The app in question is a system app that was apparently made by Qualcomm and customized by OnePlus; it's called EngineerMode and arrives pre-installed on OnePlus devices like the OnePlus 5, 3T and 3 (you can find it yourself searching Settings Apps Menu Show system apps, and then search "EngineerMode" in the app list).
OnePlus has still to fully recover from the data collection allegations it faced last month, and now fresh allegations have surfaced over user privacy. Now, another potential threat has arisen on OnePlus devices as an app on several of the company's phones has been revealed to carry root access.
The app can diagnose Global Positioning System, check the root status, perform a series of automated tests, and more. They are able to gain root if they have a password to bypass privilege escalation checks. But the team proved it can be done without a whole lot effort, which in turn leaves a lot of OnePlus devices vulnerable.
Now, on its own, this app can't do anything malicious; it's a powerful tool intended for device testing and maintenance.
Getting root access to a smartphone allows a hacker to access "superuser" mode, making it extremely easy to inject malware with surveillance capabilities. Speaking to Hindustan Times, Alderson said, "This loophole is a backdoor".
The application in question is EngineerMode, in which its objective is to test Qualcomm processors easily. The app gives unprecedented access to a host of security-sensitive features of your phone, with the worst offender being the "all clear" command, which would erase all data on the phone, internal storage and all.
Thanks for the heads up, we're looking into it. Meanwhile, OnePlus co-founder Carl Pei has already announced that OnePlus is investigating the issue. At the time, OnePlus stated that the whole goal of collecting data was to improve the service.