Krishnamoorthi, Moolenaar Urge Commerce to Investigate OnePlus Over Potential Security Risks and Transmission of Sensitive U.S. Data to China

June 30, 2025
Press Release

WASHINGTON, D.C. – Today, Ranking Member Raja Krishnamoorthi (D-IL) and Chairman John Moolenaar (R-MI) of the House Select Committee on the Strategic Competition between the United States and the Chinese Communist Party (CCP) sent a bipartisan letter to Commerce Secretary Howard Lutnick requesting a formal investigation into serious national security and privacy concerns related to OnePlus smartphones.

OnePlus is a consumer electronics company domiciled in the People’s Republic of China (PRC), with its devices widely available for purchase in the U.S. through major retailers and mobile carriers. The letter from Chairman Moolenaar and Ranking Member Krishnamoorthi outlines troubling findings reviewed by the Select Committee indicating that OnePlus devices may potentially collect and transmit sensitive user data—including screenshots and personal information—without consent, and in ways that could expose American users to PRC surveillance.

The Members wrote that “more recent and detailed technical analysis reviewed by the Committee has further substantiated related potential concerns.” Specifically, they noted that “within minutes of activation, a OnePlus 12 device transmitted user data to servers hosted on U.S.-based cloud infrastructure but managed by entities controlled by OnePlus, OPPO, and HeyTap.” They emphasized that “these entities are legally based in Shenzhen, PRC and Singapore, highlighting the potential for foreign access to sensitive U.S. user data.”

The Members further cited static code analysis which “identified embedded software within OnePlus firmware [that] appears to be explicitly capable of silently capturing screenshots without user awareness or consent.” They warned that “this intrusive monitoring capability appears to exceed typical device telemetry or debugging and raises significant privacy and security alarms.”

The letter also explained that “encrypted communication initiated by the device's operating system itself—not user-installed applications—appear to establish frequent connections with servers operated by PRC corporations, circumventing user consent and standard security protocols.”

Given the questions raised by these potential concerns, the lawmakers are urging the Department’s Information and Communications Technology and Services (ICTS) program to investigate five key areas:

  1. Identification of any data types collected without user consent.

  2. Verification of all data transmission endpoints, especially connections to PRC infrastructure.

  3. Examination of data-sharing practices with PRC-influenced entities.

  4. Assessment of OnePlus’s compliance with U.S. privacy and cybersecurity laws.

  5. Development of safeguards to protect Americans from unauthorized data collection and exfiltration.

A copy of the letter is available HERE.

###