OnePlus hasn’t been making Android phones for a very long time, but over its four years in existence it has made numerous screw ups. This all finally led up to last week’s massive credit card breach. It’s time we stop trusting a company with such clearly low standards.
Who Is OnePlus?
Founded just a hair over four years ago—at the end of 2013—OnePlus is a subsidiary of Chinese electronics manufacturer Oppo. The initial idea for the company was admirable: to make smartphones with high end components and features without the high end price tag. That’s something we can all get behind, and OnePlus was received with much fanfare in the Android community.
And you know what? For the most part, OnePlus makes good smartphones. They’re packed with excellent hardware and review exceptionally well. But the problem isn’t with the phones—it’s the company itself.
April 2014: Smash the Past
The first OnePlus phone—the OnePlus One—was released in April of 2014 by invite-only, just four months after the company’s formation. That’s a good turnaround time, but this also marks the beginning of a long list of genuinely questionable decisions by the company.
In an attempt to get people excited for their first smartphone, OnePlus launched a very poorly thought-out contest called “Smash the Past,” where they wanted users to smash their current smartphones. On video. Nothing about that sounds like a good idea out of the gate, but it gets worse.
Here’s how the promotion was supposed to work: users would apply to be a participant in the program, telling the company how they’d smash their phones. If chosen, they would then smash their phone in the described manner, on camera. Then they could buy a OnePlus One for one dollar.
The list of phones was also limited—they didn’t want you smashing some junker in order to get a OnePlus One for a buck. Nope, it had to be a high-end smartphone for the time, like an iPhone 5, Samsung Galaxy Note 3, Nexus 5, or Moto X. Sound crazy yet?
Here’s what actually happened: people misunderstood, because of course they did. People smashed their phones on camera not only before they were chosen to do so, but also before the contest even started. Now, this could be attributed to people just not reading or understanding, but the whole thing could’ve been avoided had OnePlus not launched such a dumbass campaign in the first place.
Furthermore, even if you give them the benefit of the doubt on that, telling people to smash their phones is a terrible idea in the first place. Phones are full of chemicals that are safe when housed within their intended enclosure, but prone to explode when put in certain conditions…like being smashed to hell. This wasn’t just dumb, it was flat-out dangerous.
It’s been almost four years since that campaign, and I still can’t believe it was real.
Due to a high level of backlash, the company did try to make it better by later allowing winners of the contest to donate their old handset instead of smashing it, which is a lot better. Why didn’t they just do that in the first place?
You’d think that the company would’ve learned its lesson after that. Nah.
April/May 2014: The Invite System
The OnePlus One was originally only available through an invite-only system. This was put in place to combat the limited quantities available at release, but it just made things needlessly complex.
In order to get an invite, customers had to jump through a series of hoops with things like contests. All just to buy the damn phone in the first place. Once they bought a phone, those customers were given a limited number of invites to hand out to friends and family. If you were one of the lucky ones to get an invite, you had 24 hours to use it. After that, it was gone. God forbid you were out of the house that day, or on a family vacation.
I mean, I get stock shortages and whatnot, but using an invite system to “allow” people to give you money is arrogant at best—especially for a company with zero track record—and totally moronic at worst. I’m not suggesting that the current system of “first come, first served” is the best way to handle limited handset quantities either, but making customers work for the chance to buy a phone was confusing and convoluted. When someone has to make a YouTube video explaining how to buy a product, you’re doing something wrong.
May 2014: Yellow Screens and Warranty Issues
Shortly after the OnePlus One was released, some users complained of screen yellowing. The company claimed that a yellow screen was “not a quality issue and not covered under warranty.” Given the recent Pixel 2 XL screen issues and similar response from Google, I won’t point this out as an uncommon reaction. That said, Google did ease users’ minds by increasing the Pixel 2 warranty to an unprecedented two years, so at least there was a response.
I think the users who had this issue had every right to be upset, and the company should’ve done more to address it. The bottom line here is this: if there’s a clear issue with a display as soon as the phone comes out of the box, it needs be investigated at the very least.
August 2014: The Ladies First Campaign
In what might be the shortest contest in OnePlus history, an ill-conceived campaign just for women called “Ladies First” was launched in August 2014.
The idea was this: women (and women only) would draw the OnePlus logo on their body or a piece of paper, then take a picture of themselves and upload it to the OnePlus forum. The pictures would then get upvoted by forum members—mostly men—and the top 50 got a free OnePlus t-shirt and an invite to buy the phone.
If you thought the “Smash the Past” campaign was stupid, it only took them four months to make an even worse one. Objectifying and sexist, Ladies First received a massive backlash as soon as it was announced—so much that the company cancelled it within hours. The company then claimed it was a “very misguided effort by a few isolated employees.” Right.
