Source: The OnePlus 6 will offer Cat.16 LTE for Gigabit Speeds

OnePlus’ next flagship smartphone, the OnePlus 6, will be launching in Q2 2018. There is little information that we know about the device at this time. For starters, we’ve learned that it will feature the latest Qualcomm Snapdragon 845 system-on-chip. It’ll very likely launch with Android Oreo on board (meaning it supports Project Treble). Finally, there is evidence that the OnePlus flagship will adopt a 19:9 notched display according to a leaked benchmark and the latest OnePlus 5T firmware.

Today, we have additional information to share on the upcoming OnePlus 6. According to our trusted source, the device will be the first from the company with Gigabit LTE connectivity (Cat. 16). Thus, not only will the device be a physical powerhouse with the latest Snapdragon, it will also be the fastest OnePlus device in terms of data throughput.

Device Maximum Speed
OnePlus 6 Cat. 16 (1000 Mbps)
OnePlus 5T Cat. 12 (600 Mbps)
OnePlus 5 Cat. 12 (600 Mbps)
OnePlus 3T Cat. 6 (300 Mbps)
OnePlus 3 Cat. 6 (300 Mbps)

Table comparing OnePlus smartphone LTE data speeds

What exactly will this mean for potential owners of the new device? It means that in countries which offer better 4G availability and average speeds, your device will be better suited to utilize the peak download/upload speeds. We’re not quite at the point where 5G is a thing—the OnePlus 6 won’t support 5G, but a potential successor with the Qualcomm Snapdragon 855+Snapdragon X50 Modem will. Indeed, OnePlus and Qualcomm are already known to be collaborating on such an effort.

That said, the OnePlus 6 achieving theoretical Gigabit LTE throughput should not be seen as outdated in light of the (upcoming) advancements in 5G technology. Rather, the device is taking advantage of the best connectivity technology that is both currently on the market and actually useful for day-to-day, today and in the near future.

For more reading on Gigabit LTE vs. 5G, I recommend you read this excellent piece by Robert Triggs from AndroidAuthority.

OnePlus 3/3T OxygenOS Open Beta brings February Security Patches

The OnePlus 3 and the OnePlus 3T are not the newest OnePlus flagship phones anymore, but that doesn’t mean OnePlus has abandoned them. Instead, the company released the Android 8.0 Oreo update for the phones before the OnePlus 5 and the OnePlus 5T received the update. OnePlus has also committed to rolling out the Android 8.1 Oreo update for the phones, although that will be the last Android version update for the OnePlus 3 and the OnePlus 3T.

Currently, the OnePlus 3 and the OnePlus 3T are powered by OxygenOS 5.0 on top of Android 8.0 Oreo. A few days after releasing Android 8.1 Oreo-based Open Beta builds for the OnePlus 5 and the OnePlus 5T, OnePlus is back with OxygenOS Open Beta 32 and 23 for the OnePlus 3 and the OnePlus 3T. However, these builds are not based on Android 8.1 Oreo, which means that for the first time, the Open Beta builds for the OnePlus 5/5T are based on a newer Android version compared to the Open Beta builds for the OnePlus 3/3T.

The lack of Android 8.1 Oreo doesn’t mean that the Open Beta builds are free from changes and improvements, though. The OnePlus 3/3T gets the new auto pick up gesture in the Phone app, which allows users to answer an incoming call by raising the phone.

There is a new version for the Gallery app (v2.5), which has a new design for the Collections tab. The new version of the Gallery app has also added a reorder function for Collections, as well as the ability to add recently added Collection.

OnePlus Switch gains a new option to migrate application data with the update, which should prove helpful at the time of switching devices. The Android security patch has been updated to the February security patch. Finally, general bug fixes and improvements are included.

Here is the full changelog:

  • Phone
    New auto pick up gesture – answer an incoming call by raising the phone
  • Gallery V2.5
    New design for Collections tab
    Added reorder function for Collections
    Added recently deleted Collection
  • OnePlus Switch
  • Added support to migrate application data, allowing you to switch between devices seamlessly
  • System
    Updated Android security patch to 2018-02
    General bug fixes and improvements

Users are advised to keep in mind that the Open Beta builds are beta software, which means they’re not as stable as official OTA updates, and are expected to have bugs.

