At least two of OnePlus’s recent flagships reportedly have an app called ‘EngineerMode’ that makes those devices vulnerable to compromise. So what is it exactly and what threats does it pose? EngineerMode is a diagnostic app developed by Qualcomm and tweaked by OnePlus for pre-deployment device testing in the production build of OxygenOS. The app is said to be installed by default on the OnePlus 5, 3T and 3, and can be accessed by going over to Settings > Apps > Menu (three dots on top-right) > Show System Apps. We can confirm the presence of the EngineerMode on both the OnePlus 5 units used by our colleagues (OxygenOS 4.5.14, build number ONEPLUSA5000_23_171031).
EngineerMode can enable ADB root which would provide privileges for ADB commands, but according to OnePlus, will “not let 3rd-party apps access full root privileges”. What the EngineerMode does do, is provide root access to the OnePlus device given the right password. That being the case, it can become a major security concern if skilled reverse engineers can identify the password needed to enable the diagnostic mode. Multiple reports on the net now seem to suggest that the EngineerMode.apk binary has been disassembled by security researchers using the open source reverse-engineering framework Radare, thereby decrypting the password and enabling diagnostic mode on the device.
Once reports about the EngineerMode started circulating on the net, many Lenovo and Motorola-users also reported the presence of the app on their devices. Which isn’t unusual, given that both use Qualcomm chips in the lions’ share of their smartphones. While OnePlus has already responded to the issue by stating that it will roll out an update disabling the adb root function from EngineerMode, Qualcomm and Lenovo are yet to release any official statements.