If You Bought a Used Android You Could Be Being Tracked! - Verizon Samsung Galaxy S 4

I believe this information should be out there for all Android users and i dont recall seeing it anywhere but i hang out here right now and thought i would share what i discovered on accident.
i reference a RAZR M here but INSERT any Android phone as far as i can tell.
***please Devs and such i am not one so ignore my possible misuse of how exactly it operates but i just wanted to share the point of this not how the Android OS operates
i had a RAZR M with ROOT and installed Avast Mobile Security (i believe many others would do this as well) and since i was root i installed it as a /System app. this as some of you may not know makes it kinda part of the OS now. this means that a Factory Reset does not remove it but instead installs it again. i will explain how i discovered this:
- had a RAZR M as mentioned and i installed Avast as /System
- you can rename the app itself to whatever you want like "fletch33" and so anyone who finds your phone wouldnt know it was a security app and try to uninstall it. this is a great feature so i renamed it.
- this will do the standard stuff like locate your device, wipe it, make it beep, etc....
- i decided to give the phone to someone else and they wouldnt want root items or anything so i did a factory reset forgetting i had installed Avast as /System so they would have a clean start with the M
- since Avast was /System it became part of the Factory Reset process and so a what i thought was a clean fresh phone actually still had Avast on it but now since it was fresh and clean there were no signs like an app to remind me i had installed it as root. i honestly forgot it was on there.
- i had selected to get notifications of where the phone is if it traveled a distance but could see it whenever i wanted with a browser login to website and although i had reset it that STILL WORKS! i am getting emails when it moves and can login and see it.
- there are no visible signs that this is on the M (insert any phone)
- in my knowledge the only way the tracking etc... would stop is if i were to ODIN or SBF or whatever the equivalent is on that particular device or i would have to re-install Avast and it would then allow me to put in my passcode and then i could uninstall it.
the moral of the story is that any used phone could have had this done and if not by accident like mine but on purpose for whatever reason.
fortunately i gave the M to a family member and i will fix it for him but it really made me think what it could be used for ....
if this has been mentioned or i am incorrect i apologize in advance but when i started getting emails about where the phone i gave away was located all the time from Avast after a Factory Reset i decided i should share this so that others might take precautions with their second hand Android device.

1. I always Odin my phone and procedure to rooting with in a few short hours of owning device.
And if not, I'm pretty sure unlocking the device will erase everything. (in a lot of my previous cases)
2. And I see nothing wrong with the previous owner being able to track me picking up his wife and taking her back to the white house to make her my First lady

Yep, first thing I would do is wipe the phone properly.
"Factory reset" is a really bad name for the process...it does nothing of the sort.

Um, makes complete sense that you can still track the device. I assumed that before you even posted it. Same way you can track devices through android device manager, moto software, etc etc.
You're forgetting a huge oversight here.......it doesn't really do much good if stealing someones phone, then wiping it, would get rid of all tracking options. Kinda defeats the purpose. Otherwise people would steal someone's phone, factory reset, then go about their merry way and you're SOL...

TechSavvy2 said:
Um, makes complete sense that you can still track the device. I assumed that before you even posted it. Same way you can track devices through android device manager, moto software, etc etc.
You're forgetting a huge oversight here.......it doesn't really do much good if stealing someones phone, then wiping it, would get rid of all tracking options. Kinda defeats the purpose. Otherwise people would steal someone's phone, factory reset, then go about their merry way and you're SOL...
Click to expand...
Click to collapse
sure but since most Android phones dont offer a iPhone like recovery and most users dont even know what root it then to me its those people that should have concern.
i always ODIN or SBF etc.. myself if i pick up a used phone but most people woudnt even know about that.
Manufacturers should release iPhone like recovery system so that an average person can clean their phone without tech knowledge and downloading a file somewhere.