A reminder: If users have already flashed an Open Beta build and are running the latest Open Beta, they will receive the new build as an OTA update. If they want to migrate to the Open Beta path, they can download and flash the full ROM. It should be noted here that migrating to the Open Beta path results in the user continuing to receive Open Beta OTA updates instead of Official Stable OTA updates. Moving back to the official OTA path will require a full wipe of all data and cache.

Source: OnePlus

OnePlus 3/3T receiving a new Open Beta update

The OnePlus 3/3T has received a steady stream of updates since it launched almost 2 years ago. In fact, the phones have already received Android 8.0 Oreo. With that, users are already looking toward the next big update, with recent Open Betas bringing coveted features like OnePlus’ insanely fast Face Unlock.

And although it’s not Android 8.1, a new Open Beta update is rolling out to 3/3T, giving us a sneak preview into what the company has planned for the future official over-the-air update. It’s nothing groundbreaking, but there are a handful of changes here users will no doubt welcome. Here’s what’s new:


  • New auto pick up gesture (answer an incoming call by raising the phone)

Gallery V2.5

  • New design for Collections tab
  • Added reorder function for Collections
  • Added recently deleted Collection

OnePlus Switch

  • Added support to migrate application data, allowing you to switch between devices seamlessly


  • Updated Android security patch to 2018-02
  • General bug fixes and improvements

The update will rollout over-the-air for those already enrolled in the Open Beta. For those that haven’t enrolled, the process just involves flashing the ROM manually. If you’re willing to take the plunge, you can do so by visiting OnePlus’ downloads page here.

Unlike betas on devices like the Pixel or Samsung Galaxy S8, OnePlus betas wont receive regular stable updates once the beta is complete — ever. You’ll have to perform a clean install/flash of the stable ROM to get back to the official OTAs.

OnePlus mentions they have another “OxygenOS Open Ears Forum” event planned for April 7th in San Francisco, so if you’d like to attend and help provide feedback with employees face-to-face, sign up for the event before March 14th by filling out an application here.

via OnePlus Forums

LineageOS 15.1 based on Android 8.1 Oreo has been officially announced

Following the demise of CyanogenMod at the end of 2016, its successor, LineageOS, has seen a meteoric rise in popularity. The project grew to support over 180 devices reaching over 1.8 million users thanks to the help of 700+ contributors. Now, the team is ready to move on to its next big milestone: re-basing on Android 8.1 Oreo. After teasing us back in December, the team has today announced that LineageOS 15.1 is ready.

The most widely-installed Android custom ROM now offers all of the features that Android 8.0 and Android 8.1 Oreo bring to the table. That means notification channels and snoozing, picture-in-picture mode, support for the Autofill Framework, better background app and service limitations for improved memory performance/battery, smart text selection, and much, much more. Not to mention, there are also all of the features that LineageOS offers on top such as Privacy Guard, Live Display, and more which you can read about in our accompanying article.

LineageOS 15.1 Feature List Overview

With the introduction of LineageOS 15.1, the team also has another major announcement. They are officially introducing the Device Support Requirements Charter, a document which outlines all of the requirements that a build of LineageOS and its maintainer must meet in order for a build to be deemed “official.” This is a crucial step forward for the team as it clearly demonstrates the team’s commitment to quality. The document itself isn’t too long, but in general it ensures that an official build of LineageOS 15.1 supports all basic hardware as is possible as well as receives patches against all high profile security vulnerabilities.

Now, on to the actual devices that were announced to support LineageOS 15.1. Currently, the list isn’t that large in the first go-around, but given time more developers are likely to add to this list as they complete the device bring-up and meet the requirements laid out in the Device Support Requirements Charter. Specifically, we’re told that several devices are unable to receive LOS 15.1 due to a lack of support for a working HAL1 camera recorder, but they’re working on it. Also, though LOS 15.1 was announced today, the nightly builds won’t be ready until Monday when their build server starts making them.

List of Devices with Initial Official LineageOS 15.1 Support


Before you can install any of these builds (once they go live), you will need to unlock the bootloader of your device and also flash a custom recovery such as TWRP.

As usual, official LineageOS builds do not ship with superuser binaries pre-installed. Instead, you will need to also install one of the files listed here depending on your phone’s SoC architecture. Alternatively, you can install Magisk or SuperSU as well.

As for Google apps, they don’t come pre-installed on LineageOS 15.1 builds. Open Gapps currently doesn’t offer Android 8.1 Gapps (specifically, the SetupWizard APK is still 8.0), so the team recommends you grab them from MindTheGapps right here.

