Chinese smartphone manufacturer OnePlus makes some really great handsets but it appears as if the firm has committed a faux pas by leaving an app on its handsets that grants root-level access to a handset.

The app in question is EngineerMode which is developed by chip manufacturer Qualcomm and is used for testing of various components and – if the correct settings are selected – root-level access to a smartphone.

According to The Hacker News EngineerMode comes pre-installed on the OnePlus 2, 3, 3T and the OnePlus 5.

With this sort of access a malicious individual could install malware and other nasty pieces of kit on a smartphone but it’s actually not as simple as you’d think.

“We’ve seen several statements by community developers that are worried because this apk (EngineerMode) grants root privileges,” said OnePlus in a statement.

“While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device,” it added.

Simply put then a hacker would require physical access to your smartphone to compromise it. That having been said the individual who discovered this backdoor (known on Twitter as Elliot Alderson) has been tearing away at the code for the better part of two days and is on “good tracks” to finding an app that could leverage this back door to gain root-level access.

To its credit OnePlus says it will remove EngineerMode in an over the air update and right now a hacker would have to have physical access to your smartphone.

Perhaps don’t lend that stranger that needs to call their mom your smartphone, at least for the foreseeable future.


Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.