android.uid.system does requests to open.oneplus.net

  1. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :

    I'm working with some networking stuff and found that android.uid.system does requests to open.oneplus.net. I guess it's the update channel.

    What's troubling me is that open.oneplus.net is only accessible via HTTP and redirects to a login.jsp, so I can only presume that there's an insecure login before the device gets the update information?


    I did a quick check and it's not the update system. The update system requests information from i.ota.coloros.com along with:
    {"version":"1","mobile":"ONE A2001","ota_version":"OnePlus2Oxygen_14.A.20_GLO_020_1608262242","imei":"1234561234561234","mode":"0","type":"0","language":"en","beta":"0","isOnePlus":"1"}
    So why exactly is the IMEI leaked with each update request?
    Last edited: Nov 7, 2016

    fulopke likes this.
  2. nen3i Honeycomb Nov 7, 2016

    nen3i, Nov 7, 2016 :
    yes the imei is not sent over an secured protocol, its sent via http everytime ...

  3. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :
    Yes, I noticed that. I'm more interested in what's the deal with open.oneplus.net though :).

    Aditya Rathee likes this.
  4. Aditya Rathee Gingerbread Nov 9, 2016

    Aditya Rathee, Nov 9, 2016 :
    The website says "Welcome to Open". Do share it you find something.

  5. moodlion Gingerbread Nov 9, 2016

  6. Dunnow KitKat Oct 14, 2017