What you need to know
- It's reported that hundreds of emails were leaked through the Shot on OnePlus app.
- An unencrypted access key was used to access user information.
- Email addresses could be cycled through using an insecure gid.
Privacy is an ever-increasing topic of discussion in our world, with companies like Facebook and Google regularly coming under fire for slip-ups here and there. Now, it's OnePlus's time to shine as a report shows that it's been leaking names and emails for hundreds of users of its Shot on OnePlus app.
If you have a OnePlus phone, you're probably familiar with Shot on OnePlus. It can be accessed through the wallpaper selector, and if you upload a photo to it, you can share it with other OnePlus users for them to download.
According to 9to5Google, the API used to connect the app to OnePlus's server is highly unprotected. The API is hosted on open.oneplus.net, and to access its information, all you need is an access token. Another key is required to get that token, but it's unencrypted and seemingly easy to get your hands on.
With access to the API, you can access a heap of personal information for Shot on OnePlus users, including their name, email address, country of residence, phone model, and more. Along with having access to that information, it can also be changed/updated.
Making matters worse is the Shot on OnePlus gid — an alphanumeric code that's associated with each Shot on OnePlus user. With access to the API, you can cycle through gid numbers as you please and look at information for user after user.
OnePlus has been aware of this since early May, and after being contacted by 9to5Google, OnePlus "quickly made changes to the API...and it is no longer leaking the gid and email of users whose photos are posted publicly."
Email addresses are also now obscured on the API, showing asterisks in place of the proper address.
OnePlus has yet to publicly comment on the findings, but should that change, we'll update this article accordingly.
We may earn a commission for purchases using our links. Learn more.
The Galaxy S20 FE is the best Samsung phone you can buy
Samsung makes a lot of phones — from $1,300 flagships with insane 50x zoom cameras to $250 budget phones with massive batteries. These are the best Samsung phones you need to know about in 2020.
Tales From the Galaxy's Edge trailer wields The Force and a release date
Stories far and wide reveal The Force in this full-length Star Wars: Tales From the Galaxy's Edge trailer, coming next month for Oculus Quest and Oculus Quest 2.
Review: Amazon's new duo of Echo Dots are a roundabout success
At its fall 2020 event, Amazon unveiled an entirely new design for its Echo smart speaker lineup, featuring a soft, spherical design on the standard Echo (4th Gen) and the three flavors of Echo Dot (4th Gen). We took a look at the Echo Dot with Clock (4th Gen) and Echo Dot (4th Gen) to see how much they've improved over the previous generation and let you know if we think you should buy...
Upgrade the storage in your Galaxy Note 20 Ultra with a microSD card
There's never enough storage when you're downloading movies and TV shows to watch offline, but the Galaxy Note 20 Ultra allows you to expand from the base 128GB and fit more files than ever on your phone.