OnePlus’s ‘Shot On OnePlus’ App found leaking user data

Must Read

President Ram Nath Kovind appoints new governor for Kerala, Telangana, Himachal Pradesh and Maharashtra

President Ram Nath Kovind appointed new governors for Maharashtra, Kerala, Telangana, Rajasthan, and Himachal Pradesh on Sunday. Former Union Minister Kalraj...

NRC list for Assam released; Fear looms as 19 lakh people face exclusion

NRC (National Register of Citizens) for Assam has been published at 10 am today. The final list excludes over...

Lateral Entry Era Begins as Union govt. appoints 9 professionals to Joint Secretary posts

The government has appointed its first batch of private professionals to the post of Joint Secretary in various ministries....
Saurabh Joshi
Hey Guys!!! I am a regular Content Writer here and I bring to you the latest and the hottest Tech related news and blogs. I hope you enjoy reading my content and are learning something new everyday. Thanks and have a nice day!!!

According to a report by 9to5 Google, OnePlus has been leaking names and email addresses of hundreds of its users, through the ‘Shot on OnePlus’ application that allegedly carries a security flaw. The app offers you a place to upload photos taken by your OnePlus device to be featured as wallpapers by OnePlus users globally.

The leak was reported taking place because of a flaw which was communicated to the company in early May but hasn’t been completely patched despite a fix being rolled out.

“It is unclear for how long this leak was happening, but because OnePlus had no reason to make this data public after the application was out, we believe it was leaking data since its release — multiple years, at least,” the report notes.

Shot On OnePlus App

OnePlus didn’t initially respond to an email query from the publication but has now provided a statement stating, “OnePlus takes security seriously, and investigate all reports we receive.” Also, the company has silently made changes to the API to fix the flaw and also obscured the email addresses that were previously viewable. OnePlus phones have had a number of security issues in the past as well such as the backdoor issue in OxygenOS which allowed the company to collect sensitive user data back in 2017.

A key vulnerability in the API is a ‘gid’ which is an alphanumeric code used to identify a user. The gid has two parts which are two letters that mark whether a user is from China (CN) or somewhere else (EN) and a unique number like 123456.

As per the report “this ID is used by OnePlus’s API to find photos uploaded by a particular user or to delete them. It could also be used to get information about that user (name, email, country) and even update this information without any real security.”

The report also states that “OnePlus appears to be working on a fix for the API. At the moment, getting and modifying account information is blocked, with the following message appearing: Functionality upgrading, please try again later.”


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

Tropical storm forces cancellation of flights in Japan, S.Korea

Tokyo, Sep 22 (IANS) A powerful tropical storm was on Sunday moving towards the coasts of Japan and South...

Akshay shoots with Kriti Sanon’s sister for music video

Mumbai, Sep 22 (IANS) Actor Akshay Kumar on Sunday shot for singer B Praaks new single with actress Kriti Sanon's younger sister Nupur.It is...

Britney Spears: My sister inspired me to go dark

Los Angeles, Sep 22 (IANS) Singer Britney Spears says her younger sister Jamie Lynn inspired her to ditch her famous blonde hair and dye...

Will Smith defends his alcohol use

Los Angeles, Sep 22 (IANS) Hollywood star Will Smith got defensive when his wife and actress Jada Pinkett Smith confronted him about his alcohol...

BJP in a fix over candidates for UP bypolls

Lucknow, Sep 22 (IANS) The political temperature in Uttar Pradesh is rising since the announcement of dates for bypolls to its 11 Assembly seats....
- Advertisement -

More Articles Like This