Finally, before you go flashing any of these builds, it is always recommended that you make a backup of your apps and data. The most recommended way is to use an app such as Titanium Backup or a free alternative like oandbackup. Both require root access to function.

Now, to actually install the build, that depends on what you currently have installed.

If you are running an OFFICIAL build of LineageOS 14.1, then you can follow these steps without wiping data.

  1. Download the update either from the links above or through the built-in updater app. If you download it from the updater app, you’ll need to use the “export” option in the menu to save the build to your internal storage.
  2. Download the Gapps package and one of the superuser packages linked above.
  3. Boot into recovery.
  4. Format system partition.
  5. Flash the LineageOS 15.1 build, and then the Gapps and superuser package.
  6. Reboot.

If you are NOT running an official build of LineageOS 14.1 (ie. anything else), then you follow the same set of above instructions except that you must wipe data before flashing.

Hands On + Features

Interested in checking out what LineageOS 15.1 has to offer before installation? Check out Miles’ hands-on video over on our YouTube channel! Also be sure to check out our accompanying article which goes over nearly all of the features that LOS 15.1 has to offer! It even has screenshots for everything and a video to walk you through it!

A Note on Unofficial Builds

Just because your device is not one of the ones listed above doesn’t mean you can’t enjoy LineageOS! Since the project is open source, that means any independent developer can build a custom ROM based off of its source code. However, the quality can wildly vary, so don’t be surprised if you flash an unofficial build and some things break. On the other hand, some unofficial builds are fairly close to being stable and are perfectly acceptable to flash onto your device.

There are many unofficial builds of LineageOS on our forums, and what works or doesn’t work is largely device-dependent. Please read over the original post in any forum thread before you proceed with flashing a custom ROM on your device—it’ll save you a lot of headache!

New Wallpapers

With a new release come a new set of wallpapers! These wallpapers are all sourced from Unsplash. You can take a look at the wallpapers below in case you’re interested in using them on a non-LineageOS build. You can also download them below. Take note that we’re providing the raw wallpapers that are not rotated, so they’re also perfect for your desktop monitor!

LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper LineageOS 15.1 Wallpaper

Download LineageOS 15.1 Official Wallpapers

Support LineageOS

The developers who work on this do so in their spare time and without pay, so please consider supporting the project in whatever way you can. You can show them support by following them on all of their official social media channels listed below, or by donating to them below.

Exploit Targets Qualcomm’s EDL Mode, Affects Some Xiaomi, OnePlus, Nokia and other Devices

Devices with Qualcomm chipsets have a Primary Bootloader (PBL) which typically boots the Android system, but also houses an alternative boot mode known as EDL mode. EDL mode is Qualcomm’s Emergency Download Mode and allows an Original Equipment Manufacturer (OEM) to force flash software on a device. This cannot be modified (read-only mode) and has full control over the device’s storage. Many OEMs including OnePlus and Xiaomi have released tools (known as programmers) which utilize EDL mode and a protocol known as Firehose to unbrick a device, while other tools from companies such as Nokia have leaked. Firehose can utilize a number of commands to flash devices, along with the ability to examine the data within a device’s memory. Security researchers Roee Hay (@roeehay) and Noam Hadad from Aleph Research have discovered critical device vulnerabilities using this mode, which effectively grants an attacker full device access.

It’s important to note that this exploit requires physical access to the device, but it’s still incredibly dangerous and likely cannot be patched. The attackers utilized the level of access granted to the EDL mode to bypass secure-boot on a Nokia 6, defeating the chain of trust and gaining full code execution across every part of the boot sequence including the Android OS itself. It is theorized to work the same way on other devices, and the researchers also managed to unlock and root multiple Xiaomi devices without any data loss.

What devices are affected by this exploit?

Firstly, the devices which are affected.

List of devices affected.

Exploiting an Android Phone

The Boot Sequence of a Typical Android Qualcomm Phone

It is important to first understand the boot sequence of a typical Android device before explaining how it can be exploited. The Software Bootloader (SBL) is a digitally signed bootloader which is checked for authenticity before being loaded into imem. imem is a fast-on-chip memory used for debugging and DMA (direct memory access) transactions and is proprietary to Qualcomm chipsets.

