Saving personal data to userssmartphones is a priority. However, not all manufacturers are responsible for solving the problem of protecting personal data. Proprietary application Shot on OnePlus for smartphones OnePlus has a vulnerability that carries the threat of losing sensitive customer information.
This application allows the owner of the smartphoneplace personal photos in a publicly available list of wallpapers. A user snapshot can be set as wallpaper in any OnePlus smartphone by downloading wallpaper from the gallery.
To upload photos, the owner of the smartphoneOnePlus enters your profile, indicating your country and email address. In this case, the identifier assigns a special alphanumeric code of 2 digits and 6 digits to the data. The country of residence of the user is marked with letters (CN for example, identifies the inhabitants of China), and the numbers are assigned randomly.
The Shot on OnePlus application usesAn API for establishing a connection between a server and an application. The API is hosted on open.oneplus.net and any user who owns the code can use it. In this case, having learned by selecting the digital part, it is possible to subject someone else's information to editing.
It is assumed that such a vulnerability existedsince the release of Shot on OnePlus. Currently, the API has been amended to block the leakage of email addresses of users who post their photos publicly.