The most recent OpenSSL issues are not as severe as the previously disclosed Heartbleed flaw, but they could allow people with fake Wi-Fi hotspots to decrypt certain data flowing through them. While the impact is limited, Android users are a particularly vulnerable group.
OnePlus One may not be a commonly known phone name but that’s because the phone is pretty uncommon in general. At $299 off-contract, the OnePlus One has hardware to rival current flagship handsets at a fraction of the price. And it doesn’t run standard Google Android software; instead, it has custom software called CyanogenMod (CM) pre-installed. For years, the CM enthusiast team offered its custom, easy-to-use version of Android for any phone but is now a company working with hardware partners.
“As you may be aware, a handful of new issues with openSSL were made public on June 5th. We decided to include the correction for those vulnerabilities, in the factory release of the One. A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay. So yes, there was a new build issued at fairly last minute, but it wasn’t due to missing set deadlines or expectations.”
The forthcoming explanation makes complete sense from a customer service standpoint. With so few OnePlus One handsets in buyers hands, it’s smarter and easier to correct the software issue directly on the phones before shipping them. Clearly some OnePlus One buyers will be disappointed by the decision but they’ll have a more secure handset once they finally get their OnePlus One.