to an Alibaba server?

0
360

  • A new app in the OnePlus 3T Oreo beta appeared after an update that brought the December security update.
  • The company said the feature was meant for a Chinese-specific build of their operating system.
  • The app is named “com.oneplus.clipboard” and it attempted to communicate with an Alibaba-owned server.

A user that goes by the name of v1nc recently posted on the OnePlus forums to say that a new system app was displaying odd behavior during the OnePlus 3T Oreo beta. Normally this wouldn’t be news, because it is a beta, after all, and the app doesn’t exist in stable builds of OxygenOS. But, according to v1nc, the app named “com.oneplus.clipboard” attempted to access the network to communicate with an outside server. The IP address points towards an Alibaba-owned server.

Android Police reached out to OnePlus for a statement. This is what it had to say:

Our OnePlus beta program is designed to test new features with a selection of our community. This particular feature was intended for HydrogenOS, our operating system for the China market. We will be updating our global OxygenOS beta to remove this feature.

According to that representative, the data was not stored “on any server.” They also claimed that “this feature is not uncommon for China users.”

Editor’s Pick

related article

OnePlus 3/3T users on OxygenOS 5.0.1 warned to uninstall FactoryMode

You might remember that in November, OnePlus updated the 3 and 3T to Android 8.0 Oreo. The update brought a bunch of new features and a few bugs, too. To squash them, OxygenOS 5.0.1 started …

This statement leaves us with almost as many questions as when we started. What was Alibaba doing with that data? If the company is going to the trouble of harvesting clipboard data, why wasn’t it being saved?  If the “feature” is only for HydrogenOS builds, how did it end up in an OxygenOS beta build just after the December security update was applied?

These are all questions that have answers, and we feel like OnePlus should be more transparent with its community on this issue. Right now, we have no idea what kind of impact selling this type of data has.  This issue could be (and probably is) a big nothingburger. But because OnePlus got caught doing it and released a vague statement, it’s raised concerns.

via Android Authority

January 11, 2018 at 09:11AM