Privacy is an increasing topic in this new growing world. Majority of companies including Facebook and Google, somehow, slips here and there. Now, OnePlus accused of leaking users’ email addresses via ‘Shot on OnePlus’ application. An incident is a security flaw that OnePlus never got an idea about. However, after a most important issue fixed now, but let’s dig in further information and find out what happened.
All Starts with ‘Shot on OnePlus’ App
If you are a OnePlus user, you might have an idea about the ‘Shot on OnePlus’ application which is the user can use to apply images as current wallpaper. Well, a user can also upload their own clicked images in this app which is a unique thing about it. The app is accessible through the Wallpapers selection menu on the home screen.
‘Shot on OnePlus’ app gets a new wallpaper daily. The user can upload their images either from the OnePlus official website or from the app itself. To show the identity, user can upload a profile picture, update their name with the country and of course, email address.
It is obvious, the app is connected to the OnePlus’ own web server. So, it makes a bridge between the app and server which called API key in terms of the internet world. So, basically, it’s an Application Programming Interface code which passed between server and app to identify. It used to secure critical information such as email id in this case.
Now, instead, the API key used by OnePlus, it was openly available on open.oneplus.net. So, anyone can access the taken then to the data using it. So, the following screenshot which has some crucial information of the user can be accessed by an anyone who can borrow an API key from OnePlus website.
9to5Google has directly contacted to the OnePlus after this serious problem. And they immediately made changes to the API. So, there isn’t further data flow. In reply to 9to5Google OnePlus said, “OnePlus takes security seriously, and we investigate all reports we receive.”