Yesterday we reported on a backdoor that was found on a OnePlus 5 device that would make rooting it very easy. Carl Pei tweeted yesterday that they would actively investigate these reports of the EngineerMode APK that is mentioned in the report and today they’ve already issued an official statement, which you can see below.
Yesterday, we received a lot of questions regarding an apk found in several devices, including our own, named EngineerMode, and we would like to explain what it is. EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support.
We’ve seen several statements by community developers that are worried because this apk grants root privileges. While, it can enable adb root which provides privileges for adb commands, it will not let 3rd-party apps access full root privileges. Additionally, adb root is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device.
While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb root function from EngineerMode in an upcoming OTA.
This is the result we expected to see after the vulnerability was discovered, but EngineerMode is also an app that is made by Qualcomm for diagnostics of their Snapdragon processors. The app was found on other handsets like the ASUS ZenFone and the Xiaomi Redmi 3S.