Why is rooting more dangerous- malware wise? - Android Q&A, Help & Troubleshooting

Hi,
So I was always under the impression that rooting is more dangerous because it lets applications more access to the system and let it perform more actions. However, now that I think about it can't this be handeled by a program that limits permissions?
Or do apps in a rooted phone behave differently than in an unrooted one (ie.can do actions not included in the permission system)?
What about an unrooted phone?
If I install a spyware what information can't it gather that it can on a rooted?
Thank you very much!

oy-ster said:
Hi,
So I was always under the impression that rooting is more dangerous because it lets applications more access to the system and let it perform more actions. However, now that I think about it can't this be handeled by a program that limits permissions?
Or do apps in a rooted phone behave differently than in an unrooted one (ie.can do actions not included in the permission system)?
What about an unrooted phone?
If I install a spyware what information can't it gather that it can on a rooted?
Thank you very much!
Click to expand...
Click to collapse
http://www.lockergnome.com/android/2013/01/25/how-safe-is-rooting-android-devices/
http://google.about.com/od/socialtoolsfromgoogle/a/root-android-decision.htm
http://www.bullguard.com/bullguard-...ity/mobile-threats/android-rooting-risks.aspx

Thank you for the links, I have alredy enconutered some of them previously (I usually Google before posting ) and they are part of my confusion.
On one hand: http://www.bullguard.com/bullguard-...ity/mobile-threats/android-rooting-risks.aspx says about apps with root access circumvent the security system, on the other: http://google.about.com/od/socialtoolsfromgoogle/a/root-android-decision.htm notes that you can control this access, so why does first warning exists?
Also, do superuser apps can detect every element and limit it accessability? For example, what about malicious code that I recieve from clicking on some pernicious link?
PS. When one of the pages said: "A common practice that people do with "rooted" phones is to flash their ROM's with custom programs." - it meant custom OS/ROM or did it mean the program you are using in order to perform flashing?
Thank you.

upity up.

Related

Temporary root access to install unsigned software?

Forgive my ignorance, but ive never used android before and expecting my phone delivered tomorrow (htc hero! )
As i understand it, the android app store signs the apps similar to iphones itunes store to prevent piracy and malware.
Is this correct?
Ive read about how one can "root" the device by loading a image file thru the bootloader over usb, but i wonder, is there a sudo command or similar to temporarily enable root access and later return to default state?
I suppose i could flash it with the root image, install the app and then flash back the default os image, but that feels pretty awkward procedure and would probably raise a bunch of new problems as how the default os would launch the app installed under another os.
I was hoping to start tinkering with programming, but im unsure if i can "throw in the app" and expect it to work..?
After using macĀ“s for over 20 years ive become too used to stuff just working right out of the box, so i dont feel like experimenting on my own...
There is an option in the settings that lets you install unsigned apps, so no rooting required.
xarvox said:
As i understand it, the android app store signs the apps similar to iphones itunes store to prevent piracy and malware.
Is this correct?
Click to expand...
Click to collapse
Not exactly! Many paid apps are copy protected, but most of the free ones are not. Unlike the iPhone, where you can only install "unauthorized" apps if you jail break the device, Android allows you to install and run applications from a variety of sources on a stock device.
In essence, you do not need to root the device to develop for it, but there are certain things that applications can only be done on a rooted device (for example, receiving a file via Bluetooth, WiFi tethering etc).
I was hoping to start tinkering with programming, but im unsure if i can "throw in the app" and expect it to work..?
Click to expand...
Click to collapse
Well, programming errors aside ( ), and as long as you don't need to do anything that requires root privileges, yes you can. You should bear in mind that the *vast* majority of Android devices will not have been rooted, and therefore the vast majority of available applications do not require rooted phones.
Personally, I expect that later Android builds will remove many of the restrictions that require applications to have root access, so that they can function without requiring a device to be rooted.
Regards,
Dave
Ive found a app that would tether my laptop (mac) over wifi, but requires me to root the device.
Is there a way to temporarily do this, install the app and make the neccisary changes and then switch back to default state?
I don't believe so.
As far as I'm aware, the application requires the elevated privileges when it runs as opposed to just configuration changes. I don't think that even a setuid would help, since I believe the app expects to find and use su/sudo.
Regards,
Dave

