After analytics-slurping scandal, OnePlus is now accused of leaving a gaping backdoor open on its smartphones

Security? OnePlus has heard of it...

Upstart Chinese smartphone maker OnePlus is at the centre of another security incident today with claims that it installed a backdoor in its products that could enable an attacker to take control of the device.

It comes as the company prepares to launch its latest flagship model, the OnePlus 5T, just months after the OnePlus 5.

Furthermore, though, it adds to the claims made earlier this year that the company's devices going back many years have been collecting user-identifiable data and sending it back to the company's HQ in China.

The company resolved that with an update enabling users to opt out of what it labels Oxygen OS analytics.

It now appears that the company has left an internal testing app within the operating system, which could be exploited to give root access. That, at least, is the charitable explanation.

XDA Developers reports on the discovery by 'Elliot Alderson' (one for the Mr Robot fans). He reveals that the activity is still installed in OnePlus 3, 3T and OnePlus 5 devices and can be accessed through any activity launcher.

The app's existence had been previously spotted (XDA likes to nose around mobile operating systems as a matter of course), but it's only now that it's becoming clear exactly what it does and what it's capable of doing.

The bottom line is that it enables Android Debug Bridge (ADB) to be run in root mode without the need to unlock the Android bootloader.

If you know anything about Android, you'll know how bad that could be in the wrong hands. On the plus side, if you like a rooted phone, it means you can root the OnePlus range without unlocking the bootloader too.

It's not clear whether it's just a simple mistake or something more sinister, but the password is 'Angela' if you wish to investigate further.

OnePlus, of course, has been asked for comment, but none has been forthcoming at the time of publication.