Chinese company OnePlus found to be stealing data from their users without any consent. One of the twitter user found that in clipboard app there is malicious code which is storing all the data from your device.

Clipboard is the pre-installed app and cant be uninstalled later on. Clipboard app is creating text files called badword.txt, brackets.txt, end.txt, follow.txt, key.txt, start.txt. This file is in Chinese but after translating it, a Twitter user was able to see that file. Those files are consist of all your data that you surf daily, your contact list, messages, private/bank details and your IMEI number, OnePlus sending all this data to the Chinese located company TeddyMobile. Clipboard app starts automatically in the background after you restart the device. so there is no way you can stop it to steal your data.

OnePlus sending all these files to Chinese company teddy mobile. they worked with a lot of manufacturers including Lenovo, Oppo, Vivo, Gionee, mi. Teddy Mobile is making number identification in SMS. Below image can be translated like this:

– Total number of SMS 20M+

– SMS identification accuracy 100%

– Identification number recognition rate of 70%

– recognition accuracy of 95%

This security issue is only detected for the user who has installed Oxygen Open Beta 2. What you can do to prevent this is, do not update to the latest version or use custom rom. This code also copies your bank account details so we suggest you not to copy any bank details or save somewhere in a device.’

So what we can conclude is that They installed SDK in clipboard app for teddy mobile.

OnePlus stated that “There’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS, our global operating system. No user data is being sent to any server without consent in OxygenOS. In the open beta for HydrogenOS, our operating system for the China market, the identified folder exists in order to filter out what data to not upload. Local data in this folder is skipped over and not sent to any server”

Now the question is if this SDK is inactive why did they use that?  Before you ask, all this code had been written by OnePlus So yes, we can say that OnePlus is implementing some restrictions on the app level for his Chinese users.