The Register: OnePlus leaves researchers on read over Android bug that exposes texts

Sep 23, 2025

—

Source URL: https://www.theregister.com/2025/09/23/rapid7_oneplus_android_bug/
Source: The Register
Title: OnePlus leaves researchers on read over Android bug that exposes texts

Feedly Summary: Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won’t pick up
Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted since late 2021.…

AI Summary and Description: Yes

Summary: The text discusses a critical security vulnerability affecting OnePlus smartphones, allowing applications to access sensitive SMS and MMS messages without proper authorization. This highlights significant implications for smartphone application security and user privacy, pertinent for professionals in cybersecurity.

Detailed Description: The report from Rapid7 indicates that a serious security flaw exists in OnePlus smartphones that could potentially expose private SMS and MMS data to any application. This vulnerability has been present since late 2021 and remains unaddressed by the manufacturer, posing a risk to users’ privacy.

– **Vulnerability Details**:
– The flaw allows unauthorized applications to read SMS and MMS messages, raising concerns about user privacy.
– This kind of vulnerability typically indicates poor app sandboxing and access controls on the platform.

– **Implications for Security**:
– Users are at risk of identity theft, phishing attacks, and other privacy breaches.
– There is a call for vendors to implement stronger security measures to prevent such oversights in app permissions.

– **Manufacturers’ Responsibility**:
– The lack of action from OnePlus to resolve the vulnerability suggests possible negligence in security updates and user protection.
– This raises questions about the responsibility of hardware manufacturers to ensure software security.

– **Recommendation for Users**:
– Users should be cautious while installing applications, especially from unverified sources, as they may exploit such vulnerabilities.
– It’s advisable for users of affected devices to monitor official communications from OnePlus regarding potential updates or patches.

This incident serves as a critical reminder of the need for robust security measures in both software and hardware environments, underlining the essential role of regular security updates and transparent communication from manufacturers to protect consumer data.

1 2 2025 3 5 7 a access access control access controls Act age AI All allow and Android Android bug API app app permissions Application application security applications Arch art as at attack attacks authorization Bi bot Box breach breaches Bug by C CERN CI CIA co communication concerns consumer consumer data control controls critical critical bug cyber cybersecurit Cybersecurity D data de device e end environment environments event exp exploit fact for g Gen GIS H hardware hardware manufacturers high Highlight http HTTPS identity identity theft implications implications for security in incident io Iron k l law led Li low M man manufacturers measures mission Monitor N negligence o of off on one OnePlus ons oS oss other out over oversight Patch patches per permissions phi phishing phishing attack Phishing Attacks platform potential pre privacy privacy breach privacy breaches pro professionals protection ps Q question R Raise raising Rapid7 RCE re report research researchers responsibility Risk Ro robust security robust security measures ROI Role RoT s Sable sandbox sandboxing search sec security Security Flaw security measure security measures Security Research Security Researcher security researchers security update security updates security vulnerability Sig smartphone smartphones software software security source SSE T Tails ted text the theft to Tor TP transparent under up update updates US use user user privacy user protection Users uth V vendor vendors vulnerabilities vulnerability Ware Wi x z