Users have discovered that numerous company's phones from the past few years (including the OnePlus 5) include a Qualcomm testing app, EngineerMode, that lets you get root-level access to the phone without having to unlock its bootloader. The company claimed the data was simply for performance analytics but agreed to scale back what it collected.
Dubbed "EngineedMode", the app has been created by Qualcomm to most certainly test out hardware, but OnePlus has taken it to itself to tamper with the app, customize it, and preload it on a plethora of devices, including but not limited to the OnePlus 5, OnePlus 3, and OnePlus 3T. The developer also stated that deploying the "DiagEnabled" activity found in the APK with a specific password, it is possible to root the device. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list. "Using this shell command triggers the diagnostic mode (or backdoor) and grants future ADB sessions root access, even after the device is rebooted", NowSecure stated in a blog post.
OnePlus' co-founder clarified that the company was collecting data to "better understand general phone behavior and optimize OxygenOS for a better overall user experience".
"If you have an OnePlus device, I'm pretty sure you have this app pre-installed".
Alderson, with the help of cybersecurity experts, was able to root a OnePlus device with a few commands.
The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more.
OnePlus did not immediately respond to a request for comment.
Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance.