I am a hardware engineer with some limited software knowledge. I am ULTRA paranoid when it comes to security and have a few questions:
1) People do seem to be paying attention to app permissions now. If an app only had network and storage access permissions, people would probably think it seemed pretty tame. Am I wrong in thinking this is probably the most dangerous an app could be? With these permissions it seems that the app could siphon EVERYTHING off your phone to their servers.
I guess my question would be, do Apps that have read/write storage access, have at the very least read access to all files? For example, it seems that my music app can scan for music, which is fine obviously, but what is stopping it from scanning ANYTHING else on my phone? Like business related documents, private notes, etc...then uploading these to their servers.
2) If an app only has network access, but no access to storage, I assume it would have no ability to add anything malicious locally after installation (or transmit anything off your phone)? Basically, can an app load malicious code from the network?
3) One nice feature on the iPhone is that a full reset actually does a decent job protecting your data. On Android this is not the case. Does Android device encryption actually encrypt everything (i.e. starting from the root (/) directory)? If this is the case, I would assume that a full device encryption, followed by a factory reset would nearly be akin to running a dd urandom on the drive.
4) Google seems to be stepping in the right direction with the new App Ops in Android 4.3. I am not sure what direction they will be taking this, but currently on my Nexus 7 it does not allow you to prevent access to storage or the network (for example I would like to block Final Fantasy from having network access and Weather Bug from having storage access).
Regardless, can an app automatically run on installation? The reason I ask is let's say you are downloading a seemingly benign app, but it really wants to make a dump of personal data and send it to their servers. If I download the app, could it start doing this immediately, or would I need to manually launch it first? If this was the case, then App Ops would not be very useful against certain malicious apps if they have the 1-2 minutes to dump off your contacts list before you could shut them off in the menu.
during installation it'll ask for granting permissions before installed
once installed, it can do the things you granted without further request for permission
with popular apps like viber, this is supposed to be okay
Related
Since the release of Android 4.4, I was unable to upgrade from 4.3 JellyBean because of two issues that completely disqualify newer Android versions for me:
1. Apps have no access to the external SD card.
This issues is NOT solved by moddification of /system/etc/permissions/platform.xml file
Examples of apps include:
- Sygic GPS navigation
- BeyondPod podcast manager
- Locus trekking app
- BTSync
Full access to the external SD for all those apps is indispensable to me and I was unable to get it with KitKat even though I applied all the fixes I was able to find AND used Carbon ROMs which are supposed to have this enabled to boot.
2. Only one app at a time has access to SMS box.
This is also not acceptable, because normally I send/receive SMS messages with GoSMSPro, but I also use MySMS to send/receive/type texts on my mobile through my laptop.
In KitKat each time I have to switch the default SMS app which defeats the purpose.
I would like to know whether there is there a fix for either of those problems, and whether those issues are likely to continue on Android L?
impactor said:
Since the release of Android 4.4, I was unable to upgrade from 4.3 JellyBean because of two issues that completely disqualify newer Android versions for me:
1. Apps have no access to the external SD card.
This issues is NOT solved by moddification of /system/etc/permissions/platform.xml file
Examples of apps include:
- Sygic GPS navigation
- BeyondPod podcast manager
- Locus trekking app
- BTSync
Full access to the external SD for all those apps is indispensable to me and I was unable to get it with KitKat even though I applied all the fixes I was able to find AND used Carbon ROMs which are supposed to have this enabled to boot.
2. Only one app at a time has access to SMS box.
This is also not acceptable, because normally I send/receive SMS messages with GoSMSPro, but I also use MySMS to send/receive/type texts on my mobile through my laptop.
In KitKat each time I have to switch the default SMS app which defeats the purpose.
I would like to know whether there is there a fix for either of those problems, and whether those issues are likely to continue on Android L?
Click to expand...
