Experience Program 資料收集問題:
Chris‘s Security and Tech Blog 於 2017年10月發現Oneplus手機內, 有未經用戶許可傳送的資料, 包括
IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, wireless network ESSID and BSSID, serial number, time-stamped information about locks, unlocks, and unexpected reboots.
https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
Oneplus 對於手機內的資料收集, 有以下回覆
We securely transmit analytics in
two different streams over HTTPS to an Amazon server. The
first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behavior. This transmission of usage activity
can be turned off by navigating to ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’. The
second stream is
device information, which we collect to provide better after-sales support.
大概意思為Oneplus會經兩條渠道收集資料, 第一條為 User Eexperience Program, 此渠道所收集的資料有助改良系統, 可經 ‘Settings’ -> ‘Advanced’ -> ‘Join user experience program’ 內取消。而第二條渠所收集的資料為售後服務之用, 但不能取消。
依合理推斷
第一類的 ’
User Experience Program‘ 包括以下資料:
time-stamped information about locks, unlocks, and unexpected reboots
第二類售後服務之用包括以下資料:
IMEI(s), phone numbers, MAC addresses, mobile network(s) names and IMSI prefixes, wireless network ESSID and BSSID, serial number
Carl 其後在Oneplus Forum 公開回應事件
表明今後不會再收集手機的
Telephone numbers, MAC Addresses and WiFi information. 而且10月尾開始, 新手機在設定時除了會問是否加入Experience Program之外, 亦會有 ’terms of service agreement‘ 以供參閱及了解資料收集用途。
By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program.
The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will
no longer be collecting telephone numbers, MAC Addresses and WiFi information.