Related

[Q] storage problems acer e2 liquid

hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops: p.s. i have jelly bean 4.2.2
bazzaboy1 said:
hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops:
Click to expand...
Click to collapse
Unfortunately removing the preloaded apps won't help your storage issues at all. Those apps are located in a different part of the system (/system/app) than the apps and data (/data/app + /data/data) that you add. You can (if rooted) move apps to the /system/app partition, but they don't always work or update correctly from there as it requires special permissions to run from there. But there really isn't much to do besides rooting it and doing some modifications to your set up. They don't call em budget phones for nothing.
Options include swapping the internal and external mount points so it reads your external as your main internal storage, creating a partition on your external and using a script to link your /data/app and/or /data/data folders to that partition so it reads as one big space (however big you make that partition), or using an app like Folder Mount to create a link between big folders on the internal to the external (mostly helpful for big game data). All of these require a bit of knowledge, but nothing that some time and reading can't help you with. It is not exactly rocket science. Knowing what update you are on though is important, both so you pick the right rooting method (there are multiple options if not on 4.2.2 yet) as well as, if, worst case happens, you know what version of the software you need to reload. You can find this info under Settings / About Phone. Make note of not just the android version, but the build or system version as well as there can be mini updates to software that changes things but not the actual android version.
As far as Kingo, I've never read anything other than hearsay about any potential malicious activity on their part. The reason you see most people freaking out about it is because when it first was introduced, it was known to send IMEI info back to their servers in China. Kingo never tried to hide the fact, explained their position about why they were doing it (diagnostics), and promptly changed how that was done. Now, by nature of what it is doing (root = gaining admin access to the operating system), it needs to download closed sourced scripts and files to gain this access . They don't want to disclose their sources for 2 reasons: 1) if the manufacturers of the phones that don't want it rooted see how it is done, then it's much easier to patch that on the next update and 2) so other people don't steal their work. Makes sense to me, but some people are concerned about closed sources (even though many apps already installed or that you download are closed source as well). I've used it on quite a few devices and have never had problems. You can uninstall the companion app it installs (it does this for some devices to help gain access through a backdoor) and update the SuperSU app and binary it installs via the Play Store, so don't really see it as an issue.
bazzaboy1 said:
hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops: p.s. i have jelly bean 4.2.2
Click to expand...
Click to collapse
es0tericcha0s said:
Unfortunately removing the preloaded apps won't help your storage issues at all. Those apps are located in a different part of the system (/system/app) than the apps and data (/data/app + /data/data) that you add. You can (if rooted) move apps to the /system/app partition, but they don't always work or update correctly from there as it requires special permissions to run from there. But there really isn't much to do besides rooting it and doing some modifications to your set up. They don't call em budget phones for nothing.
Options include swapping the internal and external mount points so it reads your external as your main internal storage, creating a partition on your external and using a script to link your /data/app and/or /data/data folders to that partition so it reads as one big space (however big you make that partition), or using an app like Folder Mount to create a link between big folders on the internal to the external (mostly helpful for big game data). All of these require a bit of knowledge, but nothing that some time and reading can't help you with. It is not exactly rocket science. Knowing what update you are on though is important, both so you pick the right rooting method (there are multiple options if not on 4.2.2 yet) as well as, if, worst case happens, you know what version of the software you need to reload. You can find this info under Settings / About Phone. Make note of not just the android version, but the build or system version as well as there can be mini updates to software that changes things but not the actual android version.
As far as Kingo, I've never read anything other than hearsay about any potential malicious activity on their part. The reason you see most people freaking out about it is because when it first was introduced, it was known to send IMEI info back to their servers in China. Kingo never tried to hide the fact, explained their position about why they were doing it (diagnostics), and promptly changed how that was done. Now, by nature of what it is doing (root = gaining admin access to the operating system), it needs to download closed sourced scripts and files to gain this access . They don't want to disclose their sources for 2 reasons: 1) if the manufacturers of the phones that don't want it rooted see how it is done, then it's much easier to patch that on the next update and 2) so other people don't steal their work. Makes sense to me, but some people are concerned about closed sources (even though many apps already installed or that you download are closed source as well). I've used it on quite a few devices and have never had problems. You can uninstall the companion app it installs (it does this for some devices to help gain access through a backdoor) and update the SuperSU app and binary it installs via the Play Store, so don't really see it as an issue.
Click to expand...
Click to collapse
Wow thanks very much, a was not exspecting that reply and so quickly, so thanks , well as i said i am new to the android, and the whole rooting thing makes me nervous as i havent done it before, and i dont want to break my phone, i do know there is always a risk in anything really, but would like to know if possible the best for my phone, i am on jelly bean 4.2.2 and kernel 3.4.5 and is it the build number you need or the custom build version? also i dont know if this is important but i actually dont have wifi and use the usb tethering for my pc to get online, is it still possible to do it this way? cheers
bazzaboy1 said:
Wow thanks very much, a was not exspecting that reply and so quickly, so thanks , well as i said i am new to the android, and the whole rooting thing makes me nervous as i havent done it before, and i dont want to break my phone, i do know there is always a risk in anything really, but would like to know if possible the best for my phone, i am on jelly bean 4.2.2 and kernel 3.4.5 and is it the build number you need or the custom build version? also i dont know if this is important but i actually dont have wifi and use the usb tethering for my pc to get online, is it still possible to do it this way? cheers
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2518094
That's a guide with everything you should need to fix the phone if anything were to happen or to just return it to it's original state if wanted / needed. Read through the thread a bit and see where other members were having trouble and the solutions to those. If you get comfortable with that and how it works, then modding your phone becomes much less scary. And once you are rooted, tethering is even better because you can typically hide your activity much more. I don't know if it is a big deal with carriers around where you live, but here, most people have to pay for tethering or make sure to have special plans that typically cost more than ones that don't include it.
es0tericcha0s said:
http://forum.xda-developers.com/showthread.php?t=2518094
That's a guide with everything you should need to fix the phone if anything were to happen or to just return it to it's original state if wanted / needed. Read through the thread a bit and see where other members were having trouble and the solutions to those. If you get comfortable with that and how it works, then modding your phone becomes much less scary. And once you are rooted, tethering is even better because you can typically hide your activity much more. I don't know if it is a big deal with carriers around where you live, but here, most people have to pay for tethering or make sure to have special plans that typically cost more than ones that don't include it.
Click to expand...
Click to collapse
Thanks very much!! a will go have a look at the thread just now, really appreciate your help and time, thanks

Is it safe to perform a WIPE CACHE PARTITION on an UNLOCKED HTC One M7? Urgent!

