Moore has detailed his findings on his website and he explains that he notice OnePlus was collecting information about when his screen was turned on and off, when his phone was unlocked, his serial number, details of mobile networks, phone numbers, MAC addresses and even which apps we was running, when and for how long. While most of the issues have been regarding benchmark rankings, the phone design, and the display; but this is possibly the first time it has been accused of collecting personally identifiable analytics data from mobile owners. What's really baffling is that the Chinese company is already aware of privacy issue, as previous year security researcher Christopher Moore discovered his OnePlus 2 smartphone was sending data to a HTTPS domain belonging to OnePlus without user's consent. After probing further, Moore wrote about it on his blog. The first stream is usage analytics, which we collect in order for us to more precisely fine tune our software according to user behaviour.
For what it's worth, you can turn off the "transmission of usage activity" by unjoining the "user experience program" in your advanced settings menu.
After decrypting the data, he figured out that OxygenOS's analytics is sending user data regularly to the OnePlus's AWS servers. OnePlus seems to have been caught because it has not been using users' permission. This probably prompted the Ministry of Electronics and Information Technology to recently issue a directive details of what all data that phone companies were collecting from users.
The code that's responsible for collecting users' private data is part of the OnePlus Device Manager and OnePlus Device Manager Provider. Besides this, the company is in the headlines for privacy concerns as well. It appears that the Chinese manufacturer is breaking consumers trust in a bid to provide them with improved after-sales support. However, Jakub Czekański has provided a suggestion on how to disable them permanently.
While OnePlus says that the bulk of the data transmission can be turned off with the above instructions, Twitter user @JaCzekanski pointed out that the app sending the data (OnePlus Device Manager) can be removed via ADB, root not required. You simply need an ADB tool with USB debugging enabled. There's no simple way for a user to know the extent of the data tracking happening, nor to disable it. Hence, companies should be very transparent on letting it consumers know what information they are collecting from the user and the goal behind doing so.