I used titanium back up to convert the SU app to a user app and after it was done a random pop up came up about USBank asking for SU permission. Has anyone else had this happened? Seems estrange it has happened twice to me second time I was testing it if that was the reason it happened.
I have also had the U.S. Bank app request root access just in normal use, no TB converting involved. Others have noted the same in reviews in the Google Play store. Very strange. Perhaps the app is doing sort of security check to see if the phone is rooted...
Most likely it is checking for the su binary and finding it so it checks to see if it is executable. The blizzard mobile authenticator used to do the same thing and had a warning about running it on rooted devices. For the most part I'm sure it's just a security check.
I've never had the app ask for su permission. Just checked my balance about an hour ago too.
Sent from my SGH-I777 using Tapatalk
Its never asked while using the bank app. Just randomly while using titanium back app. I've always denied excess either way but it just seems estrange.
Related
Thanks to xda main page I download this free app and was shocked to find that most apps wanted to know my location my imei and have access to my contacts.
This app is like uac for windows but better. Give it a try on the market
Sent from my Dell Streak
Does this mean most devs have a big brother fetish?
I downloaded LBE this morning. I'm surprised at just how many apps have phone state and identity as one of the permissions. Question is however whether the apps will update properly without this permission.
I have fring requesting contact information and access to sms twice an hour.
Sent from my Dell Streak
Well, from my limited research, read phone state and identity permission is related to one of three things:
1. Android 1.5 compatibility.
2. Registration check.
3. App needs to be shoved into the background when a call comes in.
The Amazon Appstore reads the phone number whenever you open it. This is because the Appstore needs to know what phone to sideload the.app to. It's currently the only app I have that does this. All my other.apps are free since I don't have spare cash to spend on the Market. So far none of those apps have triggered this permission.
You load tweetcaster pro from amazon that asks for stuff alot
Sent from my Dell Streak
Amazing how many stupid apps need to access stuff that they probably don't need to access. Blocked a BUNCH of garbage today...turned on the phone at 7am, and by 5pm, it had blocked 32 requests.
Lol. Had it installed for an hour, nothing happened until XDA Premium app asked for my IMEI...
sent from XDA Premium app on Streakdroid 1.9.1.4
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Why do people give so little information when they post?
What Chinese apps? (Please provide a screen shot if the app name is in Chinese) .
This sounds really really bad.
Has this happened to any one else?
It should not be possible for this to happen.
Does your phone have any connection with China or have you installed any Chinese software?
If this is happening then you must have done something yourself to start the process. Nothing can install itself without your consent, unless there's malicious software that's bypassing the system and installing for you, but you would have had to install that first.
So, as above, a lot more information is needed. Personally, I'd just do a complete wipe and hard reset and never install anything from untrusted sources again, including warez, 3rd party app stores and the Chinese Market, which is known to have had dodgy software before now.
My friend got an S2 from China and it was preloaded with all those Chinese apps. Examples include QQ Security Suite and some other apps. I used Titanium Backup to uninstall but after each restart, the app re-appears!
I was surprised that Titanium couldn't uninstall. It says it uninstalled successfully but it just re-appears. The only thing I could do is to do a re-flash to a Hong Kong firmware without all those pre-loaded Chinese apps.
But before you wipe everything, please help us try and find out how it happened?
Again has this happened to any one else? Because I want to know if this could happen to my phone!
Mine also did this on stock rom i would uninstall samsung apps reboot and it would reappear on my menu. Is it possible the rom comes with an auto install script for the preloaded apps?
Sent from my GT-I9100 using XDA App
otester said:
I have noticed these chinese apps some how self installing on my S2.
Any idea how to get to the source of these unauthorized installs? (Lookout & AVG & NetQin don't detect them as malicious or find any reason for how they are getting on there).
Currently using KH3 + CFRoot.
Click to expand...
Click to collapse
If you have CF-Root, you have super user installed. Review your permissions. You can also install LBE privacy guard and set permissions for all apps as well, including many system apps (you'll need to 'untrust' them first).
