The "Silent" SMS Backdoor (CVE-2025-10184) high-severity security vulnerability was disclosed by researchers at Rapid7 in late 2025, this vulnerability affected OxygenOS 12 through 15. It wasn't just a simple bug; it was a fundamental architectural failure. • Permission Bypass: OnePlus added highly unusual and unnecessary custom "Telephony" code into the messaging system that didn't have permission checks and bypassed the standard Android security walls. • Silent Access: Any app you download literally a flashlight app or a basic game could silently read all your SMS/MMS data without asking for permission. • Broken MFA: If you use SMS for 2FA (like for PayPal or your bank), a malicious app could scrape your login codes in real-time and exfiltrate them. You wouldn't even see a notification. • Negligence: Rapid7 researchers tried to contact OnePlus privately in May 2025. OnePlus ignored them for 5 months, only acknowledging the issue after the researchers went public in September. Stick with your Pixels and Samsungs, folks; your privacy and security are worth far more than flashy, gimmicky features.   submitted by   /u/StylishJolt [link]   [comments]