Any advice/suggestions would be MUCH appreciated!
My problem ultimately stems from the fact that my keyboard has somehow been disabled by some errant app, most likely Google's Tap-to-Talk function, a little over a week ago now. Literally out of nowhere. I disabled the general Google App the very day the tap-to-talk function started overriding the HTC Sense keyboard everywhere, and then noticed that neither the keyboard nor the tap-to-talk function were working. I just thought that I could simply restart my phone and any glitch would be removed and my keyboard would return to its normal functioning. I was completely wrong; I haven't been able to use my phone ever since, simply because the keyboard does not come up as usual for me to enter my password, so that since then I've been completely locked out, even though the phone itself is in working order. As far as I know, I don't think that there's any way of overriding the password entry function so that I could simply get into my phone to try to fix the problem that way--but if there is any way, PLEASE LET ME KNOW.
Anyway, I have already chatted with a tech from Google Play, and when I saw that nothing worked out down that avenue, I talked with two different HTC support techs. I explained my problem to the last one and said that I would like to perform a Wipe Cache Partition, but as soon as she found out that my phone is Unlocked with S-ON, she said that there's a 50/50 chance my phone could become bricked from performing the cache wipe. She did say that it's all relative to the case, and for some, everything works out fine, while for others, not so much, so she went ahead and created a ticket for me to speak later with the higher-level HTC Developer techs. I have also already visited an actual tech place only to discover that the 2 guys working there primarily specialize in hardware and are unwilling to try any software-related fixes, because of liability issues and probably also because they just haven't got a clue.
My primary concern is losing all the data still stored on my phone, because it is still in working order, and so I feel like I have much more of a chance of somehow retrieving it NOW than if I were to proceed with the cache wipe, have it brick on me, and then be forced to figure something out with a completely broken phone.
So the main question is whether it really is that risky for me to perform a wipe cache partition, because after researching it all over the Internet, I came to the conclusion that it is a safe procedure that should not damage any personal files or information. Now I have found out that is not the case for unlocked phones, which all those tutorial articles fail to mention.
Please, if anyone knows, PLEASE tell me if it would be safe for me to perform this cache wipe on my unlocked phone. But also, if you just have ANY relevant advice to share on this general matter, please let me know.
I have already perused a pretty large quantity of sources all over the net and am growing increasingly worried at the lack of options to get my phone back into working order for me to actually be able to use it again. I decided to turn to this site's forum as a kind of near-last resort, because I am growing pretty panicked and desperate.

A Tale Of Woe and a Cry for Help. (Backup won't restore to Pixel 3)

This is a saga. I had a very long six hours with Pixel support yesterday. Phone is on Verizon. Sorry if some of this is text speak, it's adapted from telling a buddy and reddit about this mess.
So. My camera has been kinda ****ed up for a month or so. I talked to google support about it a while ago but kinda took a break from dealing with it. I have deduced that it is clearly a hardware issue. The camera makes a loud clicking noise when it tries to focus, very rarely actually does focus. The last step in Google troubleshooting before they will warranty it is a factory reset. I said I didn't wanna because it was obviously a hardware issue but my guy said I had to, I should have just lied, but I didn't think of it. So before I reset, I wanted to have everything backed up, which it wasn't, apparently. So to speed things along and not have to wait for it to sync itself, I forced the backup using adb. Made sure it was completed, though. And I can see the backup on Google Drive right now and could then. So then I do the reset.
The phone comes back, my instructions were to skip the startup and test the camera. Obvs doesn't work because it was a hardware issue, but now I wanna reset my phone. Go through the wizard. "No backup found." Ask my camera guy what I should do, he said it glitches sometimes, just do another reset after we're done setting up for me to return the phone maybe. Don't wanna do that right away cuz I'm going away, but I have a while to do it. So I do the second reset and do the wizard right at startup. Still no backup. I call back for a different tech, who has me reset through the bootloader. Still no backup. At that point, I ask if there is someone who can walk me through the commands to force a restore with adb. He says his supervisor could, he'll be back and call me in an hour.
90 minutes pass. I receive no call. I call back looking for my specialist. Get some other dude whom I walk back through the problem with screen sharing on. Takes him a while to get the lay of the land, which is, again, the backup exists, I can see it, for some reason my phone setup cannot, I would like my full phone setup back and not just my ****ing photos. "Ok, we can try transferring you to a manager." Yes. That is what I wanted before. Get another guy who I am not sure is actually a manager. Spend like 15 minutes trying to make him understand the issue and again saying please just give me someone with some familiarity of developer tools who can walk me through some commands real quick. I have a new troubleshooting step he says! Great! He tells me it. Then I went from annoyed to mad. Mind you in between all these calls, I've been getting that 30 seconds of Vivaldi looped on end. He suggests we try putting it in safe mode and letting it sit for half an hour to make sure no apps are interfering. I tried to explain to him that this is pointless, that the whole problem is that THERE ARE NO APPS, IT'S FACTORY FRESH, what would this solve. He tries to say we're just troubleshooting and have to go through it and why safe mode checks things. I said again, I'm clearly not a complete novice, I understand the thing we're doing, I am explaining to you right now why you are having me do it and why it is a pointless step, can we move onto the next one, please. The call drops. He may have just hung up on me because he realized I wasn't happy with his horrible pointless idea.
I call back and this time, through some more Vivaldi, get fairly straight through to a manager. This one at least seems to grasp the issue. He doesn't know how to fix it. No one there knows anything at all about how to use any developer tools, and we've officially established my level of technical literacy is higher than the people meant to help me, if not high enough to get myself out of this mess. There is no one higher to escalate this too, but we can be transferred to the Drive department. Sure. More Vivaldi. Get my guy. At least this time he seems to be on the same continent. Has no idea why I was transferred to him, this is not something in their wheelhouse at all, he'll try one thing, and oh, by the way, I don't own a cell phone yuk yuk yuk. Seems kinda wild for a Google tech support guy not to have a cell, but that's just me. His one thing doesn't work. He has no idea why android support rolled me around the way they did all day. See if Verizon might know. btw you wanna take a survey? That's mostly where we are now. Except. For some reason, if you turn off autobackup, it'll delete all existing backups. This is stupid, but also an issue because I neither want my phone to backup and overwrite the backup I know works nor to delete that backup. So now my phone is backing up into another drive where it can't hurt anyone.
Also, I've now warranty'd the phone with Verizon for the camera issue, so hopefully it will just restore easily to the new one, but just in case it doesn't, I'd still like some advice if anyone has any.
Anyway, the question is if anyone knows how to force the thing to restore with adb.
tl;dr: I forced my phone to do a backup with adb, I can see the backup in google drive, but when I try to setup my phone, it won't recognize that it is there. Does anyone know how to solve this, using adb again or otherwise?