November 2014 – April 2015: Cyanogen Woes
Out the box, the OnePlus One ran Cyanogen OS—a custom fork of Android that was once the king of the custom ROM world. At the time, the founders of CyanogenMod had taken the ROM’s fame and tried to monetize it by building a company around it: Cyanogen, Inc. This company was responsible for building the operating system that would run on the One.
This is one of the things that made the OnePlus One so appealing to Android die-hards. This also later turned into a nightmare for OnePlus.
While no fault of OnePlus itself, Cyanogen, Inc. told the company in November of 2014 that it had entered into an exclusive deal with Micromax to produce the operating system for an upcoming line of phones for release in India. This came at a bad time for OnePlus, as it caused a temporary ban of import and sales of the the OnePlus One in India. The ban was lifted a week later as OnePlus decided to release its own custom version of Android called Oxygen OS.
This was the beginning of the end for OnePlus and Cyanogen, but the relationship took six months or so to really come to an end. The two companies reportedly butted heads a lot, with Cyanogen claiming in the end that OnePlus used the Cyanogen name to garner popularity—which may or may not be true, but I’m sure it didn’t hurt OnePlus’ recognition early on—saying it “built their brand on the back of Cyanogen.” Regardless of how you feel about it, that’s a bad look for any company—including both involved here.
The breakup between the two companies was very public and very ugly. It ultimately ended with the companies ending their relationship, and OnePlus using its OxygenOS moving forward.
That’s pretty rough for users who bought the phone in part because it was running Cyanogen OS, only for the partnership to end a year later. In comparison to Cyanogen, OxygenOS was less customizable, but still retained a lot of the stock Android look and feel users had grown to love about the handset’s former OS.
This was the end to a very rocky first year for a new company. Most other small companies wouldn’t have survived all the backlash and adversity thrown its way in such a short period of time, but OnePlus somehow prevailed.
August 2015: OnePlus 2 and More Invite System Garbage
Like most companies with a reasonably successful smartphone, the company followed up the first One with…the cleverly-named OnePlus 2.
Despite the company carrying the tagline “Never Settle,” the OnePlus 2 was released without NFC (near field communication)—a feature that was considered a staple for flagship phones of the day—and without wireless charging. This caused backlash in the Android community, though OnePlus claimed not enough OnePlus owners used NFC to justify its inclusion.
Also like the launch of the One, the 2 was released with an invite-only buying system. While they didn’t have any stupid contests like with the One, the 2 had its own share of issues where the invite and sale system is concerned—mostly that users couldn’t really buy the phone.
Initially, OnePlus promised a “new and improved” invite system, including 30-50 times more invites than were available with the OnePlus One. The thing is, it didn’t play out like that. North American orders were delayed by 2-3 weeks, and they also found issues with the materials used on the USB cables not being up to snuff. As a result, they had to slow the rollout of invites to “closely monitor and act on user feedback.”
So after once again failing to deliver, OnePlus CEO Carl Pei posted an apology in the OnePlus forums about how the company “messed up” the launch, noting that it took them a month after their target date to start shipping phones in “meaningful quantities.”
This company is basically a series of poor decisions and subsequent apologies…with some smartphones mixed in.
November 2015: OnePlus Sells Garbage USB-C Cables
OnePlus ventured out from just smartphones, offering accessories like USB-C cables and USB-C to Micro-USB adapters—both of which were confirmed to be out of compliance with USB-C standards by trusted Google engineer and USB-C expert Bensen Leung. In short, using the cable or adapter had the potential to fry the power source thanks to the dodgy resistors in their construction.
Once again, OnePlus found itself apologizing for the mistake and offering refunds—but only to customers who purchased the USB-C cable, not the USB-C to Micro-USB adapter (which was equally as bad as the cable). It also noted that the cable and adapter were both safe to use with the OnePlus 2…just not other phones. Talk about a recipe for disaster.
June 2016: IMEI Data Being Sent to OnePlus Servers Over an Unencrypted Connection
On pretty much any Android phone, when you check for operating system updates the phone contacts the manufacturers servers to see if there’s new software available. Pretty common.
On the OnePlus 3, however, the phone was also sending the IMEI—that’s a numeric value that uniquely identifies that exact phone—over an unencrypted connection. That means a value that can connect your phone to your person was being sent over an open connection to OnePlus’ servers.
To make this even more interesting, it was also discovered that a proper IMEI wasn’t even necessary in order for the device to receive an update package. To test this, one OnePlus forum user sent a test request to OnePlus’ update server with an unusable IMEI, and an update package was returned.
It’s worth mentioning that this isn’t a significant issue on its own—just another questionable decision.
