Thursday , August 17 2017

OnePlus 2 units from Kogan pre-loaded with malware; other phones may be affected

Kogan_logo

Well-known Australian online retailer Kogan, named for its founder Ruslan Kogan, appears to have had a bit of an issue of late. They do a lot of things that are really cool, like sourcing hard-to-get handsets and making them available to Australian consumers (amongst all the televisions and other things they do), but it seems more recently, they’ve run into some hot water with selling the OnePlus 2.

This all starts, you see, because the OnePlus 2 is harder to get hands on than most other phones. Kogan found success in selling more mainstream handsets that were widely available elsewhere, but not in Australia. The OnePlus 2, on the other hand, isn’t widely available anywhere, and that’s where this gets sticky.

Customers flocked to Kogan’s website when news hit that they’d sell the OnePlus 2, perhaps without wondering where Kogan would actually get their hands on the devices to sell to consumers.

We’ve heard stories of a few customers now, including Dev, who received the OnePlus 2 from Kogan and all was not well. In Dev’s words:

“The OnePlus 2 ships with Oxygen OS, which is a near-stock experience of Android with minor changes. However, scrolling through the pre-installed apps on the device, I found a surprising amount of bloatware. Apps like ‘Clean Master’, notorious for containing adware, and some others that I hadn’t previously heard of, such as ‘Magic Photo’, ‘DC Share’, ‘KK Browser’, and ‘Search’ (not Google Search, but a third party app) to name a few. I found this particularly odd, as Oxygen OS out of the box only contains the default Google Apps (Maps, Search, YouTube, Messenger, etc.) The number of third-party apps pre-installed on the device indicated something else. In addition to this, the “System Update” option usually in the “About” setting of the phone, was missing, so I could not even perform a software update.”

At first, Kogan didn’t pay much attention to Dev’s complaints when he tweeted them last week. Their response seemed a little flippant:

Dev took the issue to Reddit, and quickly found that others had found the same kind of issues:

1-Ox5jli9lzChjwuKx1q8o4g
Source: https://www.reddit.com/r/oneplus/comments/3ntv6p/op2_bloatware_kogan_australia/cvsawxi

As if adware coming preinstalled on the phone wasn’t bad enough — it shouldn’t have had any — other users reported finding worse, including actual malware which could really compromise a device (though it’s noted this user did not buy their phone from Kogan):

https://www.reddit.com/r/oneplus/comments/3ntv6p/op2_bloatware_kogan_australia/cvt95hu
Source: https://www.reddit.com/r/oneplus/comments/3ntv6p/op2_bloatware_kogan_australia/cvt95hu

 

https://www.reddit.com/r/oneplus/comments/3ntv6p/op2_bloatware_kogan_australia/cvtfzd3
Source: https://www.reddit.com/r/oneplus/comments/3ntv6p/op2_bloatware_kogan_australia/cvtfzd3

This suggests that there was an issue further back in the supply chain, perhaps Kogan’s supplier was playing a risky game with handsets they were on-supplying to Kogan. There’s a bit of an explanation on Dev’s blog about the impact of this malware, but that’s really not the point here. What is the point, as Dev says:

“The sad truth of the matter is, of the tens of thousands of OnePlus 2 devices shipped from Kogan’s warehouses over the past few months, no one knows how many of them contained a modified firmware. Many users will never know what apps ‘should’ ship with their device, what is safe, and what is unsafe. It is the responsibility of the re-seller to ensure that the device they are selling is one which they are liable for.”

We’ve been following this story and speaking to Kogan to find out what’s going on. We didn’t want to write a story without digging a bit further, and so we raised our questions with Sling and Stone, who are Kogan’s public relations firm. We did this with integrity in mind; it’s not our practice to publish negative things about anyone without giving them an opportunity to comment.

Unfortunately, while we received a response, it didn’t give us much to work with. Kogan provided a quote from Ruslan, stating:

“We have been made aware of the issue and we take these things very seriously. We are investigating with the distributor and are asking the customer to return the phone to confirm the issue.”

A fairly generic response, but it showed that Kogan were doing something about it.

However, there’s been a bit more to it. Since Dev took to the Internet to resolve his issue, there have been two major developments:

  • Firstly, as of 13 October, Kogan has removed the OnePlus 2 from sale from its website. This is good for customers going forward, but there’s two issues — what about the existing customers who’ve already bought one, and what about the other phones that appear to be affected from other manufacturers?
  • As of 14 October, Kogan have decided it was their supplier of the OnePlus 2 (a new supplier, they add) that is responsible for adding malware and adware to the OnePlus 2 handsets, and so they’ve ceased dealings with that supplier. Further, customers who’ve bought a OnePlus 2 are being contacted by Kogan to be offered refunds, returns, or other options to repair their phones to a safe and saleable state.

It’s not exactly a good news story, and it highlights the risks of purchasing phones from unofficial channels. While in many instances the kinds of issues that Kogan has experienced with the OnePlus 2 probably won’t arise, it does show that without an official supply chain, there’s a number of places in the process where mischief can occur.

We’re investigating a further story related to this, which we’ll be reporting on shortly.

Ausdroid sought and received comment from Kogan via their PR firm as noted above. Ausdroid sought comment from OnePlus 2 but none was received by the time of publication.

 
Source: Dev on Medium.

