Is your smartphone leaking your private messages? If you own a OnePlus device and enjoy experimenting with lesser-known apps, your text messages might not be as secure as you think.
Recently, cybersecurity experts at Rapid7 uncovered a critical vulnerability in OnePlus phones. This flaw allows unauthorized access to your SMS and MMS data by apps without your knowledge or consent. Imagine the implications if sensitive information falls into the wrong hands!
Rapid7’s report highlights the severity of the issue: any app on your device can potentially access and extract your SMS/MMS data without needing explicit permission. This poses a significant risk, especially if you rely on SMS for two-factor authentication or other security measures.
The vulnerability, identified as CVE-2025-10184, affects various Oxygen OS versions, including those dating back to the OnePlus 8T. The problem stemmed from OnePlus’ modifications to the default Android telephony app during the transition to Android 12, leaving users unwittingly exposed to data breaches.
Despite Rapid7’s prior attempts to notify OnePlus about the vulnerability, it wasn’t until the public disclosure that OnePlus acknowledged the issue. The company has since assured users of a forthcoming fix through a global software update starting in mid-October.
To safeguard your data proactively, consider these preventive measures:
- Prune Your Apps: Delete unnecessary or unfamiliar apps, especially those from lesser-known sources.
- Stick to Trusted Sources: Install apps only from reputable brands and official app stores to minimize security risks.
- Enhance Authentication: Switch from SMS-based two-factor authentication to more secure methods like authenticator apps.
- Update Promptly: Install the upcoming OnePlus update as soon as it’s available to patch the vulnerability and enhance your device’s security.
If this revelation has you contemplating an upgrade, explore our curated list of the best phones and tablets currently on the market. It’s essential to stay informed and proactive when it comes to protecting your data and ensuring your digital security.