Click to collapse
Neither one of these things are problems or are broken things. They work as intended and have been explained as security measures. Annoying for some, yes, but this isn't a "bug".
http://www.androidcentral.com/kitkat-sdcard-changes
As far as the SD card, if you are rooted, which I am assuming because you mentioned playing around with the platform xml, there are a couple different ways to return full R/W functionality.
http://forum.xda-developers.com/xposed/modules/kitkat-sd-card-access-t2790992
https://play.google.com/store/apps/details?id=nextapp.sdfix
https://play.google.com/store/apps/details?id=com.geeksoft.extcardpatch
https://play.google.com/store/apps/details?id=jrummy.sdfix
For SMS on the desktop, you might check out PushBullet. Their recent update has enabled replying to SMS, though not sure how well it works with Go, but they do support a variety of other solid SMS app connections.
https://play.google.com/store/apps/details?id=com.pushbullet.android&hl=en
I am aware of Google's justification of breaking the SD card functionality. Whether we call it a “security measure” or “bug”, the fact remains I can no longer use a phone with KitKat to fulfil functions it used to, so to me it is no longer a smartphone.
The solutions you liked to I tried and they all failed to fix the issue. I have not tried the Xposed module, but I suppose it does the same thing as other “fixes” so I have little hopes with it.
As for PushBullet, it took me years to find MySMS which was then the only desktop SMS app that provided delivery reports. Are you aware if PushBulled does it, too?
In any case, this is a non-isue as long as there is no solution for the SD card.
Not sure why the SD card isn't "fixed" for you as it works for 1000s of others (including many of my customers), meaning there is something else going on - quite possibly how the apps were developed. Do ANY apps work right with the fix applied? And once again, no, it's not a bug, as it was done intentionally. If it is a must have and nothing else works, you can always convert the necessary apps to system apps, if you have room(you should).
I do not know what do you mean by „works”, but for all the programs I need on all the phones and KitKat roms I tried, SDcard DOES NOT work. This is even stated by developers of some of those programs (like BeyondPod).
To see if I am not mad, I just tried it again – I installed KitKat on another Samsung debvice. Latest version of GoBackup and BeyondPod could not write to SD card. 'Fine' – I think – 'I will install the Sdfix from PlayStore'. I did, and rebooted.
NOTHING changed!
KitKat is worse than a bug, because a bug is a accidental, and usually does not cause such gargantuan damage to functionality. What Google did with KitKat is worse, because it is deliberate.
This is ridiculous. If Android L changes nothing, I will have to keep all my phones with 4.3.1 forever, because of how useless Google made Android on devices with external SDcard.
Maybe they killed SD card functionality to force people to buy newer phones with huge internal memory, maybe they want to force people to use their cloud storage, or maybe they did it just out of pure mindlessness.
But they did, and - as I suspect - they don't plan to revert it.
Have you tried the fix for BeyondPod suggested by their team...?
http://beyondpod.mobi/android/help/FAQKitKatSDReadOnly.htm
Tried switching the apps to /system apps so they'll have more permissions?
es0tericcha0s said:
Have you tried the fix for BeyondPod suggested by their team...?
http://beyondpod.mobi/android/help/FAQKitKatSDReadOnly.htm
Tried switching the apps to /system apps so they'll have more permissions?
Click to expand...
Click to collapse
Yeah, the fix they suggest does not work on KitKat, because you can't select external card.
I did not try to set BeyondPod to system app, but I can't do it with every app I want to use. Many apps refuse to even start if converted to system app status, and besides system partition is limited in size, and can hardly accommodate all apps.
impactor said:
Yeah, the fix they suggest does not work on KitKat, because you can't select external card.
I did not try to set BeyondPod to system app, but I can't do it with every app I want to use. Many apps refuse to even start if converted to system app status, and besides system partition is limited in size, and can hardly accommodate all apps.
Click to expand...
Click to collapse
I have an idea on why none of the fixes are working for you...
Install this: http://forum.xda-developers.com/showthread.php?t=2524485
and try the mods again and reboot.
I'm not a 100% sure it'll help, but will only take a minute to figure it out... This step would also be necessary to make something like Xposed work properly on newer Samsung devices with Knox and all that security stuff they added.
Do you mean that SELinux may be preventing changes to the /system/etc/permissions/platform.xml file?
impactor said:
Do you mean that SELinux may be preventing changes to the /system/etc/permissions/platform.xml file?
Click to expand...
Click to collapse
Yes. It prevents a lot of different kinds of changes to the system.
es0tericcha0s said:
Yes. It prevents a lot of different kinds of changes to the system.
Click to expand...
Click to collapse
Than this is not it, because the changes are being applied correctly and appropriate lines in the appropriate files are changed/added.
Which is why, when I try to apply yet another SDfix from the playstore, the program informs me there's nothing to do because the fix is already applied.