Chris Rowland   Editor and Publisher

Join the Ausdroid Conversation

19 Comments on "OnePlus 2 units from Kogan pre-loaded with malware; other phones may be affected"

avatar
Sort by:   newest | oldest | most voted
Rice_Samurai
Valued Guest
Rice_Samurai
Hey guys, do you know how to remove these preinstalled bloat/malware apps e.g. Clean Master? When Android first appeared they were somewhat useful, but very quickly all memory management apps became obsolete. Clean Master kept tormenting me with constant notifications about my OP2 being overloaded for whatever reason, so I turned them all off. However, just now I noticed that all the settings “magically” turned themselves on. I have no idea what caused it as I did not reset the device and I did not restart it. Is it possible to remove these apps without rooting or is it a… Read more »
Mohaymen
Valued Guest
Mohaymen

Is there any way to confirm that other phones are not affected? This is quite upsetting! I almost decided to buy a new nexus phone from Kogan! 🙁

D47x
Valued Guest
D47x

It is like this with every seller that claims you can buy a oneplus device without an invite. I bought mine from DWI and it’s the same story with kogan, pre-flashed oxygen OS but comes with malware. It’s been like this since the OPO days. The units they all sold are Chinese models of the oneplus that originally came with Hydrogen OS

jdt1986
Valued Guest
jdt1986

Hopefully all this negative publicity will make Kogan clean up their act and be more careful when it comes to stocking and selling international devices…

Member

drawing a long bow… or connecting dots… RE Kogans listed price of the Nexus 5x and 6p undercutting the google play store price.
It might just well be the US stock and managing to skip the OZ tax. Time will tell.

SachmoJoe
Valued Guest
SachmoJoe
I recently had a similar experience, albeit from an eBay store, not a big seller like Kogan. I bought a Sony Xperia T as a cheap phone for my wife, it was their 2012 flagship but I got it apparently brand new for $140. I say apparently because as soon as I saw the original packaging I could tell it had been opened. Turning on the phone, it was already set up ie no first time setup dialogues etc. I even saw a one click root app installed. I did a factory reset and gave it to my wife to… Read more »
Member

Off topic , but the T is a phone from an earlier age. It’s the Bond phone from the previous movie and the world has moved along a good deal since then.

SachmoJoe
Valued Guest
SachmoJoe

You’re 100% right about that. I figured since it was contemporary with the Nexus 4 and very similar spec-wise (same screen res, same chipset) that it would be a similar experience, but I was very wrong indeed.

Chris
Valued Guest

If it’s too cheap (or too good to be true) you know there’s a catch.

There’s always a catch.

Member

Ahh, I have bought perhaps half a dozen phones from Kogan for my family over the years. They are a default place to look.

I’d really like to understand this.
Is it just a thing that happens with Chinese phones, or can it happen buying an Xperia?

You better be cleaning up your suppliers Koges. Don’t sweep it under the rug. I want be able to buy from you again.

Chris
Valued Guest

Less likely to happen with a Sony, or with any phone that’s more widely available.

There’s other stuff in that Reddit about why people might want to avoid Kogan, but at least Xperia phones should be free of malware issues.

Member

I haven’t had trouble with them. I accept that buying from Kogan or eBay means warranties aren’t trustworthy. I accept its a bit dodgy. I just don’t want outright viruses.

Pumpino
Valued Guest
Pumpino

I guess the fortunate thing with it being the OPT is that most people that choose it will be geeks like us, and will therefore flash new firmware. However, shipping phones with dodgy apps that also disables the ability to download OS updates is criminal. I’ve never liked Kogan, but if they really are contacting customers, then at least they’re doing all they can.

Member

I really appreciate AusDroids efforts here. Unless the media gets involved with these things, us lonely consumers haven’t got a hope. I’m totally turned off grey imports now. How quickly I hear of Kogan replacing/refunding current owners will determine if I ever buy anything from them in the future.

Chris
Valued Guest

Look, we’ve seen a lot of negative experiences referencing Kogan, but without being able to verify any of them, it’s not something we want to spend a lot of time on. This issue — modified phones being sold — is something we can verify and report on … but I have to say, in our research on this, I’ve been put off grey importers too. Just not worth the risk.

Member

tuesdev (the OP) also said this about Kogan:

“the problem lies with multiple devices they’ve sold and not just the OnePlus 2”

Andrew
Valued Guest
Andrew

Kogan has always had issues with devices.

Member

Who knows what other devices (other than OnePlus 2) have been tampered with by suppliers of Kogan, and other grey importers. Consumers like my dad and grandma (who can’t tell the difference between a phone and a bar of soap) will never know.

Dev
Valued Guest
OP here. “How easy is it for a middleman to break the seal, install malware, then reseal the box? Would my grandma know the difference?” Pretty easy in this instance. Kogan have multiple responses as to why a seal may be broken or previously opened: a) They need to add a local Australian adapter (rubbish, can be supplied without needing to open the box and place it inside) b) (More likely) They have various suppliers, and so some supplier have other country firmwares on the device (let’s say the Chinese Hydrogen OS for the OP2) and so they open the… Read more »
wpDiscuz

Check Also

Nokia 8 launches with flagship specs and features at a wallet-friendly price – $899 from early September

HMD Global overnight announced the addition of the Nokia 8 to their growing range of …