Oneplus recently rolled out OxygenOS 5.0 for the OnePlus 3 and 3T devices, based on Android 8.0 aka Oreo. Like it happens with most of the software releases, there were a few bugs which ultimately led to a harmful app warning popup for some users.
A large number of reports appeared on both OnePlus forums and Reddit, proving that a large number of groups got affected by this warning. The warning message stats “contains code that attempts to bypass Android’s security protections.” The message although is quite vague, however, sounds quite concerning to most of the users.
If you’ve used OnePlus device for a while, you might remember this app from its former name “Engineer Mode.” The app was developed to assist device testing while it is in the manufacturing process. The app got a lot of coverage after being published in a security research which outlined how the device could be rooted using this app. The company has patched this since then. But for some reason, google play store protect still determines that there is still some code within the FactoryMode app which is quite harmful to security. The google play protects service works by scanning the code of apps and then comparing it to a database of harmful code fingerprints. It is no way perfect but is growing very rapidly. The whole thing is not accessible to users; thereby users have no clue what Google can detect.
Since the app is used for diagnostic purposes, there would be no harm to your device if you remove it, and there is no need to worry about it.