[Q] root & webtop2sd technical question

Hi,
I am new to the Atrix, but have a background in software development and was a sys admin on unix for a number of years.
I would like to know if, after a phone is rooted, do all apps run as root? or does routing simple install a setuid "su", and root apps call that when they need root access?
The webtop2sd post looks very complete and also something I will try soon. Do I need to unlock the bootloader to run a modified webtop from my sd card?
I would like to keep my phone as stock as possible, but enable a hacked webtop on the sd card.
Also there are 1000's of root threads, what is the safest canonical method (that can easily be undone)?
Many thanks and sorry for asking for your time. I have not found these answers around, but then again, there is a great amount of mis-information out there.
thx,
Scott.
Hi Scott.
I can only partially help you out; someone with more experience will answer at some point I'm sure. I'm running stock Gingerbread & rooted.
Regarding rooting: I followed the instructions on this site (which are duplicated across multiple sites, I'm sure). It worked just fine with no errors or other reasons to cause concern. That said, I'm not sure how to undo the rooting process other than by accepting an over-the-air update to ICS. Which is totally going to happen. ... <crickets>
I might be able to answer your root-app question: whenever an app requests root access, a dialog box pops up prompting me to allow or deny it. While I'm sure it's possible for a rogue rootkit to get in there if installing shady programs is your thing, I haven't yet had a problem. (A sidenote: there's an app on the market called LBE Privacy that gives you full control over app permissions: access to phone state, contacts, SMS, etc.)
Can't really help you on the webtop2sd thing, though I did install this modification to run the webtop over my HDMI cable, no lapdock required.

To root or not to root & viruses

Fact: 99% of mobile viruses are for Android.
In general it is never wise in a *nix environment to be root.
See this: http://www.howtogeek.com/132115/the-case-against-root-why-android-devices-dont-come-rooted/
So if I have an older Android device (the Defy+ in particular) I have the option of either root it and try the later CyanogenMod or not to root and stay with Gingerbread forever?
Is there a way that after I installed Cyanogenmod I somehow de-root or un-root the device for safety? I am not that technical; I guess it's not possible; so it remains more like a philosophical question. Not only about the Defy+ in particular but in general.
Un-rooting can depend on the device and the method used to root it.
Of course, you could always just delete your superuser app, or use an app encrypter to require a password to use it. I wouldn't bother though. The benefits of root are too good to pass up if you've already taken that leap. Back-ups, ad blocking, Xposed tweaks, etc.
Doing stupid stuff with a rooted phone can certainly ruin it. The solution is not to do stupid stuff. The best way to keep your device safe is to just use your head. If you want to clean up bloatware, use Clean Master or a similar app that lets you know whether uninstalling something will affect your phone. Only side-load apps from sources you (and other people) trust. Do you research before doing anything that cause a problem. If you don't know, ask here.
That "Fact" you have is absolutely pulled straight out of someone's @$$. Viruses - no. Malware - yes. Don't install shady apps from unknown developers and "99%" of the problems won't even be an issue. And you can run a custom rom without root, such as Cyanogenmod. All root is is enabling admin access of your phone. You can even enable and disable as needed. When you have a superuser app, it controls the root permissions of the phone and you have the option of denying root, allowing root once, to request in a certain time frame, or to run it always.

