Thursday, April 25, 2024
News

Shot on OnePlus app reportedly leaked hundreds of users’ emails

By Android Central
Shot on OnePlus app reportedly leaked hundreds of users’ emails

Share

OnePlus has since made changes to better-secure information.

shot-on-oneplus-app-oneplus-7-pro.jpg?it

What you need to know

  • It’s reported that hundreds of emails were leaked through the Shot on OnePlus app.
  • An unencrypted access key was used to access user information.
  • Email addresses could be cycled through using an insecure gid.

Privacy is an ever-increasing topic of discussion in our world, with companies like Facebook and Google regularly coming under fire for slip-ups here and there. Now, it’s OnePlus’s time to shine as a report shows that it’s been leaking names and emails for hundreds of users of its Shot on OnePlus app.

If you have a OnePlus phone, you’re probably familiar with Shot on OnePlus. It can be accessed through the wallpaper selector, and if you upload a photo to it, you can share it with other OnePlus users for them to download.

According to 9to5Google, the API used to connect the app to OnePlus’s server is highly unprotected. The API is hosted on open.oneplus.net, and to access its information, all you need is an access token. Another key is required to get that token, but it’s unencrypted and seemingly easy to get your hands on.

With access to the API, you can access a heap of personal information for Shot on OnePlus users, including their name, email address, country of residence, phone model, and more. Along with having access to that information, it can also be changed/updated.

Making matters worse is the Shot on OnePlus gid — an alphanumeric code that’s associated with each Shot on OnePlus user. With access to the API, you can cycle through gid numbers as you please and look at information for user after user.

OnePlus has been aware of this since early May, and after being contacted by 9to5Google, OnePlus “quickly made changes to the API…and it is no longer leaking the gid and email of users whose photos are posted publicly.”

Email addresses are also now obscured on the API, showing asterisks in place of the proper address.

OnePlus has yet to publicly comment on the findings, but should that change, we’ll update this article accordingly.

OnePlus 7 Pro Almond hands on: Natural beauty

Table of contents

Read more

More News

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).
The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.
We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

Company

© AIVAnet