Sent from my GT-I9100 using XDA App
Sorry for the little information guys, was 5am and very tired
I deleted the second incarnation of the app as soon as I saw it (worried about personal details being taken etc.) however it if it reappears again then I will screenshot it.
Virus scanners don't detect them as malicious, when the program opened (after stealth install) I went through it, albeit in Chinese it looked like a legit program and the menu worked etc.
I have market 3.1.3 installed (got the apk off the internet) and a few apps that got removed from the market place (torrent clients and certain games I couldn't find etc.) so it could well have been put in them.
I'm thinking about a hard reset, not using titan backup to avoid it coming back and a re-flash.
Also my phone has no connection with China (purchased in the UK), this has only happened recently.
Is there any more info needed before reset etc.?
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
LouisJB said:
Looks like the suspect apps removed from the market may have been the cause.
Does anybody know if running as root alows all download apps to run with root permissions?
Click to expand...
Click to collapse
Issue is the damage seems to have been done, looks like I have no choice but to reflash etc. Need a virus scanner that has root so it can do a deeper scan.
Superuser is a lot like UAC on Windows Vista/7, it will popup and ask you to allow/deny.
Also is there any way to wipe the device while re flashing to ensure this gets removed?
I found a folder on my Internal Storage "QinqiQuan" (Google Image search pinpoints this as one of the apps) which translates in Chinese to English as "Infringement", however the app itself appears to be a legitimate Chinese social app so I'm not sure of my original concern regarding "Infringement" being copyright related etc.
Another few suspicious folders were "the9GameCenter" & "waze".
In future I'll be sticking the Market and official sites, even if that means doing without certain apps that aren't available on my handset/region
Isnt waze a community based sat nav app?
poults said:
Isnt waze a community based sat nav app?
Click to expand...
Click to collapse
The apps themselves appear legitimate, but I didn't authorize the installs which is what worries me.
I wiped internal storage, wiped data and then re-flashed + CFRooted.
Hopefully what ever it was, won't come back
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
angelomaldito said:
And how about the security in your computer? As we know, you can install an app in your phone via your market account using your computer. Perhaps someone is playing around with your market account. If this is the case, changing your password would be a good idea.
Sent from my GT-I9100 using XDA App
Click to expand...
Click to collapse
Yeah I have changed my password and turned on all the Google security settings, albeit a bit of pain, does give peace of mind
Sent from my GT-I9100 using xda premium
I rooted my phone last month and it's been running just fine. Today I began seeing a SuperSU message "Binaries need updating..." Selecting update reboots the phone. Cancel and the app will not run. Booting into recovery, wiping the cache then reinstalling SuperSU restored SuperSU app but security app, "TrustGO" virus scan states "[email protected]" infection in Supersu. Also, SuperSU began new message recommending an upgeade to the "Pro" version.
Is "[email protected]" a problem and if so is there an alternative?
(AVG & Norton virus scans report nothing.)
Thanks!
?)
What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3
To stop message to upgrade from showing, click setting, scroll all the way down, uncheck nag about upgrading.
Sent from my lair.
laie1472 said:
What I think is the case is that by receiving the prompt to upgrade to pro it may have triggered your security app.
"I think" Do you have an add blocker software app installed ?? If so check for an update to your host files. If not then hit the play store and download one. I use Add free. It's free and it's a good app "imo" After your device is add free the security alert should go away. If not try uninstalling the security app, reboot and reinstall it. But if avg and Norton scanned and reported nothing then more than likely your ok. But if you prefer the app that had the alert then you can try the above steps to see if it helps your issue at all.
#Root-Hack_Mod*Always=SG3
Click to expand...
Click to collapse
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.
SuperSU/Superuser by their nature are a security risk, that's a false warning though.
Micro Maniac said:
Thanks for the response.
I am using Ad Free and updating HOST file says I have the latest. Viewing the HOST file shows a blank page? I uninstalled TrustGO, rebooted and reinstalled. Scan still identifys "[email protected]" infection. "This app is able to gain full access by exploiting a well known weakness on the Android platform".
I like TrustGO because it does all security in one app. (Lost phone locator, remote data wipe, web browsing malware protection, virus detection, etc.)
