Every Time You Check to See if Your OnePlus 3 Has an Update, You Expose Your IMEI


According to users on reddit and the OnePlus forums, every time an owner of a OnePlus 3 checks to see if they have an update via the Settings menu, their IMEI is sent to the OnePlus servers in plain HTTP and not HTTPS. Because of this, OnePlus 3 owners on an unsecured network (a coffee shop with public WiFi access point, for example), potentially expose their device’s specific IMEI number to would-be evil doers. 

With an IMEI in the hands of someone not so trustworthy, a device could be blacklisted (marked as stolen, lost, etc.) in a carrier’s database, making the possibility of activating it on a network extremely difficult. This action can be reversed by the true owner of a device, but you can imagine it’s not the easiest process to deal with when it involves US carriers.

To sum up what’s happening here, every time you select “check for updates,” a POST request is sent to a specific URL from the OnePlus 3. This request contains the IMEI of the device in the user agent, as well as in a header labeled “imei.”

For this to negatively affect a OnePlus 3 owner, he or she would need to be on an unsecured network, check for an update, and at the same exact time, an individual would need to be fishing for this information on that same network. In the real world, the chances of something like this happening to OnePlus 3 owners seems small, but still, this is plain sloppy work from the folks at OnePlus and should be fixed immediately.

At this time, OnePlus has not addressed this issue, and until a fix is provided (which would most likely require a security update), be sure to only check for software updates while on a secured network.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    AT&T Gigabit Internet Coming to 11 More US Regions

    AT&T is bringing its gigabit Internet service to 11 new metro areas.AT&T first rolled out gigabit speeds in Austin, Texas in 2014.
  • 5300c769af79e

    Softbank Buying ARM For $32 Billion

    They are empowered In a move to bolster its Internet of Things (IoT) push, Softbank announced plans to buy mobile chip designer ARM holdings for $32 billion.The company's proposed acquisition of ARM Holdings will be its most valuable at $32 billion.
  • 5300c769af79e

    Bitdefender Presents: Would You Rather?

    Digital Trends takes Bitdefender, an intelligent anti-virus software, to the streets of New York City with a friendly game of ‘Would You Rather?’ From signing in to public wi-fi’s to opening spam e-mails, the quick compare/contrast game explains how the security software can keep you safe you from e-threats you may never knew existed.
  • 5300c769af79e

    Samsung Galaxy S8 Active

    The Samsung Galaxy S8 set the standard for smartphones earlier this year, with a tall-and-narrow build, top-of-the-line specs, and feature-rich software.The Samsung Galaxy S8 Active ($849.