New here and have a problem with my old Samsung J7 Max as well.

Aight so I have this Samsung Galaxy J7 Max that I've been trying to unlock for more than 2 years now. I of course, don't want to lose the super important data it holds. It got locked out randomly and hasn't been able to take up the pattern I had put on it till date. I'm absolutely sure no one changed its lock screen pattern and its the phone that is unable to recognize the exact same password it had before this happening. I got hold of it today and yet again, started looking for solutions on YouTube and the internet itself. After all of my research, one thing is clear. There is only one way that the pattern lock can be removed in such a condition; by deleting this system folder called gesture.key that lies within the phone itself. I am by no means a nerdy software dev or something but I do have very little knowledge about these workarounds. I used an ADB via a cmd terminal to contact my phone. But it turns out that due to my usb debugging setting not being turned on in my phone, the adb didn't have the required authorization to make any changes to the target. I then got my phone into stock recovery mode and chose the Install through ADB option there. Now when I input the command adb devices, the prompt showed me my device ID, but instead of the "unauthorized" indicator beside it, it now had the indicator "sideload". I had no idea of what had to be done when such happens, so I tried the adb shell > cd data/system > su > rm *.key [taken from an XDA forums thread] commands again. But right on the second step it displayed error this time. I have tried using a key eraser via sd card too, but it just doesn't happen, the sd card folder in the stock mode does not display the contents of the folder.
Now the phone isn't being an obstacle in my life right now, but I really hope there's a way to fix it. Early help would be appreciated. Thank You.
If the data is super important why isn't it redundantly backed up?
Having a set lock screen and storing data on the OS is a sure fire way to lose data, eventually.
Maybe you'll get lucky... is that drive encrypted?
If not it may still be corrupted and unusable.
Don't put yourself in this position again... been there, done that
@blackhawk As I said, this was an absolutely random incident, had never even thought this could've been the case someday. Its not like the phone crashed and then this happened, I turned off my phone's display and the next time I woke it up, the pattern wasn't working anymore. Furthermore, the timed attempts that happen after 5 incorrect tries wasn't existing anymore. Now it could be that someone did get the timed attempts wrong as well [it isn't my own phone]. But I really don't see any other reason to that occurrence.
About the backups, I mean cmon, I was 15 back then, a medico student even more so. I never got my hands around backing up anything. But yes, have been backing up every single bit of data within these two years.
The storage drive shouldn't be encrypted. It was a regular phone bought online that had pdfs, images, recordings and videos stored. The google account was not that of the owner either! It was my uncle's account that was being used ever since he bought it. And since there was never a problem having used his account for quite a while, we never cared to change it to a new google account. Now my uncle's google account itself handles another device, his own phone, exact same model, Galaxy J7 Max. I have tried using his account at the Google Find My Device app to locate and unlock the phone that way [I hope you know it has the three options Ring, Secure and Erase Data]. But it happens so that the Secure phone with password option only for devices that have been lost and don't have a security lock already setup, which wasn't, unfortunately, my case. So that option was greyed out.
For the data corruption, you might be correct. But that phone still does receive SMS texts, calls, whatsapp texts and other notifications. They just don't show up on the lock screen anymore. I honestly had the "Screw the data, I'll erase it anyway" thought yesterday, but during my latest tries, I found the XDA forums website to be quite helpful. Had not it been the damn USB debugging, the solution I approached from this forum would've got the job done in a couple minutes. Again, if the data might've gone corrupted, I will erase the data [I mean I would have to]. But this little glimmer of hope that I experienced yesterday is what is preventing me from doing that. I really hope there is a fix to my situation.
@Chinmay47
a phone can get booted into these modes
Normal ( AKA Android OS )
Recovery
Fastboot
Sideload
EDL
Sideload mode is used to flash OTAs and/or ROMs.
Recovery mode allows you to perform some ADB actions as e.g. pull userdata, but this reqires ADB ( read: USB debug ) got enabled.
So my guess is you can't recover phone's userdata at your own, this would have to be done by an external service who can pull out phone's internal SD-card and has the forensic tools to read it.
