OnePlus Android mobes' clipboard app caught phoning home to China OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China. Someone running the latest test version of OnePlus's Oreo-based operating system revealed in its support forums that unusual activity from the builtin clipboard manager had been detected by a …
...leading some to fear their copy-paste actions were being snooped on and question the privacy protections on their OnePlus handsets.
Meanwhile, the phone is sending Google their GPS coordinates (or cell tower triangulations if location is off), all of their passwords, the contents of their email, all of their contacts, etc etc etc.
Tin foil hat?
Both Apple and Google sent GPS and cell tower locations back to base
Password manager is opt in on android
Email is not scraped, Gmail is obviously (as is all hosted mail, including Microsoft and Apple)
Contact are not shared unless you opt in to use Google services and shared contacts.
Where do you get this idea that Google are doing something different to what apple, FS ebook, Microsoft, Yahoo and pretty much everyone else is doing? Google are better at it, that is the ONLY difference.
"Tin foil hat?"
No, it's just real time phoning home. Get a network monitor app (net monitor [privacy friendly], etc.) and you'll see a long list of connections going out.
Anyone who cares for a little privacy with their android-based phone would have a firewall (NetGuard, NoRoot Firewall, etc) just to give themselves some control over their device.
Both Apple and Google sent GPS and cell tower locations back to base
Yes, but Google ignored your opt-out if you chose to opt out.
Password manager is opt in on android.
After a Play Services update, that new option was enabled on my phone.
Contact are not shared unless you opt in to use Google services and shared contacts.
So they're shared unless you specifically store them under the local contact type (which doesn't even exist on many phones).
Where do you get this idea that Google are doing something different to what apple, FS ebook, Microsoft, Yahoo and pretty much everyone else is doing? Google are better at it, that is the ONLY difference.
And constantly pull the rug out from under you with silent updates that you usually have to disable yourself, by which time it's too late.
And Huawei wonders why there's no carrier love for their "safe" phones in the USA? I wonder just how much "ownage" there is in the world because of Chinese goods? I don't think we'll ever know.
Bigger problem is knowing what was an accident and what was really intentional. China doesn't have a very good reputation for playing nice or fair.
"Bigger problem is knowing what was an accident and what was really intentional. China doesn't have a very good reputation for playing nice or fair."
China product security 100% safe. You can trust the Chinese with all your personal data and Intellectual Property.
Quick! Look over there! Google leaks data!
"... this was a feature destined for handsets in China, and will be removed from, presumably, mobes outside the Middle Kingdom."
... given several other Chinese phone manufacturers have had the same problem before over "software modes for use in China inadvertently added to phones sold elsewhere" you would have thought that checking for this would have become a tick-box on the sign-off check-list
Nope, they were scraping clipboard, and also iOS had no control on access to clipboard, so rogue apps could monitor and upload.
In addition contacts were also not protected by permissions on iOS, and many big companies were caught uploading entire unencrypted address books on iOS....
So sorry to tell you, your walled garden is full of shite and falling apart security wise...
Interesting thread. If true it seems that it is used to spot alibaba codes and convert them back to normal links due to a fight between two big Chinese mega tech corps and lots of phone providers create this automatic conversion facility.
Hard to summarise, read the second post on reddit for info.
Edit: just seen someone has posted the explanation below this post.
There's actually an explanation of sorts in the Reddit link AC posted above... Remembering firstly that Alibaba in China runa cloud service much like Amazon'a AWS in the Western world, one would assume these requests are being sent over https to an Alibaba instance owned by Oneplus.
From what I can see it's a cloud-based API which monitors the phone clipboard and obfuscates Taobao links by recognising and replacing them via a URL shortening service, bypassing the censorship used in the popular Wechat app.
Original explanation:
lambdaq 238 points 2 hours ago*
Chinese here.
Maybe I can provide some insight and background story
Here are the API request OP captured
http://bigdata.taobao.com/docs/api.htm?apiId=31578
https://open.alitrip.com/docs/api.htm?apiId=26657
So there are two Internet giants in China, Alibaba and Tencent
Tencent has this crap mega app pretending to be IM chat app, Wechat.
People share ebay links, oops, I am sorry, taobao links in Wechat
Wechat got jealous, the blocked all *.taobao.com *tmall.com links to "protect the customer from fraud"
But of course people love taobao & tmall because it's full of cheap shit and ppl think they can out smart scammers.
But anyway, two Internet giants, one blocking link to another.
The taobao guys invented some thing clever, they invented some kind of hash code, which is called 淘口令, which is some kind of token that uniquely link to a taobao/tmall SKU, so Wechat can not block arbitrary alphanumberic tokens, thus ppl can share the crap they bought on taobao, via Wechat
But after all, tere's the catch, how does Oneplus ROM has anything to do with this?
Well, the clever-ass part is they will match certain strings from your clipboard, send the token to taobao API, and restore the original SKU links.
That's it, that's why you will see strange URL requests going to Chinar IPs.
TL:DR Smart Clipboard trying to analyse your clipboard content by sending request to alibaba matching againt Taobao links.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
