News

Leak in Shot On OnePlus feature made readout of email addresses possible

By admin
Spread the love

OnePlus phones have long had a vulnerability that made it possible to retrieve email addresses of users of the Shot On OnePlus feature. This was due to a weakness in the API. The leak has now been repaired.

9to5Google discovered that, which informed OnePlus about the leak. That has now been closed. The leak was in the Shot On OnePlus feature, part of the company’s wallpaper app. Shot On OnePlus featured photos of other OnePlus users to share their own photos as wallpapers with other users. They could do that directly from the app itself, or upload photos to a website. To upload a photo, users had to create an account.

9to5Google discovered that there was a leak in the API behind the feature. To use the api, users had to have a key and an access token, but both consisted of only a short alphanumeric code. That code could be found by looking up the ID of a photo via the api. Moreover, with the api it turned out not only to be possible to request the photo and photo information, but also e-mail addresses.

OnePlus has not yet responded to the find, but has quietly changed the api so that it is no longer possible to retrieve information from the api.

You might also like
News

Sony and Microsoft sign agreement to keep Call of Duty on PlayStation

News

Tesla has started production of Cybertruck, almost four years after its unveiling

News

Renders show OnePlus 12 with periscopic zoom camera

News

Proton releases Windows app for encrypted cloud storage service Proton Drive

News

Rumor: first foldable OnePlus smartphone is called Open

News

Threads is working on deleting account without deleting Instagram account