@jwoegerbauer Surprisingly the idea of taking the phone to a forensic service struck me yesternight too. As you mentioned, since I can't recover the phone's data myself, all tips and tweaks on the web should now be struck off of my list of solutions. I'll leave the data to some forensic services then. Let's hope the recovery is worth the hassle. The thread is still open to more suggestions though. Thanks for the replies everyone. Really appreciate it!
Chinmay47 said:
@jwoegerbauer Surprisingly the idea of taking the phone to a forensic service struck me yesternight too. As you mentioned, since I can't recover the phone's data myself, all tips and tweaks on the web should now be struck off of my list of solutions. I'll leave the data to some forensic services then. Let's hope the recovery is worth the hassle. The thread is still open to more suggestions though. Thanks for the replies everyone. Really appreciate it!
Click to expand...
Click to collapse
It not a card they can pull. More than likely it's on a BGA chipset, the hardest kind there is to work with.
If they can't access the data on/with the mobo they will have to unsolder the chipset without damaging it then put it into a test jig or another mobo (after pulling that mobo's matching chipset).
If they can access the data on the mobo, not so bad. Otherwise not so good.
Let us know how this plays out for you.
Here's one I found showing you this complex procedure: https://flashfixers.com/recover-data-dead-phone-chip-off-data-recovery/
They may be able to help you, but I have no personal knowledge of this company.
blackhawk said:
If they can't access the data on/with the mobo they will have to unsolder the chipset without damaging it then put it into a test jig or another mobo (after pulling that mobo's matching chipset).
Click to expand...
Click to collapse
Actually thought of this idea right after a couple days from the beginning of the problem. Yes its gonna take loads of precision and patience but it does sound doable. Maybe that's what is gonna be the last option for the forensic service too in case, god forbid, they aren't able to do it the "simple" way. Can't say yet, but I'm gonna keep this thread updated with all the developments that take place.
Chinmay47 said:
Actually thought of this idea right after a couple days from the beginning of the problem. Yes its gonna take loads of precision and patience but it does sound doable. Maybe that's what is gonna be the last option for the forensic service too in case, god forbid, they aren't able to do it the "simple" way. Can't say yet, but I'm gonna keep this thread updated with all the developments that take place.
Click to expand...
Click to collapse
If they need to remove the chipset the chances of failure increase. Flash memory retension is generally good for 10+ years but it may be damaged in the removal process if so, snake eyes.
Get price quotes up front for the whole process.
Once they got the phone, they got you by the balls. Not saying they aren't trustworthy but feel them out. If it's a couple hundred and you get the data back, you did good.
No idea of the cost though, my guess is $400-1000+ especially if they need to pull the chipset.
That's high risk even if they do it by the book.
If their policy is no data, no charge... expect higher rates to cover their loses.
@blackhawk All of that sounds kinda terrifying if you ask me. Well I mean, there is always a first option that can be tried without any mentions of pull-aparts. Yet I will surely judge the person well before I hand my device in his hands. I would try my level best to not take it to the critical stage, but if it needs be and there is a really high chance of losing my data, I can factory reset my data at home by myself too can't I? Future shall tell I suppose.
If you factory reset it all data will be lost.
It will not be recoverable!
If you want the data you will need to use a service like I showed you. They will need physical access to the phone to recovery the data.
The phone may be scrape afterwards
@blackhawk Sure does look like it would be! But paying to get your phone reset for you is way to harsher than doing it yourself. It is only in case the data is nearly impossible to recover that I'll reset the phone myself.
Chinmay47 said:
@blackhawk Sure does look like it would be! But paying to get your phone reset for you is way to harsher than doing it yourself. It is only in case the data is nearly impossible to recover that I'll reset the phone myself.
Click to expand...
Click to collapse
Reset? Most likely destroyed.
Do you really want the data?
blackhawk said:
Reset? Most likely destroyed.
Do you really want the data?
Click to expand...
Click to collapse
I actually do though. But well, if it ain't coming back then why wish for it. Yeah the data was really important.
Chinmay47 said:
I actually do though. But well, if it ain't coming back then why wish for it. Yeah the data was really important.
Click to expand...
Click to collapse
Call them up and see what they say.
Since it's not physically damaged they may be able to access it none invasively.
blackhawk said:
Call them up and see what they say.
Since it's not physically damaged they may be able to access it none invasively.
Click to expand...
Click to collapse
I'll do that and report back ASAP. Thanks for the help sire!

