Usually when we receive updates on our phones or computers it’s a good thing as it means that bugs are squashed, features improved upon, and security holes patched. However in the case of OnePlus, it seems that some users have noticed that when their devices are being updated, their handset’s IMEI is exposed to everyone on the network they are on.According to a post on the OnePlus forums, “While checking what kind of network traffic is being sent when checking for updates I happened to notice that my IMEI is being sent over plain HTTP for some reason? I don’t think this needs any explaining why this is a very bad idea, since it means anyone else on the same network as me could easily intercept my IMEI (think of untrusted wifi networks, for example).”
For those unfamiliar as to why this is a big deal, your device’s IMEI is unique to your handset. This means that just like your car engine’s VIN, every phone has an IMEI that identifies the device specifically. If someone got ahold of your IMEI, it is possible that they could have your device blacklisted, cloned and used to conduct illegal business transactions, and so on.
However we should point out that this is assuming that you are updating over an unsecured network and have someone else on the same network fishing for IMEIs, which we reckon would be a rather slim chance, but still this is something OnePlus ought to look at.
Filed in . Read more about OnePlus.