A new report has discovered a security flaw within OnePlus’ OxygenOS software that could allow hackers to access files hidden away in the native App Locker. The feature allows users to place apps under a layer of security by requiring a password or fingerprint to gain entry.
However, XDA Developers claims that this step can be easily bypassed. It demonstrated the hack in a video, starting out by showing how a protected app couldn’t be unlocked without a PIN. Going to the Settings menu and choosing Security & fingerprint followed by App Locker will again prompt up a password request.
This is where a launcher app like Nova Launcher comes in, as anyone can create an activity shortcut under Dashboard to jump directly to App Locker. Once the shortcut is placed on the home screen, it’s simply a matter of tapping on the icon to enter the App Locker settings page and disable any current locks.
It’s a fairly simple method, barring a bit of creative thinking on the hacker’s part. Of course, they would need to have physical access to your OnePlus phone for this to work. The device itself would have to be unlocked as well, so it’s not quite a clear-cut path towards accessing your hidden files.
OnePlus has taken heed of the report, telling XDA Developers that it is aware of the issue and plans to patch it in the next OxygenOS OTA update. Till then, it would be best to not let your OnePlus handset fall into the wrong hands.