Affiliate links on Android Authority may earn us a commission. Learn more.
Why did the OnePlus 3T's Oreo beta send clipboard data to an Alibaba server? (Updated)
Using a tool called mitmproxy, a Redditor was able to take a look everything being transferred from their OnePlus 3 phone when using the clipboard to help make some guesses about what it's for.
Critically, it appears that there is no sensitive information being sent to the Alibaba server, but instead, the communication seems to relate to a "Smart Clipboard" feature that would help save time when performing certain actions. Similar to how the Google Translate app's "tap to translate" feature works, this process could help save time if it recognized a URL, or specific e-commerce content, had been copied.
Apparently, TaoBao—an Alibaba-owned company which operates a Chinese store similar to Amazon's—can make use of this e-commerce content copied in messages (perhaps when someone shares a link to the Taobao site in a chat app). This is why it would have originally been included in the HydrogenOS (Chinese) OnePlus operating system, pinging the Alibaba server when something is copied.
We're still light on details regarding exactly what this is used for, however. While the Smart Clipboard feature is said to be a time-saver, Taobao's usage of it may not relate to ease of use on the users part, but could be of a more self-serving nature. OnePlus really could have been more clear in its original explanation on this.
Original coverage (01/11): A user that goes by the name of v1nc recently posted on the OnePlus forums to say that a new system app was displaying odd behavior during the OnePlus 3T Oreo beta. Normally this wouldn’t be news, because it is a beta, after all, and the app doesn’t exist in stable builds of OxygenOS. But, according to v1nc, the app named “com.oneplus.clipboard” attempted to access the network to communicate with an outside server. The IP address points towards an Alibaba-owned server.
Our OnePlus beta program is designed to test new features with a selection of our community. This particular feature was intended for HydrogenOS, our operating system for the China market. We will be updating our global OxygenOS beta to remove this feature.
According to that representative, the data was not stored “on any server.” They also claimed that “this feature is not uncommon for China users.”
This statement leaves us with almost as many questions as when we started. What was Alibaba doing with that data? If the company is going to the trouble of harvesting clipboard data, why wasn’t it being saved? If the “feature” is only for HydrogenOS builds, how did it end up in an OxygenOS beta build just after the December security update was applied?
These are all questions that have answers, and we feel like OnePlus should be more transparent with its community on this issue. Right now, we have no idea what kind of impact selling this type of data has. This issue could be (and probably is) a big nothingburger. But because OnePlus got caught doing it and released a vague statement, it’s raised concerns.