January 2017: OnePlus Gets Caught Cheating on Benchmarks
Benchmark scores used to be a hot topic on Android, so the better number a phone could produce, the better that phone seemed to end users.
With that in mind, benchmark scores on the OnePlus 3t were manipulated to be higher than the actual performance would indicate. OnePlus was apparently targeting specific applications by name and pushing the CPU into a specific scaling mode to push the stores higher than they would normally have been.
It’s also worth mentioning that other manufacturers were found guilty of the same thing with that research, and manufacturers like Samsung, HTC, Sony, and LG were all found guilty of doing the same thing back in 2013. So it wasn’t a unique offence, but something that hadn’t really been an issue for several years.
June 2017: OnePlus Gets Caught Cheating on Benchmarks…Again
After being “caught” for cheating on benchmarks with the OnePlus 3t, one could assume it wouldn’t be an issue again. But it was, because OnePlus got busted for maximizing benchmark scores again with the OnePlus 5.
This time the scores were accused of being boosted by as much as 5%. There’s an incredibly detailed analysis and write-up on the subject over at XDA, so I’d recommend taking a look at that if you’re interested in the gory details.
June 2017: OnePlus 5’s Display Confirmed to be Installed Upside-Down
Users of the OnePlus 5 noticed some odd “jellying” when scrolling on the phone, but it was unclear why this was happening. It was soon discovered why—the screen was mounted upside-down. Deliberately.
Because it was upside down, the screen refreshed from bottom to top (instead of the top to bottom), causing some interesting issues when scrolling. It didn’t appear to affect all units, but it was pretty obvious on the ones it did.
You may be wondering why the display was intentionally placed upside-down, and for that I turn to XDA for some well-researched speculation:
If you’ll take a look back at any of the thorough teardowns of the smartphone, you may notice that the display controller IC is located at the bottom. In order to compensate for the module’s placement, OnePlus flipped the display panel so the display cable would easily reach the motherboard and none of these components would interfere with other elements at the top of the device. But why would they need to do this all in the first place?
Take a look at what is placed at the top of the smartphone – the dual camera and some antennas. Like with any decision involving where to place components in a smartphone, it likely came down to space considerations. With limited space, the company had to decide where to place each component so everything would fit. Since the dual lens camera, which is new to the OnePlus line-up, takes up more space than a single lens camera it is possible the company moved the motherboard – and hence flipped the display panel – in order to accommodate the new camera module.
And there you have it.
July 2017: The OnePlus 2 Reaches End of Life Early
In June of 2014—after telling users that Nougat would be available for the OnePlus 2—OnePlus confirmed that the 2 would not get the Nougat update and had in fact reached its end of life at Marshmallow. It’s sadly common for Android phones to not get updates, but it was particularly crappy of OnePlus to promise one thing, and then renege.
July 2017: OnePlus 5 Devices Rebooted During 911 Calls
In 2017, a OnePlus 5 owner saw a building on fire, tried to call 911, and the phone rebooted. Twice.
It turns out the OnePlus 5 had a memory flaw that would cause it to reboot when emergency services were contacted, which is a massive issue (if that isn’t obvious). If there’s any time a cell phone needs to work, it’s during an emergency. Even phones without a SIM card are supposed to be able to make emergency calls.
Fortunately, the company rolled out a fix pretty quickly. But such an issue should not have existed in the first place.
October 2017: OnePlus Collects Private Data Without Approval
In October of 2017, it was revealed that OxygenOS was collecting data about device usage—a fairly common thing among smartphone manufacturers. But within this data was the device’s serial number, meaning an user’s identity could the be connected with said data.
The company claimed it was sending two separate sets of data—one for device usage and analytics data, the other with device information (serial number) for “better after-sales support.” It was also noted that all data was transmitted over HTTPS for security.
The thing is, this wasn’t really the question. The real issue here is that OnePlus was doing all this without user agreement—taking users’ data and shipping it back to the mothership without consent.
Just a few days after this data collection was revealed, OnePlus responded to the backlash by limiting the amount of data collected moving forward.
By the end of October, all OnePlus phones running OxygenOS will have a prompt in the setup wizard that asks users if they want to join our user experience program. The setup wizard will clearly indicate that the program collects usage analytics. In addition, we will include a terms of service agreement that further explains our analytics collection. We would also like to share we will no longer be collecting telephone numbers, MAC Addresses and WiFi information.
Like so many things in the past, this is a response to an action that shouldn’t have been an issue to begin with.
November 2017: Another, More Serious Security Issue
Just a month after the discovery of OnePlus collecting user data without approval, another vulnerability was found that allowed many OnePlus phones to be rooted without unlocking the bootloader, through a backdoor called EngineerMode.
