OnePlus: That backdoor we left in Oxygen OS? Don't worry about it!

Firm plays down EngineerMode APK it left installed on smartphones

Upstart smartphone maker OnePlus has been playing down reports that an internal testing app 'accidentally' left on the device could enable an attacker to get root-level access to the devices without even needing to unlock its bootloader.

It was revealed on Tuesday that the internal testing app, dubbed EngineerMode, could be exploited to give root access, and as we all know, that pretty much means anything goes for that device.

XDA Developers reported on the discovery by 'Elliot Alderson'. He claimed that the app is installed on the OnePlus 3, 3T and OnePlus 5 smartphones, and can be accessed via any activity launcher.

The app's existence had been previously spotted, but it's only now that its full potential is being recognised. In the wrong hands - and with a good exploit behind it - it could be used to takeover someone's device. That, at least, is the fear.

However, OnePlus has responded insouciently to the news. It explained in a forum post that users don't have anything to worry about as the app won't grant third-party apps full root privileges.

"Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is," a OnePlus staffer said in the post.

"EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after-sales support.

"We've seen several statements by community developers that are worried because this apk grants root privileges. While it can enable adb [Android Debug Bridge] root, which provides privileges for adb commands, it will not let third-party apps access full root privileges.

"Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device," the staff member added.

So that's all right, then.