I guess if SuperSU really had began misbehaving some of you smarter folks out there (smarter than me!) would detect that and recommend alternatives. Unless I hear otherwise I guess I'll flag it as IGNORE.
Click to expand...
Click to collapse
Well viewing the host file should not be blank "afaik". If you want, try running it again. And/or uninstalling add free and then rebooting. Hit recovery and wipe cache & dalvik cache. Then reinstall add free and update. Also yea I'm gonna lean towards the hit on the su app as a false one. Also which version are you using ??
#Root-Hack_Mod*Always=LTE
Version 1.04
Sent from my EVO using xda app-developers app
AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app
Were are you viewing your host file from?? Also have you tried to a earlier ver of super su ??
#Root-Hack_Mod*Always=LTE
There really is no nice way to say this, aside from "TrustGO are a collection of dumb ****s who don't know their job". They're not alone, though.
SuperSU and/or its native binary are installed by many exploits that gain root automatically. Those are indeed security risks. Due to this, it appears the su binary itself has been (wrongly) classified as an exploit by several virus companies, instead of the binaries actually performing the exploit.
There is nothing "exploiting" about su, if there was, a lot of binaries on a lot of computing devices could be classified as exploit now
Micro Maniac said:
AddFree still shows blank TCP dump. Logon and update says I'm up to date. I reinstalled it after wiping cache same time as SuperSU...
Sent from my EVO using xda app-developers app
Click to expand...
Click to collapse
Well the Man himself said it. Ya can't get a better answer than the one chainfire gave you.
#Root-Hack_Mod*Always=LTE
Thanks! I fully agree..
I was able (finally) to get the host file working...
Sent from my EVO using xda app-developers app
Glad you got it worked out.
#Root-Hack_Mod*Always=LTE
Hey guys, I'm running Eclipse 1.4 (have been for a while) and recently VPN Services has began randomly asking for SuperUser permissions. Not a once and done deal, but to the point where I have to click remember my decision and deny it multiple times to stop the SU prompt and then it locks my phone and requires a battery pull.
Can anyone tell me what this app does? It's located at /system/app/EdmVpnServices.apk so it's obviously a preloaded app.
I'm thinking either someone is trying to gain remote access to my phone or it has something to do with my companies Exchange service and their remote permissions.
I just renamed the app to .bak and I'm about to reboot and see what it breaks. I can't find any info on this app online so any input is appreciated.
Sent from my SCH-I605 using Xparent Green Tapatalk 2
I was wondering what exactly SuperSU permission means. Does it means that if I grant a App SuperSU permission both at the install stage and later via the superSU rooted app, the app then have free hand to do anything on the device. I did a bit of research and ir does seem to be yhe case, wouldn't this be very dangerous to grant this permission to some less well know apps (ie not titanium backup calibre).
Sorry I am just curious. But what I really want to know is this, and cant seem to find answer on the net elsewhere.
Although there is a separate permission for Internet access. Would an app with superSU be able to give itself stealth internet access and thus able to steal sensitive data over the net, or would I still be safe as long as the app dont ask for explicit internet permission.
Sent from my GT-N7100 using XDA Premium 4 mobile app
emgluon said:
I was wondering what exactly SuperSU permission means. Does it means that if I grant a App SuperSU permission both at the install stage and later via the superSU rooted app, the app then have free hand to do anything on the device. I did a bit of research and ir does seem to be yhe case, wouldn't this be very dangerous to grant this permission to some less well know apps (ie not titanium backup calibre).
Sorry I am just curious. But what I really want to know is this, and cant seem to find answer on the net elsewhere.
Although there is a separate permission for Internet access. Would an app with superSU be able to give itself stealth internet access and thus able to steal sensitive data over the net, or would I still be safe as long as the app dont ask for explicit internet permission.
Sent from my GT-N7100 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
With root u can do almost anything on your device and supersu is just app that remembers you that you are going offthe limit withiut an app like that every app installed on your phone can use root and cause harm but with the use of supersu you can limit by denying those suspected apps from root permission
And for the real question an app with root permission can do almost anything with your device so use it with prrcaution