Just a month ago, OnePlus was caught collecting personally identifiable data from phone owners through incredibly detailed analytics. While the company eventually reversed course on the data collection, another discovery has been made in the software of OnePlus phones. A developer named Elliot Alderson found an application intended for factory testing, and through some investigation and reverse-engineering, was able to obtain root access using it.


The application in question is called 'EngineerMode,' which is intended to be used in factories to confirm that the device is working properly. We have confirmed it is installed on the OnePlus 3, 3T, and 5. It's even included on OxygenOS for the OnePlus One, but not the original CyanogenOS ROM.

The app can diagnose GPS, check the root status, perform a series of automated tests, and more. Alderson found that by launching the 'DiagEnabled' activity found in the APK with a specified password, the device could actually be rooted:

After tearing apart the phone's libdoor.so library, he managed to obtain root access though bypassing the escalate and isEscalated methods in the DiagEnabled activity. With the help of a few cybersecurity experts, the required password was discovered, making rooting a OnePlus phone as easy as running a few commands.

Alderson says he plans to release an app for rooting OnePlus devices sometime today, and we'll update the post when it is released. This also means that it's possible for any Android app to achieve root using this method, which opens up OP devices to massive security issues.

The chance of this already having been exploited is probably low, but it's still a massive risk to users. Carl Pei, co-founder of OnePlus, has said the company is looking into it:

We've also reached out to OnePlus for comment. In the meantime, you should probably avoid installing any sketchy-looking apps. Hopefully OnePlus will remove the application from its devices with an update, all the way back to the OnePlus One.