OnePlus phones, and possibly phones made by other prominent manufacturers, have a hidden Qualcomm debugging app installed that could let a rogue app or a physical attacker take control of the device.
Credit: Tom’s Guide
The app, called EngineerMode on OnePlus devices, was discovered by a Twitter user calling himself “Eliot Alderson,” after the protagonist of “Mr. Robot.” After he posted yesterday about it finding it on a OnePlus 5, other Twitter users said they’d found the same app on handsets made by Asus, Lenovo, Motorola and Xiaomi.
To see if your handset has EngineerMode, go to Settings —> Apps, and then hit the menu icon in the upper right corner of the app list to show system apps. We found it on a OnePlus 5, but not on a Motorola Moto Z2 Play. Android Police found it on all OnePlus models running OnePlus’ OxygenOS, but not on a OnePlus One running the original CyanogenOS.
EngineerMode listed among system apps on a OnePlus 5.
Unfortunately, while you can temporarily kill the app, you can’t remove the app without rooting the phone — which, ironically, EngineerMode makes a lot easier.
EngineerMode is actually pretty useful for the technically inclined phone user. On a OnePlus phone, you can access and run a long list of diagnostic tests and settings adjustments by dialing the special code “*#808#” in the phone dialer. (Sadly, we couldn’t find one that fixes the OnePlus 5 “jelly effect” screen issue.)
What you get if you dial *#808# on a OnePlus 5.
But “Eliot Alderson” said the real power of EngineerMode is unlocked when you access it in ADB (Android Debugging) mode, for which you’ve got to tether the phone to a computer via a USB cable.
EngineerMode does let you do some pretty fun stuff.
“Eliot Alderson” said if he could get the password to elevate privileges in ADB, he could probably root the phone without unlocking the bootloader. Sure enough, some of his Twitter followers went to work and within hours had the password. It’s “angela,” which in a delicious coincidence just happens to be the name of the fictional Eliot Alderson’s love interest on “Mr. Robot.”
The problem is that if “Eliot Alderson” can root his own OnePlus device in a few minutes, so can anyone else with physical access to a OnePlus device — and it’s possible that even an rogue Android app could as well. “Eliot Alderson” said he was working on creating such a proof-of-concept app.
We have not rooted our OnePlus 5 — yet.
Piling on the irony, “Eliot Anderson” said he was motivated to look for OnePlus bugs after learning that OnePlus phones sent an inordinate amount of personal user data back to China. He also said on Twitter that this latest problem wasn’t the only interesting thing he found, and promised more to come.
It’s likely that OnePlus didn’t have any malicious intent, but accidentally forgot to remove EngineerMode from the final customer releases of OxygenOS. Still, it’s been in OxygenOS from the get-go, and leaving such a powerful app in there is a pretty big oversight.
Force-stopping EngineerMode may just be a temporary fix.
You could just root your phone and remove EngineerMode that way, which of course you can now do with EngineerMode installed. But those who don’t feel comfortable getting into the guts of their Android device via the command line might want to wait for an official software update — if that ever comes.
This diagnostic test turns on the LEDs above the screen one by one. What’s not to love?
Responding to “Eliot Alderson’s” tweetstorm, OnePlus head honcho Carl Pei had a terse comment.
“Thanks for the heads up,” Pei tweeted last night. “We’re looking into it.”
Screenshot credits: Paul Wagenseil/Tom’s Guide.