Scamware? Tablet locked - should I factory reset?

My wife bought an S7+ from Amazon and it's been fine for a couple of months. She had a popup today which warned that the device would be locked because it was part of a trade in scheme and there was some sort of problem. I assumed some sort of malware but I was working so I didn't do much with it but now the device appears to have locked into a sort of "kiosk mode" where we just get 2 screens:
https://imgur.com/a/Z4N9TLy
All the blurb is plastered with "Samsung Electronics UK" but the domain the email is going to is "tradeinresponse.co.uk" which after some Googling seems to have been linked with some scam stuff in the past.
I've tried safe mode with the same locked screen, plugging the tablet into a PC results in it locking to the first screen.
I can get into recovery and I wanted to try a wipe, but the wife has some drawings on there she's done in Sketchbook that she would like to keep.
I'm a software developer by profession but I work with Windows/.NET and SaaS stuff so I've not got much experience with droid devices (a bit of java here and there in the past, but not so much XP with the OS itself)
So my questions are:
Does anyone know if this is any sort of official thing or is this malware/scam stuff as I suspect?
Is a factory reset likely to resolve the issue?
If I want to factory reset, can I pull files off the devices internal SD via ADB or some other tool before I do it?
Do I have any other options?
Kind of a wind up - I'd just have factory reset it by now to find out but like I said, I don't want to lose any of the wife's data if possible. If she gets anything back I'm going to make sure she sticks it in the cloud.
Any help would be appreciated and thanks in advance!
Always backup critical data redundantly to at least 2 hdds that are physically and electronically isolated from each other and the PC.
Or you will lose data eventually.
Factory reset but you will lose all data. If the drive is encrypted, you likely already have.
Sounds like ransomware. Contact Samsung and do some Google searches. See what you got and if there are any work arounds.
You may need to reload the OS completely if it's a rootkit and running on Android 8 or below.
This could be a nasty little bugger...
If it wasn't present on the device when purchased, your wife either downloaded or installed it. She needs to be more careful!!!
Maybe this will impress that onto her...
Thanks for the advice but I've already googled as much as I can. The domain doesn't go anywhere except a holding page though through reverse lookup it seems there are also other domains on the same host including some legitimate businesses that appear to do Samsung second life schemes for devices.
I've googled the actual lock message but no-one on the net seems to have seen it before.
The wife hasn't installed anything, she got the device a few weeks ago (from Amazon, supposedly new) and did a transfer from her old s6 (that has gone to my daughter) to the s7 using Smart Switch. Since then she's not installed any other applications.
It's not "critical data", per se, it's just drawings she'd like to keep, plus copying stuff onto physically disparate hard drives seems a bit overkill given she can just drop the files into a cloud storage account and have way more redundancy than you/I could ever reproduce by doing manual backups.
I'm posting in an s7 forum about an s7 so it's going to be running Android 10 at the minimum (given that's what the device ships with). Not sure why the comments about Android 8.
Anything she could have installed would have been from the Play store (and I don't believe she installed anything other than what automatically installed from what was on her old s6), plus her apps are from a reputable vendors (Autodesk etc). My son has a tablet and he installs all sorts of crap and hasn't had this issue because the OS prevents stuff like this from happening unless you allow side loading.
Is it possible to install a rootkit from the play store? I didn't think so ..?
So, either it was on there when we got it, it's legit or it's a vulnerability that exists in the OS and we are some of the first people to see it...
You can do what you want but any backup database that requires a password can be lost.
I have close to a dozen backup hdds, there's no way to I can lose my entire database.
At least use 2 OTG flashsticks to completely backup the data but hdds are still preferable.
NEVER encrypt data drives... and verify the backups are complete and readable.
As to how it happened you're going to have to sort that out or suffer the same fate possibly again in the future.
A factory reset seems inevitable at this point.
Afterwards change all passwords.
Malware has always existed on Playstore albeit not much or for long. She may have imported from your daughter's phone.
You got some potentially gigantic problems now.
Personally I would have already gone full nuke by now. It's simply not worth the risks.
In the future hawk the download folder daily for files you didn't authorize. Delete any unknowns without opening. Scrutinize all downloads and installs carefully, always. Scan as needed with Malwarebytes. Online Virustotal can be used to scan smaller files and apks.
There are also maliciously scripted jpegs too that can cause damage to any files in the same folder when opened. Be aware of any changes or strange behavior in the download folder. Vet all downloads before moving into your database.
Use a good brower like Brave and be careful what links you click, in the browser, emails and texts.
I can't even begin to estimate how many websites I backed out of, closed that tab or wiped the browser data over in the last year alone. Better safe than sorry. Zero malware infections in over 1.5 years and that's running on outdated Pie.
Almost all malware, rootkits etc are loaded by the user. Some will self install if the device's security isn't configured correctly or if not spotted on a timely basis. Androids, even ones with out of date OSs are generally very secure unless the user does something stupid... learn or get burned.
blackhawk said:
You can do what you want but any backup database that requires a password can be lost.
I have close to a dozen backup hdds, there's no way to I can lose my entire database.
At least use 2 OTG flashsticks to completely backup the data but hdds are still preferable.
NEVER encrypt data drives... and verify the backups are complete and readable.
As to how it happened you're going to have to sort that out or suffer the same fate possibly again in the future.
A factory reset seems inevitable at this point.
Afterwards change all passwords.
Malware has always existed on Playstore albeit not much or for long. She may have imported from your daughter's phone.
You got some potentially gigantic problems now.
Personally I would have already gone full nuke by now. It's simply not worth the risks.
In the future hawk the download folder daily for files you didn't authorize. Delete any unknowns without opening. Scrutinize all downloads and installs carefully, always. Scan as needed with Malwarebytes. Online Virustotal can be used to scan smaller files and apks.
There are also maliciously scripted jpegs too that can cause damage to any files in the same folder when opened. Be aware of any changes or strange behavior in the download folder. Vet all downloads before moving into your database.
Use a good brower like Brave and be careful what links you click, in the browser, emails and texts.
