If you use a OnePlus smartphone might have noticed a ‘Shot on OnePlus’ application, which can be accessed via the wallpaper selection menu. The feature enables OnePlus users to set images as wallpapers that were captured via OnePlus phones, and a new wallpaper is added to it every day. 9to5Google has reported discovering a major bug in the option that is leaking email id of users online. OnePlus is said to use an API to facilitate connectivity between its server and the Shot on OnePlus app. This API is hosted on open.oneplus.net and is reportedly insecure as it can be accessed by anyone who has an access token. This access token can apparently be retrieved via an unencrypted key and the token and the key is said to be alphanumeric codes.