Parked subdomains indicate OnePlus' digital payments and bootloader unlocking plans
Traversing through DNS records and hammering the international domain of OnePlus – oneplus.com – has revealed some interesting parked subdomain names.
In addition to lending more weight to the long rumored digital payments service by the Chinese OEM, these newly discovered details also suggest the much adored ‘Nexus-like’ bootloader unlock policy will probably be changed.
Users may need to go through a registration procedure to get the permission to unlock the bootloader, similar to Sony or Motorola .
But readers are advised to take it with a slight grain of salt.
Domain parking is not an unusual practice – in fact large entities like companies or government organizations do the same every now and then, which is rather useful for future expansions.
From the perspective of internal information security and ‘leakproofing’, it is usually advised to block external access to those parked domains.
OnePlus has a quirky history of security breaching, thus I decided to use some DNS busting methods on oneplus.com.
And guess what, I did uncover plethora of unused subdomain names which support previous speculations and start new ones.
Average Joe (and Jane) will find the existence of pay.oneplus.com as a fuel to the rumor of much awaited digital payment service by the Chinese company, allegedly called OnePlus Pay by the community.
PiunikaWeb has already covered insights of future software plans by OnePlus, where such possibility of a dedicated payments app/service can be clearly noticed.
Currently the URL redirects to the order history page of OnePlus account with a brief ‘no access’ parameter, (at least in India), but expect some changes soon.
On the other hand, here is something for the nerds and tinkerers – we have discovered two particularly distinct subdomains, namely unlock.oneplus.com and unlockbootloader.oneplus.com.
The former currently shows a generic ‘503 Service Temporarily Unavailable’ but the later ends up being a standard NGINX landing page which seems a clear indication of going live in future.
Will OnePlus follow the footsteps of HTC/Motorola/Sony/Xiaomi and require a token to unlock the bootloader only after registration?
Is this the price enthusiasts need to pay who are going to grab the phones via carrier? Time will tell.
It’s worth mentioning that the URL of the mystery event (named Crackables), being conducted by OnePlus and Google, was discovered independently by us too, few moments after the official tweet became public.
We used mostly SubFinder and Amass, compiling them from source (because latest available binaries of Amass are incompatible with Windows 10), brute-forcing with custom wordlist while binge-watching our favourite series 🙂
What to do you think about these revelations? Are you looking forward to a OnePlus mobile payments service? Let us know your thoughts in comments below.
PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.