OnePlus has a glaring smartphone security problem the company says it plans to fix in an upcoming software update. Just this week, a bit of fan sleuthing surfaced a flaw ostensibly due to oversight that meant that, over the past couple of years, OnePlus phones (including the recently released OnePlus 5) have carried a Qualcomm testing app called EngineerMode.
The app provides users with root-level access to the phone without needing to unlock its bootloader, according to Engadget. In other words, a malicious user would need to physically grab your phone in order to take advantage of the bug. Yet once they gained that access, they could plant trackers or malware easily.
A staff member from the OnePlus team explained in a forum post that…