I can't even begin to estimate how many websites I backed out of, closed that tab or wiped the browser data over in the last year alone. Better safe than sorry. Zero malware infections in over 1.5 years and that's running on outdated Pie.
Almost all malware, rootkits etc are loaded by the user. Some will self install if the device's security isn't configured correctly or if not spotted on a timely basis. Androids, even ones with out of date OSs are generally very secure unless the user does something stupid... learn or get burned.
Click to expand...
Click to collapse
With all due respect we aren't getting anywhere here, I don't want backup advice or malware advice, I want to know the answers to the few small questions I asked about whether this is legit and if I can access the device files or not.
You seem to be convinced it's malware, you also seem to be skim reading my posts which is fine - but I don't think your input is helping me.
I'm not going to use a different "paranoid" browser - chrome is fine, the tablet doesn't have a "security configuration" that is any different from the hundreds of thousands of other S7+ devices out there since it's a tablet and out the box it's ready to go. I'm not checking the downloads folder daily just in case some random malware has somehow "installed itself" onto my device, I'm also not keeping random flash sticks and hard drives lying about - I'll just use that geo redundant pretty solid cloud storage like most of the populace.
Yes you can put malicious content in a JPEG or a JPEG header, but it requires that there's an exploit in the OS or the app opening it (for example hiding a javascript eval in the file metadata); I don't think that's an attack vector on a tablet as far as I know given that she only browses, watches Netflix and draws using her S-pen on the device.
She's not imported "malware" from someone else's phone because if you read my post properly you'd understand that it was HER device that she transferred her data from - one that she's since given to the daughter (who has no issues). If you know how Smart Switch works you'd know that it's an unlikely vector (it just transfers data from application storage and then reinstalls the apps from the play store), plus the fact the original device doesn't have the issue...
Stop telling me to "learn or get burned". This is not a "misuse" problem. The wife is on Android 10, it's a relatively new and secure O/S and she didn't install anything she shouldn't have (she didn't actually install anything at all - it was the stock samsung application and the play store that installed the apps she ALREADY HAD on her previous device). It's not a "learn" scenario. Nothing she did should have caused this - if it is/was an OS exploit or some sort of security issue what could she have done to prevent it? Nothing.
What I have done is:
* Contacted the vendor of the device (we can still send it back if they've sent us a refurbed device instead of new as advertised)
* Sent an email to the address advertised to see what response I get (if they demand money then clearly a scam)
I've checked and the domain in the above shares a host with a company called MTR which happens to be a DCC Group company (one of the groups of companies I actually consult for) so worst case I'll speak to someone from DCC Group and see if they can shed any light.
Seems like it might be legit and quite possibly a mix up.
Do what you will... if you understand the origin of that phrase.
Anything that can't be IDed is considered malware until proven innocent
The fact that you're now completely locked out speaks volumes.
Good practices and backup are your only defenses. They apply to the future not the past... so much for flavors
Personally I think it's already too late for that device's OS load and data.
Of course I could be mistaken.
If you really want the data, take it to a data recovery specialist. They may be able to recover it.
When your at the beginning you can determine how potential data lose will end. When at the end, the outcome has already been predetermined by your actions or lack of.
You are now at the end... likely a dead end.
Been there, done that... actions have consequences.
@Charleh: if I were you, I would back up all important data and do a clean firmware flash with Odin. And a factory reset on top of that, just to be sure. Definitely sounds like you got hit by a scammer.
AnonVendetta said:
@Charleh: if I were you, I would back up all important data and do a clean firmware flash with Odin. And a factory reset on top of that, just to be sure. Definitely sounds like you got hit by a scammer.
Click to expand...
Click to collapse
Like I said there's not really any important data on there, just some drawings the wife would like to keep. Also, I can't backup anything since I can't access the device.
I'll probably just speak to DCC group and see if this company is one of theirs.
If the data is lost we are just talking some drawings the wife has done, there's nothing important on there, she just loses the layers (they are stored as multi page tiffs and sketchbook uses those as layers). She has all the images as flat renders on her cloud storage drive and on Instagram.
Think we just need to invest in some extra cloud storage as the free 15gb that Google give you isn't enough to store what she wants at the moment as the images are tens of megabytes each.
Worst case scenario I factory reset and flash it, best case I get someone at DCC telling me what's what.
The bit that gets me is that there are no ransom demands at this point so I can't be sure what's what. Usually by now with crypto ransom malware you are already being given demands...
We will see.
blackhawk said:
Do what you will... if you understand the origin of that phrase.
Anything that can't be IDed is considered malware until proven innocent
The fact that you're now completely locked out speaks volumes.
Good practices and backup are your only defenses. They apply to the future not the past... so much for flavors
Personally I think it's already too late for that device's OS load and data.
Of course I could be mistaken.
If you really want the data, take it to a data recovery specialist. They may be able to recover it.
When your at the beginning you can determine how potential data lose will end. When at the end, the outcome has already been predetermined by your actions or lack of.
You are now at the end... likely a dead end.
Been there, done that... actions have consequences.
Click to expand...
Click to collapse
It's not a big deal mate.
Stop flogging a dead horse, the most annoying thing is just that the device is unusable, regardless of me making backups or signing a pact with the devil or putting candlewax on my nips, it wouldn't have prevented this from happening..
The only reason I haven't tried a factory reset up to now is because if there's a chance I can get the drawings off the device I'd like to try it first before I nuke it.
Stop talking about my lack of actions, it's getting really boring. There's nothing I could do to forsee this happening and not my fault the wife didn't put the drawings on her cloud storage.
Go bother someone else with your multiple flash disk tinfoil hat backup routines (I bet you've got a tape drive in that routine somewhere too), stop trying to be helpful by saying "told you so" after the fact, instead try answering the questions I asked.
@Charleh: The way I see it is this:
