The app called "EngineerMode" was recently discovered - and it's supposed to function as a diagnostic app available for manufacturers to easily test hardware components of these devices.
This is not the first time that OnePlus has been accused of compromising privacy of its users.
The app and the subsequent backdoor access was discovered by Twitter user Elliott Alderson (a reference to the Mr. Robot character), who then went into a lot of detail about how to gain root access to the device.
The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more. A developer has found an application that can be manipulated into to granting a backdoor root access.
This nonetheless raises questions over why is the device shipping with this app (presumably it has just been overlooked) and whether it's available on other Qualcomm devices. Intended for internal use only by the company's engineering team to test if devices are working properly, the application has managed to remain on OnePlus devices that have been shipped to consumers-and may present a threat to their security. The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device. The developer further added that he will publish an application for rooting OnePlus devices without unlocking. The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all. OnePlus has been alerted to the exploit and CEO Carl Pei has confirmed that the company is looking into it. Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.