OnePlus received fresh criticism from experts as well as users of the OnePlus 3, 3T, and 5 for leaving behind a testing app that could leave a backdoor, allowing root access to be gained without unlocking the phone. The Chinese company has finally come out and defended its move. OnePlus has downplayed the root access exploit, and said even this access will be removed from the app in an upcoming over-the-air update.
OnePlus explained that EngineerMode app presence in its devices won’t provide root access for third-party apps, and, even otherwise, root privileges without unlocking the phone can only only be gained with physical access to the device in USB debugging mode.
“Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support,” said a member from OxygenOS team.
“We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device,” the staff member added.
A Twitter user in a series of tweets explained how the exploit can be used to gain root access on the OnePlus 3, OnePlus 3T, and OnePlus 5. Carl Pei, Co-Founder OnePlus, had at the time confirmed that the company was looking into the issue.
“While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA,” the company confirmed in its forum post.