Google Play Protect warns of a potentially harmful app in OxygenOS 5.0.1 for OnePlus 3 / 3T

The Android Oreo update of OnePlus 3 and 3T comes from last month in the form of OxygenOS 5.0. The company announced a few hours ago the availability of OxygenOS 5.0.1. That adds support for Qualcomm’s aptX HD Bluetooth audio codec. That is a new adaptive screen calibration mode, December security patches and much more.

OxygenOS, Google Play Protect warns of a potentially harmful app in OxygenOS 5.0.1 for OnePlus 3 / 3T, Optocrypto

Google Play Protect warns of a potentially harmful app in OxygenOS 5.0.1 for OnePlus 3 / 3T

Also, numerous users have received a message from Google Play Protect. So, asking them to uninstall a “harmful application” called “FactoryMode.”

Numerous user reports in the OnePlus and Reddit forums show that this message seems to be very widespread. The signal indicates that the FactoryMode application “contains a code that attempts to bypass Android’s security protections.”

That is a very vague message, but it sounds quite disturbing. So, what is happening? 

Apparently,  FactoryMode replaces the app previously known as EngineerMode. That is the pre-installed system application that can exploit by a user with physical access to the device to obtain root access. Ultimately, OnePlus removed the code responsible for this method from being root. And also decided to remove EngineerMode and rename it FactoryMode.

For some reason, Google Play Protect has determined that there is still some code in the FactoryMode application that is potentially harmful to security.

Google Play Protect

Google Play Protect works by scanning the application code and searching for fingerprints that match a known collection of corrupt systems. It is not perfect, but the database is continually growing and is inaccessible to users to hide what Google can detect.

As such, Play Protect does not specify which code of an application is considered harmful. In the past, legitimate applications have triggered this message. So it is possible that something similar happens with the FactoryMode application. After all, the FactoryMode application is in the system application. So it has more privileges than a standard Android app.

That is pointing to FactoryMode as a malicious application. And we hope that OnePlus has an answer on this matter shortly. | Source: XDA