Hey all,
I'm the proud owner of a Samsung Nexus S (sadly the i9020a model, though). I was forced against my will at gun point by someone named Jealousy to install ICS (4.0.4) on my i9020a when it was released for all other Nexus S devices except for the US AT&T version of the phone.
Anyway, love the ICS and absolutely love the ROM I'm using (Brainmaster's stock ICS, w/ Supercharger V6 and a number of other goodies). But I was a bit confused today when I opened my phone and noticed a recently downloaded APK called "update.apk". Looking at it's info, it's name is "com.android.fixed.update" with no author, developer, and minimum version of 0. It weighs roughly 40kb and is not associated with the market, so I'm going to have to disable my "Market-only" settings in order to install it, otherwise it was about to install itself.
I was wonder what it might be. With no other information, I'm a bit hesitant to install it. The only permissions it asks for is Network Access and Start on Boot.
I thought just maybe it was an OTA from a developer (maybe even Brainmaster) but I wasn't exactly sure what kind of access or ability non-service providers had to OTA functionality and what not. (I suppose, if it can probably be modified with some effort, seeing as the source is available...)
Anyway, hoping to hear your thoughts on it. Google showed ONE result for "com.android.fixed.update" and that's it. Thanks for your input in advance!
We also got the same file on our Moto Xoom, I believe its a virus so do not install it. The file was downloaded at biandroid (dot) info which is definitely not associated with android.com
http://anonhq.com/notcompatible-back-market/
that is the explanation
Back in 2012 malware called Not Compatible was haunting android devices. Now more powerful than ever the latest version of NotCompatible.C has its own self protected encryption. Thus making this program difficult to find and delete.
Lookout Inc, a mobile security firm says that this version of the malware is a threat on a massive scale. Once in it has the tendency to control and hack data. It is an advance form of malware that can be seen on a PC a botnet so powerful that it has a server design architecture, P2P communications and as previously said encryption capabilities.
The programming of the malware is one of the hardest to kill malware that we have observed. Once the malware is installed it does not appear on the android operating system as it keeps itself in the background. It only works when the device is unlocked by the user or if it is restarted.
view
Source: Imgur
The only way you can find out is through Manage Applications>Settings. This will show you that an application by the long name of (com.andriod.fixed.update) is running. All you need to do is simply uninstall it.
OK, I know, some of you would tell my friend to just root the phone, delete the offending APK, and get on with it. Problem is it's under warranty, and he just isn't confident with hacking the device for now. He stumbled upon what appears to be an SMS malware app in /system, and while a few virus scanners flagged it as malicious, Kphone's customer support apparently shrugs it off in a (automated) reply to my friend's inquiry.
My friend bought it off QVC, and so far we haven't succeded in convincing either the manufacturer or QVC in recalling the device and/or issuing an OTA zip to rectify the issue in some way. To put it another way, we need confirmation that the app is of malicious nature, regardless of how the manufacturer tries to downplay or cover things up. I could more or less dechiper the code, but I'm no Java expert so any help would be appreciated.
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
wb8976 said:
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
Click to expand...
Click to collapse
And it's just as much of a disappointment when similar low-cost Android devices end up being tainted OOB, as what you mentioned on our forum some time ago, and when a friend of mine recalled a tablet belonging to a kid whose parent or relative is a friend of his, to which they had a rather hard time due to the sheer amount of popup ads being shoved up their throats, all thanks to the malware that's present in /system.
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
BatDroid said:
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
Click to expand...
Click to collapse
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
blakegriplingph said:
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
Click to expand...
Click to collapse
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
wb8976 said:
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
Click to expand...
Click to collapse
I could barely understand what the code does apart from a few functions, but it's still perturbing given the malware my friends and I encountered with no-name tabs previously.
Hi, after postponing for many years my phone finally snapped beyond logic (has an infinite system popup spam with "unfortunately x service has stopped working", with options like 'Wait' and 'Ok') and I thought this could be a good opportunity to try a custom ROM (since it was running too slow and Android was limiting resources too much, even before any of this). My phone uses Android 4.2.2 (Jelly Bean), I thought that alone was enough, but I just happened to see that it also has to match the device model... and after visiting all custom ROM websites, it seems that there's no support at all for this phone, which is utterly frustrating.
So, as a leap of faith, I'm asking here if there's any ROM known for being widely compatible that isn't indexed in search engines.
Wikipedia named some that have their websites down (or maybe the list is outdated).
Though it's not my first time installating OS in desktop devices (and laptops), I'm still entirely new in the actual android/mobile customization world.
Still waiting for a response.
waiting for a response x2
i have the same device. its possible to do something if you have knowledge about doing a kernel or modify some things man, i never find a rom for that but i can say..... uwu maybe a simple system apk modifications or deleting it......if your objetive is videogames you could delete all thrash things and have only the system essentials services to use more smothly.
Hello XDA, i believe this is my first time writing in XDA forums so apologize for any wrongdoings and if it had been posted before
https://imgur.com/gallery/OvbYFhP
I just seen this Thread on Twitter where there's an image that that can make devices crashes if you set it as a wallpaper or a lock-screen, the original user said particularly samsung device, as it will make the phone go into safe mode and required the phone to reset the data. Here's the original image link directed to google drive of the image:
https://drive.google.com/file/d/11rxzYvPcIOh_8GvS4XSC3YtbW3CecE-O/view?usp=drivesdk
Seen people actually did it and it did crashes their phone, most of them are Samsung and Pixel phones, but not all of them crashes too.
I don't know the technical terms and just curious how this could happen and is it a bug for certain devices or just Android Pie in general? (seen some people said it crashes Android Pie phone only). Is it related to the steganography of a code written behind the image?
For other contexts, here's another person crash log after they did it https://imgur.com/gallery/TSvmenT
So just wondering, what's happening here in the image?
Original tweet: https://twitter.com/UniverseIce/status/1266943909499826176?s=19
Obviously only devices with Android 10 are affected by it.
The exact reason for this can only be guessed at so far, but it is most likely due to the color space of the image. "As the quality of digital photos has improved, smartphones need to examine what the image 'color space' is to find out how to display it correctly," says an analysis by Ken Munro and Dave Lodge of security firm Pen Test Partners. "This way, a phone, for example, knows what exact shade of green it should display," the British "Guardian" quotes.
However, images may contain more color information than some devices can handle. This may cause the system to crash. "The software developers probably hadn't considered that this could happen," the experts said.
Huawei devices are not affected.
Hi all . Anyone else had the Tiktok app forced onto the A10 after a compulsory update and now on the O/S as an ESSENTIAL APP and cannot be deleted. Even the icon cannot be deleted off the screen.
So for me this is a step too far and wont be buying any Samsung products again. The phone was about to go in the electrical bin but I came across a program called ADB. Anyone used this to delete Tiktok. The app is not even listed in the apps section. So as its built into the O/S can ADB actually delete it permanently. As many are saying its not an essential app and some say its due to a lucrative deal . Odd Samsung wanting democracy yet force this on those who don't wont it globally. Its about blatant lack of democratic choice. I do know some newer Samsung Android owners that have not had it forced upon them. So am wondering if Samsung thought the older phone users may not complain so much is one of just several thoughts that come into mind.
I've not used ADB and see it appears to be used by developers only. In short can it delete this app built into the O/S - otherwise phone goes in the bin. Any non developer done this. I've searched many threads and am surprised no other comments concerning Tiktok as an essential app ? and one must accept it or have no phone. So I have no phone currently. Am looking at alternatives. Hard resets make no difference. Thanks for any info or thoughts on this.