OnePlus May Have Accidentally Sent Clipboard Data to Chinese Server

OnePlus May Have Accidentally Sent Clipboard Data to Chinese Server

OnePlus has made a name for itself by selling inexpensive phones with top-of-the-line specs. You can buy a OnePlus 5T right now that compares well with a Galaxy S8 costing hundreds of dollars more. Sounds good, right? However, you might want to consider what OnePlus is doing on the security side. It’s been caught several times making basic errors, and it just happened again. The latest beta version of its custom “OxygenOS” Android build was sending user clipboard data to a server in China. Oops.

Yesterday, a user on the OnePlus forums noted that his OnePlus 3T (a phone released in late 2016) got a new system app in the latest beta build. Deep inside the Oreo-based software was “com.oneplus.clipboard.” The user’s firewall app reported this app was sending data to a server. It turns out the IP address is registered to Chinese megacorporation Alibaba. So, transmitting clipboard data to a remote server would be a very, very bad thing. Owners of this phone were understandably concerned.

According to a statement provided to Android Police, this app was only supposed to exist in builds of HydrogenOS. That’s the version of OnePlus’ Android software localized for the Chinese market. The clipboard app was mistakenly included in a beta build of OxygenOS for global devices. That raises the question: what is this app supposed to do in the first place? OnePlus has been vague on the details except to say “this feature is not uncommon for China users.” Maybe some sort of cloud clipboard syncing?

OnePlus May Have Accidentally Sent Clipboard Data to Chinese Server

Anyone who installed the beta on their OnePlus 3T has nothing to worry about, according to OP. A spokesperson says no user data was stored on any servers, but we’ll have to take that on faith. If it was transferred insecurely, it’s possible someone could have intercepted it. Although, it’s important to remember this was not a final version of OxygenOS. The only people affected are those who manually flashed the 3T’s open beta build of Oreo.

OnePlus says it is removing the clipboard app from its next beta release. Consider this a reminder that beta software is called beta for a reason. This error doesn’t seem as serious as it did at first, but this is starting to look like a pattern for OnePlus. It was only a few weeks ago users flagged the company for including a system debug app in OxygenOS that could grant root access and compromise security.

Continue reading

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive
Microsoft: Bethesda Games ‘Either First or Better’ on Xbox, Not Exclusive

Microsoft's Tim Stuart doesn't think the company will try to cut PS5 gamers out of future Bethesda titles. The company wants Xbox to be the best destination for its games, but not the only one.

Beyond Zoom: Virtual Gathering Spaces for the Holidays and Beyond
Beyond Zoom: Virtual Gathering Spaces for the Holidays and Beyond

Software is not yet available for a complete metaverse experience, but there are some promising new communication platforms that might provide an intermediate step between Zoom and a full-blown metaverse.

AMD Ryzen 5000 CPUs Will Soon Get Adaptive Undervolting
AMD Ryzen 5000 CPUs Will Soon Get Adaptive Undervolting

AMD will introduce its new Precision Boost Overclocking 2 feature, with adaptive undervolting, beginning in December. The feature will be limited to Ryzen 5000 CPUs.