What you need to know
- It's reported that hundreds of emails were leaked through the Shot on OnePlus app.
- An unencrypted access key was used to access user information.
- Email addresses could be cycled through using an insecure gid.
Privacy is an ever-increasing topic of discussion in our world, with companies like Facebook and Google regularly coming under fire for slip-ups here and there. Now, it's OnePlus's time to shine as a report shows that it's been leaking names and emails for hundreds of users of its Shot on OnePlus app.
If you have a OnePlus phone, you're probably familiar with Shot on OnePlus. It can be accessed through the wallpaper selector, and if you upload a photo to it, you can share it with other OnePlus users for them to download.
According to 9to5Google, the API used to connect the app to OnePlus's server is highly unprotected. The API is hosted on open.oneplus.net, and to access its information, all you need is an access token. Another key is required to get that token, but it's unencrypted and seemingly easy to get your hands on.
With access to the API, you can access a heap of personal information for Shot on OnePlus users, including their name, email address, country of residence, phone model, and more. Along with having access to that information, it can also be changed/updated.
Making matters worse is the Shot on OnePlus gid — an alphanumeric code that's associated with each Shot on OnePlus user. With access to the API, you can cycle through gid numbers as you please and look at information for user after user.
OnePlus has been aware of this since early May, and after being contacted by 9to5Google, OnePlus "quickly made changes to the API...and it is no longer leaking the gid and email of users whose photos are posted publicly."
Email addresses are also now obscured on the API, showing asterisks in place of the proper address.
OnePlus has yet to publicly comment on the findings, but should that change, we'll update this article accordingly.
We may earn a commission for purchases using our links. Learn more.
You can now pre-order Motorola’s foldable RAZR on Verizon for $1,500
Motorola's foldable RAZR reboot is finally up for pre-order in the U.S for $1,500.
Are you going to keep your Galaxy S10 throughout 2020?
There are a lot of exciting phones set to come out in 2020, but the Galaxy S10 still has plenty of kick left in it. If you own the phone, do you plan on keeping it throughout this year?
Samsung will give away Galaxy Buds+ with S20+ and S20 Ultra pre-orders
Samsung's Galaxy S20 series will be here before you know it, and when pre-orders open up, you'll be able to get your hands on the new Galaxy Buds+ for free.
These are the best OnePlus phones you can buy in 2020
Thinking about joining Team OnePlus but aren't sure which of the company's gadgets is right for you? Let us help you find the perfect OnePlus phone!