android.uid.system does requests to open.oneplus.net

  1. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :

    I'm working with some networking stuff and found that android.uid.system does requests to open.oneplus.net. I guess it's the update channel.

    What's troubling me is that open.oneplus.net is only accessible via HTTP and redirects to a login.jsp, so I can only presume that there's an insecure login before the device gets the update information?


    I did a quick check and it's not the update system. The update system requests information from i.ota.coloros.com along with:
    {"version":"1","mobile":"ONE A2001","ota_version":"OnePlus2Oxygen_14.A.20_GLO_020_1608262242","imei":"1234561234561234","mode":"0","type":"0","language":"en","beta":"0","isOnePlus":"1"}
    So why exactly is the IMEI leaked with each update request?
    Last edited: Nov 7, 2016

    fulopke likes this.
  2. nen3i Honeycomb Nov 7, 2016

    nen3i, Nov 7, 2016 :
    yes the imei is not sent over an secured protocol, its sent via http everytime ...

  3. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :
    Yes, I noticed that. I'm more interested in what's the deal with open.oneplus.net though :).

    Aditya Rathee likes this.
  4. Aditya Rathee Gingerbread Nov 9, 2016

    Aditya Rathee, Nov 9, 2016 :
    The website says "Welcome to Open". Do share it you find something.

  5. moodlion Gingerbread Nov 9, 2016

  6. Dunnow KitKat Oct 14, 2017

  7. EmilienL Cupcake Oct 24, 2017

  8. rkemish Cupcake Nov 10, 2017

    rkemish, Nov 10, 2017 :
    So can you turn this off, I already have the "Join user experience program" setting off and I still see the connection couple of times a day. You should be able to turn this telemetry off.

  9. ascent Gingerbread Nov 10, 2017

    ascent, Nov 10, 2017 :
    So what kind of information is sent to that site exactly and how often?