A critical security flaw with the Shot on OnePlus app leaks hundreds of users email address. The flaw resides in the API that used to host the photos. The API hosted on open.oneplus.net is insecure and can be accessed by anyone who has the access token. It is unclear for how long the app is leaking the details; 9to5Google believes that it was leaking the data since its release. Another critical vulnerability with the leak is the OnePlus gid which used to identify the user; the gid is an alphanumeric code which is used by the API to find photos.”]
Source: https://gbhackers.com/shot-on-oneplus-leaks-email-address/