Some devices have an eXtensible Bootloader (XBL) instead of an SBL, but the boot process is pretty much the same. The SBL or XBL then launches ABOOT, which implements fastboot.  Following this, TrustZone (hardware-based security) is also loaded. TrustZone checks the authenticity of ABOOT by way of a hardware-based root certificate. The SBL (or XBL, in some cases) is designed to reject an incorrectly signed (or unsigned) ABOOT.

Once authenticated, ABOOT then checks /boot and /recovery for authenticity before launching the Linux kernel. Some system preparations are done, and then code execution is transferred over to the kernel. ABOOT is commonly known as the “Android Bootloader,” and when we unlock the bootloader of a device, we are disabling this authenticity check in ABOOT.

Boot sequence of a standard Android device visualised. // Source: Aleph Research

Accessing EDL Mode

While some devices have a simple hardware combination (or worse, a simple proprietary fastboot command present in many Xiaomi devices), others, such as Nokia devices, need to short pins known as “test points” present on the device’s main board. It also used to be possible, before the December 2017 security patch, to simply run “adb reboot edl” on many devices (including the Nexus 6 and 6P) and enter EDL mode. This has since been fixed.

Test points are shown in a drawn-on yellow box at the bottom of the device’s mainboard. // Source: Aleph Research

Other devices can also use what’s known as a “deep flash” cable, which is a special cable with certain pins shorted to tell the system to instead boot into EDL mode. Old Xiaomi devices can utilize this method, along with the Nokia 5 and Nokia 6. Other devices will also boot into EDL mode when they fail to verify the SBL.

A deep flash cable

Utilizing EDL Mode to Gain Full Access on a OnePlus 3/3T

EDL Mode can be utilized in a number of ways on a device, mostly for unbricking devices by force flashing them. As explained above, it should theoretically be safe for anybody to access this mode, as the worse case scenario is that ABOOT will reject software that isn’t officially signed by the manufacturer. While this is true, it’s actually possible to gain complete control over a OnePlus 3 or 3T and its files in a proof of concept exploit shown by the researchers.

This will be done through two very dangerous commands which OnePlus left accessible in an older version of ABOOT (the Android bootloader), in order to unlock the device’s bootloader (without a warning being shown to the user on boot) and disable dm_verity. dm_verity is also known as verified boot and is part of a safe boot-up sequence on an Android device.  The two commands are as follows.

fastboot oem disable_dm_verity
fastboot oem 4F500301/2

Observe the simple, 4 step process below which utilises the Firehose protocol.

  1. First, boot the device into EDL mode. This can either be done through adb on OxygenOS 5.0 or lower or by using a simple hardware key combination.
  2. Download an old system image of below OxygenOS 4.0.2.
  3. Flash aboot.bin through firehose (remember that aboot.bin implements fastboot, as we mentioned earlier)
  4. You will now be able to disable secure boot and unlock the bootloader without wiping the device simply by using the two fastboot commands above.

If you remember, OnePlus was previously found to have left two dangerous fastboot commands nearly a year ago, one which unlocked the bootloader and one which disabled secure boot. While it’s true that an attacker can not install malicious software on the device, they can downgrade the device to have older, vulnerable to attack software. Simply by running the above fastboot commands, an attacker can have full access to the device.

And that’s it, the bootloader is unlocked, secure boot is switched off and there is absolutely no data loss. If an attacker wished to take this a step further, they could flash a malicious custom kernel which enables root access to the device which the user would never know about.

Firehose works through the Qualcomm Sahara protocol, which accepts an OEM-signed programmer and is how the above attack would be carried out. When connected to a device, it acts as an SBL over USB. Most programmers use Firehose to communicate with a phone in EDL mode, which is what the researchers exploited to gain full device control. The researchers also used this to unlock a Xiaomi device simply by flashing a modified image which unlocked the bootloader. They then flashed a custom kernel which gave root access and launched SELinux in permissive and also extracted the encrypted userdata image from the device.


It is unknown why OEMs release these programmers from Qualcomm. Nokia, LG, Motorola, and Google programmers leaked rather than being released, yet the researchers managed to break the entire chain of trust on the Nokia 6 and gain full device access through similar methods of exploitation. They are confident the attack can be ported to any device which supports these programmers. If possible, OEMs should make use of hardware qFuses which prevent software rollbacks, by blowing when the device hardware is rolled back and can warn a user that it has taken place. Those interested can take a look at the full research paper below and can read the full Nokia exploitation too.

Source: Aleph Research