The device's data partition/internal storage (where the drawings are stored) are encrypted by default, by Samsung. So, unless you can manage to use a MTP USB connection or ADB to make copies of them, then you're locked out and there's nothing you can do to recover them. Since they're located in an encrypted area, I highly doubt that even a professional data recovery business would be able to get them back. There are certain encryptions out there that even the US govt (NSA/CIA/FBI) can't break.
I'm assuming that you're not a l33t hax0r with uber skills, so unless you can successfully boot into Android again, your recovery chances are almost zero.
Or, maybe this company can help you out. It's worth a shot. But if I were a gambling man, I'd wager a lot of money that you will end up having to clean flash/reset, without being able to recover anything.
In the future, think about making copies of this stuff before bad things occur. As the saying goes, anything that can go wrong, will go wrong, sooner or later. I rarely lose access to my data because I'm frequently backing it up.
Good luck!
AnonVendetta said:
@Charleh: The way I see it is this:
The device's data partition/internal storage (where the drawings are stored) are encrypted by default, by Samsung. So, unless you can manage to use a MTP USB connection or ADB to make copies of them, then you're locked out and there's nothing you can do to recover them. Since they're located in an encrypted area, I highly doubt that even a professional data recovery business would be able to get them back. There are certain encryptions out there that even the US govt (NSA/CIA/FBI) can't break.
I'm assuming that you're not a l33t hax0r with uber skills, so unless you can successfully boot into Android again, your recovery chances are almost zero.
Or, maybe this company can help you out. It's worth a shot. But if I were a gambling man, I'd wager a lot of money that you will end up having to clean flash/reset, without being able to recover anything.
In the future, think about making copies of this stuff before bad things occur. As the saying goes, anything that can go wrong, will go wrong, sooner or later. I rarely lose access to my data because I'm frequently backing it up.
Good luck!
Click to expand...
Click to collapse
Thanks - that was a helpful answer. I suspected that droid encrypted the data - I was looking at making an ADB connection using Android tools. Might as well give it a try before I nuke.
I can't use MTP as the device auto locks when I plug in a USB cable.
Like I've said a few times it's not a massive issue if I lose the data - I work in IT, I know the importance of backing up important data. I've seen a client lose months worth of data to crypto-ransomware (they cancelled their backup solution a few months before saying they were moving to Azure soon so they didn't need it).
I've explained though, it's not my device and it's up to the wife to put her stuff on her cloud storage if she wants to keep it. She uses Google Drive for her docs etc.
Worst case scenario I complain to Amazon, wife is saying she doesn't remember the screen having a protector/film on it when she opened it and we still have time to return/exchange it since I have a Prime account.
@Charleh: AFAIK, Amazon has a 30 day no questions asked return policy for almost everything. If you're still within that return window, then I guess you just have to decide whether the loss of drawings is worth returning it, assuming all recovery efforts fail. I bought my Tab S7+ new direct from Samsung, I haven't encountered like what you describe. And your edge case is the first one I've seen.
I think it's possible that you bought a refurbished device that was preowned but sold as new. The original buyer didn't finish paying it off, returned it, it's sold to you, you get this message. It's either legitimately locked, or someone has remotely locked it and intends to scam you. Contact that company ASAP.
Another option is to find a local techie/shop that can remove this lock for a fee, preferably without data loss. They make want to see proof of purchase, if they're legit. This would at least give you the ability to use the device again. People used to bring me locked phones/tabs all the time, this is pretty much what I did for side cash. As long as they didn't outright admit they were stolen, I didn't care.
Ok speaking to Samsung support and it's legit - what's happened is that someone's returned the device to the supplier after doing a trade in with it and receiving a new device from Samsung Trade In.
Supplier has refunded us and told us to keep the device until the issue is resolved with Samsung.
Now fighting with Samsung themselves about it. Absolute pisstake.
Basically I have a brick and although Samsung have the capability to unlock the device through Knox they won't do it until a resolution is found with the supplier.
Fun-times. Sent a complaint email to Samsung as they are essentially holding the wife's artwork to ransom because of an issue they have created with the rules of their trade-in program.
I've already received the refund too - sounds like the Amazon reseller is trying to wash their hands of it.
@Charleh: So, they refunded you AND they're going to let you keep the tablet? I'd be quite happy with that.
AnonVendetta said:
@Charleh: So, they refunded you AND they're going to let you keep the tablet? I'd be quite happy with that.
Click to expand...
Click to collapse
Depends if the tablet is ever going to be functional again...
Fingers crossed!
Time to reflash, ODIN or do whatever and see if you can and up with his + hers new(sort of) tablets.
Hello, some solution?
Charleh said:
Depends if the tablet is ever going to be functional again...
Fingers crossed!
Click to expand...
Click to collapse
How did this end?
corb06 said:
How did this end?
Click to expand...
Click to collapse
still ongoing - Amazon is trying to get hold of the original supplier but they've gone dark; I complained to Samsung and they are looking into it, just waiting for a reply.
They took almost a month to get back to me - only did so when I started complaining publicly on all social media platforms (Twitter, Instagram etc) - they don't like it when you do that.
Will update when I know more.
Charleh said:
still ongoing - Amazon is trying to get hold of the original supplier but they've gone dark; I complained to Samsung and they are looking into it, just waiting for a reply.
They took almost a month to get back to me - only did so when I started complaining publicly on all social media platforms (Twitter, Instagram etc) - they don't like it when you do that.
Will update when I know more.
Click to expand...
Click to collapse
Sorry to hear it's taking so long. I'd be super pissed. Next time, buy direct from Samsung, you wouldnt have to deal with this ****. Because they wouldnt sell you a used/refurbished device unless it's clearly marked as such, and i'm pretty sure they only sell new devices anyway.
Can you post a link to the seller's Amazon page? They could be a fly-by-night op.
If you cant get your money back or an exchange, just contact your bank/card issuer and do a chargeback. This is a last resort ootion, if nothing else works. Explain the whole situation to them. Chances are, they would force the seller or someone else responsible, to give your money back. The only caveat is that if you wait too long, it might not work. i've inititated chargebacks against sellers who dont respond to support requests, it usually worked in my favor.
Edit: If you go the chargeback route and Amazon is forced to refund your money, they may retaliate by banning your account. it recently happened to a friend. Just so you know.....

Categories

Resources