We understand that a small-ish company like OnePlus – relatively small compared to behemoths like Samsung, LG, and Apple – would probably make mistakes along the way. And make mistakes they did – with the recent OnePlus 5 a constant target of criticism. Now it has been discovered that the software team behind OnePlus’s OxygenOS has left an app in the OnePlus 3, OnePlus 3T, and OnePlus 5 that serves as a backdoor to gain root access.
The app called “EngineerMode” was recently discovered – and it’s supposed to function as a diagnostic app available for manufacturers to easily test hardware components of these devices. The problem is that once discovered and decompiled, the app has a feature that easily gives root access to the device even without unlocking the devices’ bootloader. In some ways, it’s pretty cool, but also a bit dangerous, eh?
The discoverer of the app had a problem. Once the app was decompiled, a password was still needed for the app so that it would give root access to devices. With the help of some other Twitter users, the password was discovered, and now we have a legit root method that would not even require an unlocked bootloader.
It’s only going to be a matter of time before the aftermarket community goes after this. But on the other hand, we do hope that OnePlus patches this as well, because it is provides a legitimate backdoor to OnePlus 3, 3T, and OnePlus 5 devices.
[UPDATE] OnePlus has already put out a statement explaining what the “EngineerMode” app is. It is indeed a diagnostic tool used in their factories and production lines. OnePlus explains that while it does enable root through ADB, it still requires physical access to the device. But with security concerns, OnePlus is set to remove the ADB root function of the app on an upcoming OTA update.