A lost beginner looking for privacy and control

Hello,
I recently acquired a Sony Z5C, planning on switching to LineageOS sooner or later, but the android tweking world is way more complex than I initially imagined. I am mostly concerned about privacy and control but there is so much to go through I am completely lost. I thought it was all about running either Sony's rom or the lineageos rom but there seems to be a lot more to take into account.
What I am looking for:
getting rid of Sony's annoying bloatware
getting rid of Google Play Services
automatic or semi automatic security updates
fine tuning of application permissions (including ability to deny specific apps access to, say, my location, contact list, camera, internet, sms, without the apps noticing they have been denied access in the first place)
ads and trackers blocking (for instance global or per-application blacklisting of known "evil" domains)
being able to restore everything as it was when I purchased the phone
f-droid begin able to download and install updates without manual intervention
as little side effects as possible resulting from the deletion of the Google Play Services
Icing on the cake:
no loss in camera quality (I read somewhere it is sometimes possible to use image-enhancing algorithms despite having deleted the required DRM keys)
no loss in gps accuracy
same battery life (or better)
encompassing all data traffic of specific apps through tor or another technology preserving distant services from identifying me and my mobile network operator from knowing I access said services
Questions:
What is the difference between opengapps and microg? How does it relate with lineage? At which point in the installation process is it involved?
What are the consequences of rooting the device?
What is the purpose of so called "Magisk"? I read it "changes everything" but I have no idea what "everythin" was. As far as I understand, it is useful to fake a genuine configuration that have not been tempered with in order to use Google Pay or some games. I do not seem to care about that: should I? Is there more to know?
Most important question: in your opinion, considering the above points, the phone I have, current trends and hindsight, and your experience, what would be the best way to go? Should I follow the installation steps on the official lineageos page for the Z5C or do you think another option would suit me better?
To illustrate my technical knowledge: I have been a gnu/linux user for almost a decade but I am completely ignorant of the Android world and feel lost. In particular the concept of "root" and how user and system data is organized on the filesystem(s) (especially on Sony devices) seem different. I am willing to learn and get technical, but there is too much information and I do not know where to start with zero experience.
Thank you very much for your help.
I am in same situation. Did things like that for Moto and Samsung already, but I am new to Sony.
Key is to install TWRP. This is some kind of recovery where you can
- make a backup
- install LOS
- recall backups.
Once this is done:
- install root/su
- tingle the framework (to get microG running)
- install microG
- install afwall (firewall)
- install adaware
only than plugin a SIM and/or enable Wifi.
So: first thing is to install TWRP
unlock Bootloader:
To be able to unlock your Xperia Z5 Compact, prepare it by following these steps:
Go into Settings > About phone and tap seven times on Build number to enable developer options.
From Settings, go into Developer options and enable OEM unlocking.
Warning: Device protection features will not work on this device while this setting is turned on.Please note! It will only be possible to unlock the boot loader for certain releases. You can check if it is possible to unlock the boot loader of your device in the service menu by following the steps below:
In your device, open the dialer and enter *#*#7378423#*#* to access the service menu.
Tap Service info > Configuration > Rooting Status. If Bootloader unlock allowed says Yes, then you can continue with the next step. If it says No, or if the status is missing, your device cannot be unlocked.
TWRP
https://forum.xda-developers.com/z5-compact/development/twrp-twrp-3-2-1-z5-compact-t3748952
A few words to your queston:
opengapps are not open source, they just add normal google apps to Custom Roms. With all pros and cons.
MicroG is offering some kind of api, so that most features can be used (notification, google maps, access to playstore).
They are installed after the custom rom. Some people don't install any of them, use FDroid as a store.
root gives you the chance to change settings, for a few advanced configurations it is required (or makes it easier): firewall, ad remove ...
No experience with magisk. It is another way of "rooting" it, gives more features (hide the root status) which is required for some games. Not needed it til now.
What seems to be missing from previous post is to backup your DRM keys since unlocking your bootloader means losing them FOREVER.
Regards,
Aeny
Aeny said:
What seems to be missing from previous post is to backup your DRM keys since unlocking your bootloader means losing them FOREVER.
Regards,
Aeny
Click to expand...
Click to collapse
Right, but didn't you need TWRP to make a backup. And that is on my list, first point. Or is it a special step to do?
Thank you for your help and valuable information which now raises even more questions
If I get things right TWRP is low level stuff that would allow me to backup and restore the system whenever I need to. Say for instance I just installed LOS and configured it as desired so I use TWRP to get a backup and if I later mess things up I can restore this backup without having to go through the whole installation and configuration process? How does the official LineageOS installation guide fit in all this, sould I follow it? Do I need to follow a completely different procedure? I am not planning to tinker anympre once everything has been set up, is TWRP only recommended for people who often experiment and change things or is it recommended for everyone?
