Saving personal data for smartphone users is a priority. However, not all manufacturers are responsible for solving the problem of protecting personal data. Proprietary application Shot on OnePlus for smartphones OnePlus has a vulnerability that carries the threat of losing sensitive customer information.
This application allows the owner of the smartphone to place personal photos in the publicly available list of wallpapers. A user snapshot can be set as wallpaper in any OnePlus smartphone by downloading wallpaper from the gallery.
To upload a photo, the owner of the OnePlus smartphone enters his profile, indicating the country and email address. In this case, the identifier assigns a special alphanumeric code of 2 digits and 6 digits to the data. The country of residence of the user is marked with letters (CN for example, identifies the inhabitants of China), and the numbers are assigned randomly.
The Shot on OnePlus application uses the API to establish a connection between the server and the application. The API is hosted on open.oneplus.net and can be used by any user who owns the code. In this case, having learned by selecting the digital part, it is possible to subject someone else's information to editing.
It is assumed that such a vulnerability has existed since the release of Shot on OnePlus. Currently, the API has been amended to block the leakage of email addresses of users who post their photos publicly.
. (tagsToTranslate) OnePlus (t) data (t) smartphones (t) personal (t) vulnerability (t) photos (t) users (t) application (t) wallpapers (t) loss (t) confidential (t) information ( t) Saving (t) smartphone (t) threat (t) can (t) digital (t) by (t) loading (t) user