OnePlus may have left an accidental backdoor to rooting your OnePlus smartphone. According to the findings of one developer, a testing application that OnePlus left in the device, hidden, may have the ability to gain root access through some manipulation of existing code.
Developer Elliot Aldersen reported on Twitter that the "EngineeringMode" application, which is intended to be used in factories to confirm that the device is working properly, can be reverse engineered to gain root access.
The application can be found on a number of OnePlus phones, including the OnePlus One (OxygenOS only), 3, 3T, and 5.
The app can diagnose GPS, check the root status, perform a series of automated tests, and more. The developer found that by launching the 'DiagEnabled' activity found in the APK with a specified password, the device could actually be rooted. The developer has reported that through bypassing the escalate and isEscalated methods in the DiagEnabled activity, he was able to gain root access. He has stated that he will publish an app to the Google Play Store, which uses EngineeringMode to root the device, soon.
OnePlus have already commented on the matter and acknowledged the potential security risks that an app like this in conjunction with ADB and other vulnerabilities, stating;
"Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We've seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don't see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA."
If OnePlus are correct in that this exploit does not allow 3rd-party apps to access full root piveliges, this exploit has very little use for the enthusiast who just wishes to root their phone to block ads. However, it's an interesting solution and seeing exploits like this rise, even for a day, is always good fun for us enthusiasts.
What do you guys think? Will you try out this method on your OnePlus device? Let us know in the comments, or post over on the forums with your thoughts.