OnePlus claimed the vulnerability wasn’t that big of a deal as it only worked with ADB, which requires USB debugging to be enabled in Developer Options (this is also disabled by default on Android devices). Security researchers at NowSecure looked deeper into the issue and provided a more in-depth explanation of its capabilities here. XDA also has a good write up of EngineerMode’s function and how this exploit worked here.
Essentially, an attacker would need physical access to the device to easily achieve root access and execute malicious code or commands, making this one of the less terrible vulnerabilities that we’ve seen.
At first, it was believed EngineerMode was a Qualcomm app, but after investigation, Qualcomm claimed it wasn’t theirs. Curious.
OnePlus quickly patched the vulnerability by removing EngineerMode.
January 2018: A Massive Credit Card Breach
In January 2018 OnePlus officially announced a massive breach in which 40,000 customers’ credit card info was stolen. The actual breach happened between November of 2017 and January 2018, at which point OnePlus finally figured out what was going on and halted credit card transactions.
OnePlus will be providing affected customers with a year of free credit monitoring, which is a paltry restitution. The damage here isn’t so easily remedied, and each user is going to have to deal with the repercussions of a stolen credit card.
January 2018: OnePlus Ships Beta Software with a Suspicious Clipboard APK
Just days after announcing the credit card breach that compromised 40,000 users’ card information, a user found a questionable APK in a beta build of OxygenOS for the OnePlus 3t and posted all about it on Twitter. Essentially, he found a clipboard capture tool whose code implied that it copied information placed on the clipboard and attempts to send it back to Teddy Mobile—a Chinese company that “develops a smartphone application that helps to identify called identity based on data capabilities.”
As per the norm, however, OnePlus had a response: this was accidentally included in the OxygenOS beta from their HydrogenOS (the operating system the company uses on its Chinese handsets). In a statement to Android Police, this is what OnePlus had to say about it:
We apologize to our beta test users, for the confusion over an experimental HydrogenOS feature appearing in the global OxygenOS beta, which is being updated to remove it. The experimental HydrogenOS feature is designed specifically for the Chinese market, where a unique competitive situation between two major web service providers has led to some ecommerce weblinks being blocked. A workaround developed by one of the parties involved sending a token so that link sharing would function fully. We were testing a similar feature in the HydrogenOS beta.
They then went into further detail, stating that the APK wasn’t active in the first place, and its inclusion was purely accidental:
There’s been a false claim that the Clipboard app has been sending user data to a server. The code is entirely inactive in the open beta for OxygenOS , our global operating system. No user data is being sent to any server without consent in OxygenOS.
In the open beta for HydrogenOS, our operating system for the China market, the identified folder exists in order to filter out what data to not upload. Local data in this folder is skipped over and not sent to any server.
On the upside, at least this was discovered in a beta build, before the final version was sent to the masses. We still don’t know why an APK from the company’s Chinese operating system made its way into the OS that ships to the rest of the world, but it’s another example of the kind of carelessness that led to some of the bigger problems above.
Why Do We Keep Giving This Company Money?
That’s a long, long list of issues. They started off as poor decisions from a a young company—asking customers to destroy their phones or ladies to post selfies as part of a contest are both foolhardy at best, but not all that damning.
But then the issue continued to get worse. Selling USB-C cables that could literally damage (or destroy) user hardware and collecting user data without permission are both bad. Phones rebooting during 911 calls and backdoors that allowed easy root access by attackers are worse.
Having an issue where credit card information is stolen that stays open for over two months before it gets noticed? That’s pretty awful.
Look, I get why Android fans like OnePlus. They do release good hardware at great prices—and save for the past issues with data collection and whatnot, their software seems to be enjoyed by most who use it too.
Furthermore, I understand that any of these issues on their own isn’t the end of the world—in fact, some of the have happened to other companies we love and trust.
But taken all together, this is a pretty long list of problems, and in its four(ish) years of existence, OnePlus has shown time and time again that it doesn’t know what it’s doing and that it can’t be trusted. This company consistently shows its lack of responsibility towards customers—both potential and current. And yet people continue to fawn over them.
If you’re looking for good phones at a good price, there are other options out there. The Motorola Moto X4 is an excellent phone for just $400. The Essential PH-1 started off rocky, but a series of software updates and an attractive price drop makes it an excellent option that seems to keep getting better. It’s very comparable to the OnePlus 5t for the same price.
Maybe OnePlus will redeem themselves, but at this point, we can’t recommend buying from them until they clean up their act—and prove they can keep it that way long-term. For now, it’s time to stop trusting OnePlus with your personal information, your data, and your money. It’s time to stop settling.