OnePlus has recently accused of collecting a vast amount of sensitive private data from users' smartphones in the past and now, the company has been blamed for leaving a backdoor on its devices that is capable of granting root access.
People often tout OnePlus phones as an alternative to the Pixel line now that Google abandoned the Nexus concept of affordable, high-quality phones.
Basically, OnePlus devices contain an app called "EngineerMode, ' which is used for factory testing (to confirm whether or not the unit is working properly)". The application is present in all OnePlus devices including 3, 3T and 5.
As a diagnostic app, EngineerMode has a few tricks to gain entry into parts of the file system and OS functionality unavailable to most apps. It's even included on OxygenOS for the OnePlus One, but not the original CyanogenOS ROM. It is possible to exploit the app to gain root access to a device - all it takes is a simple command and a password that can be determined fairly easily. With the help of a few cybersecurity experts, the required password was discovered, making rooting a OnePlus phone as easy as running a few commands. The developer further added that he will publish an application for rooting OnePlus devices without unlocking.
In a statement to Android Authority, OnePlus said "We securely transmit analytics in two different streams over HTTPS to an Amazon server". In the meantime, you should probably avoid installing any sketchy-looking apps. As one can imagine, it isn't meant for consumers' use and OnePlus' fault is that it didn't remove the app before it shipped the OnePlus phones.