‘Shot on OnePlus’ Camera App Reportedly Exposed Email IDs of Users

The issue is related to OnePlus devices’ camera wallpaper app that stores users photos online for community access.

S Aadeetya
Tech News
Updated:
This watermark shows up when pictures clicked with camera of OnePlus phones.
i
This watermark shows up when pictures clicked with camera of OnePlus phones.
(Photo: The Quint)

advertisement

OnePlus users across the globe got a huge scare this week, when a report highlighted that because of a flaw millions of email IDs are likely to have been exposed.

This issue, first reported by 9to5Google, suggests that OnePlus users were inadvertently sharing their details with the company through the “Shot on OnePlus” watermark and library. These details were unknowingly available to anybody with access to the API codes of the app.

The “Shot on OnePlus” branding is a user ecosystem for photos, which is available to anyone with a OnePlus phone, allowing them to upload their pictures and details like email ID and device type.

Leaving such private information accessible to anyone is slightly concerning, but the report does mention that OnePlus has fixed the issue and users can now breathe a sigh of relief.

What Was the Issue?

The Shot on OnePlus seems to be a big photo community for OnePlus users, with user from India also a big part of it.

The issue with the app, as given in the report, became clearer when a person with access to the Application Program Interface (API) codes of the app, primarily used for hosting photos on the server from the devices, was able to see the email IDs of the users and even their GID (group identifier) number.

GID number can be used to identify users by country and contains a unique alpha-numeric code to search for them in the back-end for details like name, email ID and device they are using.
(Photo: OnePlus screen grab)

The APIs are hosted on open.oneplus.net by OnePlus, the report cited.

APIs are an intrinsic part of how apps work on mobile phones and developers have the know-how to fix and tweak them as required. While it would be hard to ascertain the damage exposing of email IDs would have caused to users, it does raise concerns about how OnePlus takes care of security of its users.

Replying to the issue raised by 9to5Google, OnePlus said “OnePlus takes security seriously, and we investigate all reports we receive.” The problem seems to have been fixed, possibly by reworking the API of the app.

Users might feel now that the issue has been sorted, there’s nothing to worry about. However, what bothers us is that the company didn’t proactively inform its users or share this issue publicly earlier, which might have helped its cause greatly.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Published: 17 Jun 2019,05:01 PM IST

ADVERTISEMENT
SCROLL FOR NEXT