In November 2017, OnePlus was again in the spotlight for the wrong reason – at that time, a user was able to exploit a backdoor system app in OxygenOS called “EngineerMode” to gain root access to a device that he had physical access to. When the Android Oreo update for the OnePlus 3 and 3T rolled out, this app was replaced by one called “FactoryMode” – but at the moment it’s triggering a warning from Google Play Protect.
OnePlus recently rolled out the OxygenOS 5.0.1 update for the OnePlus 3 and 3T, but numerous users are being greeted with a warning from Play Protect, saying that the FactoryMode app “contains code that attempts to bypass Android’s security protections.” That’s pretty vague, to be honest, but it might raise a concern or two as well.
OnePlus had promised to expunge the compromised EngineerMode app, but it seems that Play Protect is still seeing some code in the replacement FactoryMode that triggers its warning. Play Protect was rolled out last year to help protect users from malicious apps, and although we’re pretty sure there’s nothing inherently dangerous with OnePlus’s FactoryMode app, it still warrants a warning from Play Protect. We wonder why.
Play Protect does not display the code that it deems dangerous, so we will have to take it at its word. There are two options for OnePlus 3 and 3T users – either ignore the warning for now until OnePlus patches it, or uninstall the FactoryMode app. The uninstall instructions can be found via the source link below.