Affiliate links on Android Authority may earn us a commission.Learn more.

OnePlus phones include an easily exploitable backdoor (Update 2: Qualcomm responds)

August 10, 2025

Update #2 (11/15) 14:09 EST:Qualcomm has reached out toAndroid Authorityto clarify some details on the EngineerMode app. A Qualcomm spokesperson says:

Update (11/14) 17:03 EST:OnePlus has responded to earlier claims about Qualcomm’s EngineerMode app including an easily exploitable backdoor for hackers. In a poston the OnePlus forums, OxygenOS team memberOmegaHsutried to shed some light on the app in question and what exactly the company plans to do about it.

Article image

In the statement, OnePlus is claiming what we already knew— that the EngineerMode app allows anyone to access root privileges without much effort. However, USB debugging (which is off by default) needs to be turned on for root access to be achieved, which means people will have a harder time hacking into your phone if they don’t have physical access to it. Additionally, the app does not give third-party applications full root privileges.

Still, this is a pretty big security concern, which is why the company plans to remove the adb root function from the app in an upcoming OTA.

The full statement can be found below:

We’ll be sure to let you know when OnePlus issues this OTA.

Original story (11/14) 07:48 EST:A developer has found a way to gain root access to a OnePlus device by exploiting an app designed for factory testing. The developer, who uses the name Elliot Alderson on Twitter (after the Mr Robot TV show lead), posted a series tweets yesterday outlining the steps taken to achieve the privileges.

The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it’s called EngineerMode and arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searchingSettings > Apps > Menu > Show system apps, and then search “EngineerMode” in the app list). It’s used to run system tests for things like GPS, vibration, screen brightness, and also root checking.

EngineerMode has been known about for a while, but the risks it presents weren’t known until after Alderson did some digging. The developer discovered a password-protected backdoor within the app’s code, which he was able to work around to gain root access — a big enough problem to begin with for OnePlus in terms of security. But that was before some smartfolks chimed inhaving discovered the actual password (it’s Angela, which, coincidentally, is also likely a Mr Robot reference).

This means root access can be achieved using just one command line — giving hackers the potential to cause harm without much work. It’s not something that could be achieved remotely, however, you would need the physical OnePlus device connected to a computer running the Android Debug Bridge (ADB) to exploit the vulnerability.

This nonetheless raises questions over why is the device shipping with this app (presumably it has just been overlooked) and whether it’s available on other Qualcomm devices.

Alderson said that he wouldpublish an appsoon to allow users to simply gain root access to their devices. Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue.

We’ve also we’ve reached out to OnePlus and will update this story when we receive comment.

Thank you for being part of our community. Read ourComment Policybefore posting.