The DRM keys are removed when unlocking the bootloader but since TWRP requires an unlocked bootloader they have to be backed up beforehand, am I right? Does it mean I can restore them afterwards once the bootloader has been unlocked without locking it up again? How can I back them up in the first place?
I cannot seem to picture how all the pieces fit together, which is low level stuff, which is high level. When you say "install microg", "install afwall", "install adaware", what are microg, afwall, adaware? Are they regular applications? Regular applications with root access? Low level modules? How is root managed in comparison with a gnu/linux system where I can either directly log as root, change user to root with "su", or get temporary privileges with "sudo"? When you say "install root/su", are we simply talking about installing the equivalent of "su" or "sudo" on a linux distribution? Is there a root password I shall input each time it is required or provide some applications root privileges through a configuration app? Is such an application to be installed separately?
Thank you for the clarification about opengapps/microg. I am interested in microg although I can give a try without in the beginning as long as it is still possible to install microg later.
fetchaspade said:
WRP only recommended for people who often experiment and change things or is it recommended for everyone?
Click to expand...
Click to collapse
Yes, highly recommended if not even required. All my LOS setups run via TWRP.
fetchaspade said:
The DRM keys are removed when unlocking the bootloader but since TWRP requires an unlocked bootloader they have to be backed up beforehand, am I right? Does it mean I can restore them afterwards once the bootloader has been unlocked without locking it up again? How can I back them up in the first place?
Click to expand...
Click to collapse
Good point. Don't know where do I need this DRM keys for, as I did't faced off this with other mobiles.
I think you have to make a backup of the TA partition:
https://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597/
fetchaspade said:
I cannot seem to picture how all the pieces fit together, which is low level stuff, which is high level. When you say "install microg", "install afwall", "install adaware", what are microg, afwall, adaware? Are they regular applications? Regular applications with root access? Low level modules? How is root managed in comparison with a gnu/linux system where I can either directly log as root, change user to root with "su", or get temporary privileges with "sudo"? When you say "install root/su", are we simply talking about installing the equivalent of "su" or "sudo" on a linux distribution? Is there a root password I shall input each time it is required or provide some applications root privileges through a configuration app? Is such an application to be installed separately?
Click to expand...
Click to collapse
addsu is to flash via TWRP in same manner like LOS itself - as a zip. Others are regualar applications (installed like that) but required root privileges to work. No root password required. Once an app needs it it will ask you, and if you like it remembers you allowed it (so it will ask just once usually). Recommend to try this. You can't do much wrong if you create a backup
fetchaspade said:
Thank you for the clarification about opengapps/microg. I am interested in microg although I can give a try without in the beginning as long as it is still possible to install microg later.
Click to expand...
Click to collapse
MicroG is a bit more fiddling to install than gapps and seems to has limitations. There are separate threads for just this.
Just start, you will get a feeling for that all.
Edit: But
there is already a lineagos with microG built-in:
https://download.lineage.microg.org/suzuran/
Thank you starbright_
To recap, I am to unlock the bootloader, install TWRP, flash addsu via TWRP, flash lineage enhanced with microg, and I'm good to go.
I'm still stuck on the very first step: backing up the TA partition. If I'm not mistaken I need the TA backup tool which requires root access. Root access requires an unlocked bootloader (which would remove the TA partition and the DRM keys) or is achieved for a limited amount of time thanks to exploits. According to both https://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597/ and https://forum.xda-developers.com/z5-compact/general/guide-how-to-root-z5c-painful-using-t3549388, it won't work on recent versions (7.1.1) so I need to downgrade. How can I do that? I imagine I need a tool to flash an old official rom: where am I to find an old official rom? How can I flash it without having an unlocked bootloader?
Backing up the TA partition really seems cumbersome. Is the loss of quality really noticeable on photos and videos? I find photos quite disappointing already and I fear it would get even worse.
On an unrelated topic, do you now of any way to backup SMS conversations as a simple file to import later on the same or different device? All I can find are applications that back up messages on a GMail account (no thanks) or any IMAP server (in what world is it simpler than an xml or simple text file ?).
Maybe you can translate this:
https://reraise.eu/2016/09/05/xperia-z5c-so-sicherst-du-die-ta-partition-teil-1
On an unrelated topic, do you now of any way to backup SMS conversations as a simple file to import later on the same or different device? All I can find are applications that back up messages on a GMail account (no thanks) or any IMAP server (in what world is it simpler than an xml or simple text file ?).
Click to expand...
Click to collapse
I'm using titanium backup for that.
(menu / backup data to xml)
@fetchaspade
Did you start your project? I would appreciate to take notes of your step. That's not only helping others, but also yourself once you have to do the steps again once.

Girlfriend virus

Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful

Categories

Resources