Just because the line is there doesn't mean something else isn't interfering. Just telling you what I would try, since it takes a minute or 2. *shrug* Haven't had a phone with an SD card in awhile so don't have anything to test it with.
Thanks, but it wouldn't take 2 minutes, because I don't have a phone with KitKat. And to install a KitKat and restore all the necessary data would take several hours.
So I might try it next time I give KK a shot, but I don't have high hopes for it because I think what I have with KitKat is what everyone else has - it's just most people either don't care about it or don't need the functionality.
I am using Android 6.0.1 though i'm not sure that would make a difference with my question. So my question is after an app has been uninstalled through Settings --> Apps and then clicking the "Uninstall" button after selecting the particular app is there, in general, any evidence left on the phone that the app was ever installed? Secondly, if so how can that evidence be removed? Sort of like how a browser has a "browser history" after you've visited sites is there anything analogous in a history or a cache of some sort that can be recovered to see that the app was once on the phone and OS (barring a sophisticated forensic analysis). If i were to hand the phone to someone who is tech savvy or knows their way around android would they be able to ascertain that the app was once there?
Hey @AndroidPlistic,
So my question is after an app has been uninstalled through Settings --> Apps and then clicking the "Uninstall" button after selecting the particular app is there, in general, any evidence left on the phone that the app was ever installed?
Click to expand...
Click to collapse
The short answer is yes it is very likely that there is evidence left by the app.
Uninstalling the app will automatically clean up the private storage areas used by the app however any created files or modifications to files in the common storage area will remain and could be used as evidence that the app was installed at some point.
Orphaned data left over could include:
System log messages which would include the unique identifier for the app, e.g. com.skype
Files in common areas of the file system, e.g. photos saved by a photo editing app.
Secondly, if so how can that evidence be removed? Sort of like how a browser has a "browser history" after you've visited sites is there anything analogous in a history or a cache of some sort that can be recovered to see that the app was once on the phone and OS (barring a sophisticated forensic analysis). If i were to hand the phone to someone who is tech savvy or knows their way around android would they be able to ascertain that the app was once there?
Click to expand...
Click to collapse
While I haven't used them there are a number of apps that claim to provide an automatic app cleaning feature. Examples include: "SD Maid" and "ES File Explorer". These apps would search the common areas of the phone to see if there are any orphaned files based on some kind of proprietary smarts however there is no guarantee that these will find every file created or modified. I'd also be surprised if they automatically cleaned the system logs as they are primarily designed to increase free space on the device rather than forensically clean data from it.
If you really wanted to ensure that the installation of an app was never known about based on the information on the device itself I would recommend a full factory reset of the phone.
Hope that helps.
Samsung Xcover3, Marshmallow, unrooted, noob.
Is there a way to export (as CSV for example) storage, and possibly data transfer, stats per application?
I'm using an oldish phone with limited storage as a bike GPS, and mainly just go online through wifi to get maps and the occasional app I might want to add. I'm using NoRoot firewall to limit what can get through, but I find that G**gle etc manage to squeeze a lot of stuff down which I don't necessarily want. So for now I'd like to be able to export lists of installed apps with their storage, before and after wifi connection, to see if I can understand what's coming down, and what I can block or delete later.
Is there such an app? Or can I interrogate Android for that info from a connected Linux machine?
In the longer term I'll think about taking control of the device with a new OS, but for now I'd like to try the above.
I have done the following in attempt to get rid of this spyware:
flashed Havoc os
stock roms from official Miui using xiaomi flash tool and using twrp
erased partitions using adb before flashing (boot, system, recovery, data, cache)
It seems like it doesnt even touches it. I know its still there because he can control my phone (play notifications sounds from messenger i dont even have installed, closing/freezing my browser, freezing my screen, lockscreen goes on i dont even touch the phone).
What else can i do? Is there a way to erase every bit of data from the phone? What remains after flashing a stock rom?
edited//
Is there any way i can find Qualcomm Snapdragon 439 firmware and flash it? Can anyone help me pls?
I saw chimera tool can do firmware update but it costs 120 euro and idk if its gonna work
Can you explain more about the spyware?
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
pulshar18 said:
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
Click to expand...
Click to collapse
How did you get get infected by this ?
He got physical access to my phone.
pulshar18 said:
He got physical access to my phone.
Click to expand...
