This is not the first time that OnePlus has been accused of compromising privacy of its users.
The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more.
In this app, the developer has found activity known as "DiagEnabled", if enabled with a specific password, grants the root access.
This nonetheless raises questions over why is the device shipping with this app (presumably it has just been overlooked) and whether it's available on other Qualcomm devices.
The application in question is called 'EngineerMode, ' which is meant to be used in factories to confirm that the device is working properly. "So it's not unsafe, it just means anybody with the password can plug your phone to a computer and take all your data".
An apparent factory cockup has left many OnePlus Android smartphones with an exposed diagnostics tool that can be exploited to root the handsets.
The application in question is EngineerMode, in which its objective is to test Qualcomm processors easily.
The inclusion of the app appears to be an oversight on the part of OnePlus, and company founder Carl Pei said the team is looking into it. And it looks to be an issue on the OnePlus 5T as well.
Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the Mr. Robot TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. He discovered that his OnePlus 2 device was sending data to an HTTPS domain, which was transmitted to Amazon Web Services and belongs to OnePlus (open.oneplus.net domain). Following the allegations, OnePlus took some steps, and added the new "opt-in" option for the user experience program.