1
android.uid.system does requests to open.oneplus.net

  1. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :
    Hi,

    I'm working with some networking stuff and found that android.uid.system does requests to open.oneplus.net. I guess it's the update channel.

    What's troubling me is that open.oneplus.net is only accessible via HTTP and redirects to a login.jsp, so I can only presume that there's an insecure login before the device gets the update information?

    EDIT:

    I did a quick check and it's not the update system. The update system requests information from i.ota.coloros.com along with:
    Code:
    {"version":"1","mobile":"ONE A2001","ota_version":"OnePlus2Oxygen_14.A.20_GLO_020_1608262242","imei":"1234561234561234","mode":"0","type":"0","language":"en","beta":"0","isOnePlus":"1"}
    So why exactly is the IMEI leaked with each update request?
     
    Last edited: Nov 7, 2016

    #1
    fulopke likes this.
  2. nen3i Honeycomb Nov 7, 2016

    nen3i, Nov 7, 2016 :
    yes the imei is not sent over an secured protocol, its sent via http everytime ...
     

    #2
  3. zamber Cupcake Nov 7, 2016

    zamber, Nov 7, 2016 :
    Yes, I noticed that. I'm more interested in what's the deal with open.oneplus.net though :).
     

    #3
    Aditya Rathee likes this.
  4. Aditya Rathee Gingerbread Nov 9, 2016

    Aditya Rathee, Nov 9, 2016 :
    The website says "Welcome to Open". Do share it you find something.
     

    #4
  5. moodlion Gingerbread Nov 9, 2016


    #5
  6. Dunnow KitKat Oct 14, 2017


    #6
  7. EmilienL Cupcake Oct 24, 2017


    #7
  8. rkemish Cupcake Nov 10, 2017

    rkemish, Nov 10, 2017 :
    So can you turn this off, I already have the "Join user experience program" setting off and I still see the connection couple of times a day. You should be able to turn this telemetry off.
     

    #8
  9. ascent Gingerbread Nov 10, 2017

    ascent, Nov 10, 2017 :
    So what kind of information is sent to that site exactly and how often?
     

    #9