Click to collapse
That wasn't too clever. Lol, rootkit from hell.
You need to wipe the internal memory 100% as well the SD card if any.
If it has a sim card I'd replace that as well.
Or make the perp fix it... legally.
Any associated Google accounts reset the passwords... now.
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
I am in a similar situation.
I install YouTube vanced and WhatsApp Plus
in the latter case something deleted my entire data without asking me -I suspect it was clean master and my vanced applications were uninstalled all of a sudden.
I seem to know what cause that com.miui. securitycenter if you disable it it will boot loop if you to change and restrict access to various permissions then phone functionality is upset
I took out a separate thread on that here on xda Google com.miui. securitycenter draconian legitimate spyware from redmi
there is a thread on XDA I use havoc ~ two years or so but because it does not support VoLTE and trying to enable that has been in vain I am forced to come back to China ROM.
Did you install any apps after flashing ROMs / gapps?
pulshar18 said:
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
Click to expand...
Click to collapse
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
actually step back a little how do you conclude it's your phone that is affected you say he has access to our accounts and password maybe e is connecting on your Wi-Fi network IP address is the same and then trying to tinker with your accounts. what specifically makes you think that your phone is hacked as against something else
blackhawk said:
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
Click to expand...
Click to collapse
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
sieger007 said:
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
Click to expand...
Click to collapse
Jeeeesze, downloads from WhatsApp?
That's a great way to pick up creepy crawlers.
WhatsApp, FB, Instagram don't get on my devices. Ever.
They ruin lives, careers and more... they are spyware and malware by their very nature.
I never have had anything detect these little buggers, I'm not saying there aren't detectable, but don't count on it. The two I found I didn't even consider keeping them for analysis.
They wasted enough of my time as it was. Finding them in an ocean of jpegs could be problematic.
Rule #1, all downloads go to the download folder.
Choose what goes into your database after observation and at least scan it with Malwarebytes. Online Virustotal for any download remotely suspicious. Open jpegs at least once in the download folder and be aware of anything unusual afterwards... that may be the only clue you get.
If you really think one of these images has a malicious script, you need to isolate it. Scan with Malwarebytes and whatever else you want.
Try reloading, confirm the device is still clean then load the suspect database.
Problem being the trigger is opening the jpeg or some other related action to it like deleting the email it was associated with in Windows Outlook. If you get nailed again, reload and break/import your database in groups. You can see where this is going... it may take a while.
I've seen what they can do, I avoid downloading clickbait pics from untrusted sites, people and emails (email is kept in the cloud ie gmail).
My backups are also from different time periods on hdds completely isolated from each other and the PC. I could lose some of my database but not all of my it. With over 1 tb of data I'm not playing around.
The second and last(?) malicious jpeg I ran into was on Android about 1.5 years ago.
Hello,
So I've been perusing the threads, searching for an answer on this, however, I've not found it. I need to recover data after my phone was inadvertently wiped. I have a cryptocurrency wallet on there I need to get the app data for/recover. I tried a few applications, but they required me to root the phone. I then found this forum, and have been searching for more information, however, it seems rooting my phone model is circumstantial?
I've done OEM unlock, activated debugging mode, and the option that states "allow bootloader" unlock. In light of that, do I still have to flash the phone? If so, will it be possible to recover any data that hasn't been overwritten? Has anyone successfully rooted the Oneplus Nord N10 5G BE 2026?
I would humbly appreciate any advice on this matter, thank you.
If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.
blackhawk said:
If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.
Click to expand...
Click to collapse
Blackhawk, thank you so much for providing this information to me. This is what I thought, but don't have the background to understand this. I will follow your advice and hope for the best after finding a data specialist. Hopefully, someone can pull off a miracle. In the meantime, I will continue to peruse the forums to expand my knowledge to perhaps be better prepared for this in the future.
Truly, thanks again!
You're welcome.
Android is generally a very stable and reliable platform. However setting lock screens and such are more likely to lock you out of your own data than someone else. Sometimes through no fault of your own. If no lock is set, there's no password to get corrupted. I got locked out of a laptop bios like that.
Androids can and do crash often with little or no warning although this is rare. Drops probably kill more than anything else.
Always redundantly backup critical data to at least two hdds that are physically and electronically isolated from each other and the PC. Never encrypt data drives... lock it in a safety deposit box if you must.