Skip to main content

PSA: Checking for software updates on your OnePlus 3 can expose your IMEI on open networks

With major updates for the OnePlus 3 on the horizon there’s no doubt many users are constantly checking for that update to hit their devices. While that’s usually completely fine, a flaw in OnePlus’ system could turn this average task into something a bit more dangerous.

According to users on OnePlus forums as well as Reddit, OnePlus is currently using HTTP to transfer data between the phone and their own servers rather than the more secure HTTPS. This means that users who check for updates on public WiFi networks could put the IMEI number for their device at risk.

When that IMEI is transmitted between the device and OnePlus it’s clearly labeled as that and anyone with a bit of skill could easily grab that number. What could they do with it? The most likely scenario is that they would attempt to blacklist the IMEI which would make it appear as lost or stolen to OnePlus and most carriers and would leave the owner unable to activate the device on most networks.

For this to happen a  OnePlus 3 owner would need to check for an update on a specific network along with someone trying to steal that IMEI at the same time. Obviously the odds of that are not great, but this is still an issue which could cause headaches for OnePlus 3 owners if it were to happen and it’s something OnePlus should definitely fix. We’ll update this post once OnePlus has issued a fix.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel