Related
I know AOSP supplied device encryption isn't completely brand new in its entirety regardless of phone model (or even for phones). However since it was only introduced in HC for tablets, ICS does change things since it's first official version meant to run on tablets and phones.
I have Exchange ActiveSync and a policy enabled on there that requires device encryption, however not the external SD card encryption. I have encryption enabled on my ASUS Transformer Prime running ICS. Everything on that unit is still stock and not even rooted, so I haven't tried it on there to see one way or another. However, prior to this I owned a Windows Mobile 6.5 phone (no comments guys). It functioned practically the same way in that the moment you connected via Exchange it started the encryption process and works in the same manner. Quite interesting to see vs. using all these extra apps like Touchdown or Good for Enterprise to augment that capability.
There's a lot of mixed responses on the forums about Android device encryption and custom ROMs, especially for phones that got official ICS early like the Galaxy Nexus. The biggest claims was hindering or even making it unable to install custom ROMs. In this case I could see the issue of the catch 22 of loading a custom ROM without having an external SD card slot.
What the HTC Rezound?
Seems like if we have SD card slots, we can still custom flash and have encryption enabled? Anyone try this yet?
Wrong section. General is for posts like this
hceuterpe said:
I know AOSP supplied device encryption isn't completely brand new in its entirety regardless of phone model (or even for phones). However since it was only introduced in HC for tablets, ICS does change things since it's first official version meant to run on tablets and phones.
I have Exchange ActiveSync and a policy enabled on there that requires device encryption, however not the external SD card encryption. I have encryption enabled on my ASUS Transformer Prime running ICS. Everything on that unit is still stock and not even rooted, so I haven't tried it on there to see one way or another. However, prior to this I owned a Windows Mobile 6.5 phone (no comments guys). It functioned practically the same way in that the moment you connected via Exchange it started the encryption process and works in the same manner. Quite interesting to see vs. using all these extra apps like Touchdown or Good for Enterprise to augment that capability.
There's a lot of mixed responses on the forums about Android device encryption and custom ROMs, especially for phones that got official ICS early like the Galaxy Nexus. The biggest claims was hindering or even making it unable to install custom ROMs. In this case I could see the issue of the catch 22 of loading a custom ROM without having an external SD card slot.
What the HTC Rezound?
Seems like if we have SD card slots, we can still custom flash and have encryption enabled? Anyone try this yet?
Click to expand...
Click to collapse
You bring up good questions, but I'd ask a Mod to move this to general.
Sent from my ADR6425LVW using xda premium
My exchange policy also mandates encrypting the SDcard. Worst experience EVAR. It failed ot do it properly and I ended up having to put my phone back to stock in order to get it rooted again.
I also noticed that I no longer the setting to install apps from a unknown source any more. I uninstalled my exchange account and checked that setting and re-added my exchange account and so far its been ok.
Also I had it encrypt my external SD card not the internal one. I will NOT be doing that again.
Apex i ITR said:
My exchange policy also mandates encrypting the SDcard. Worst experience EVAR. It failed ot do it properly and I ended up having to put my phone back to stock in order to get it rooted again.
I also noticed that I no longer the setting to install apps from a unknown source any more. I uninstalled my exchange account and checked that setting and re-added my exchange account and so far its been ok.
Also I had it encrypt my external SD card not the internal one. I will NOT be doing that again.
Click to expand...
Click to collapse
Same thing just now!! It went through the encryption process and though it nearly finished, the process crashed and corrupted the data partition. Doing a wipe won't work because it says "can't mount /dev/block/mmcblk0p35!, already exists!"
MOD: Can you move this to general?
Yup I pulled my hair out with this. NOTHING works. You have to download the Verizon RUU. I would launch it from a windows machine and have it do its thing the regular way. Once its done you can go through your unlock process again. Seems there is a problem with the encryption process.
It's broken
I tried encryption again with a different ICS ROM (CleanROM 3.7, first was Xtreme). Same exact problem. I think the leaked ROMs are broken in terms of encryption. Doesn't surprise me that much, these aren't not official stable releases...
Long story short, at least for for now DO NOT try to enable device encryption with any ICS. I really hope HTC fixes this issue before they push out a final...
I have had the Rezound for awhile now and have flashed every version of CleanRom (ICS). I use Exchange and my company's security policy requires a pin and SD card encryption. I have had zero problems (lucky me I guess). However, there is a mod that will remove all security requirements on CleanRom and it worked for me. I know company admins will not be happy to hear about that, but the link is below. Not my work and I don't guarantee the results, but worked great for me. Just a note that I found the easiest process was to: 1) Remove all email accounts and clear data on the Mail app, 2) Use ES File Explorer (root access in settings) to mount as R/W, delete the original Mail.apk, 3) Restart phone and copy modified apk (provided in link), 4) Restart phone and setup email accounts. Notes: The download in the link is a zip file and must be renamed to Mail.apk, also you will may get the security message after adding your exchange account, but won't have to setup the pin or encrypt card.
http://forum.xda-developers.com/showthread.php?t=1520431
Hope this helps someone else.
Update: Forgot to add that it appears once I accepted the security policy on the original Mail.apk, I was unable to remove the pin requirement without a factory reset. Then I followed the steps above. Also, decrypting your SD card requires a wipe. Hopefully, that won't be the same for anyone else, but it may be worth it to get rid of the pin and the buggy encryption. Also, the steps in the link may work for you, just didn't for me. Could be my own fault. Anywho, working exchange now with no pin or encryption so I'm happy.
Encryption takes a lot of time with cm 10.2 from volk
How much time I have to calculate for exchange active sync device encryption.
Badadroid v3 on wave S8500 ....
Our exchange server pushes device encryption policy and after starting i takes hours.. But on cm 10.1 v2.1 3hours where enough... Now it tooks 4h and its still running...
Are there any ways to check the progress ?
Hey guys! I was wondering why can't we encrypt /sdcard as we do for /data?... In my opinion my files/documents/photos are sensitive information as my data partition is...
Up?
Seriously, no one?
Unipo said:
Seriously, no one?
Click to expand...
Click to collapse
Little late... Anyways, I too am wondering all the time why encryption seems to be relevant for only a really small number of users.
Since you can only encrypt your SD Card with LOS when formatting it as internal storage via assistant, I chose to go this way:
https://guardianproject.info/2011/02/02/create-an-encrypted-file-system-on-android-w-luks/
Did you find another solution?
@two_handed
Sorry I moved to CopperheadOs, my Mi5 was only pure lineage with F-Droid as system app.
I noticed that you don't have access to /data on you encrypted lineageOs phone which means apps data, pictures, music, etc... But you still have access to everything else (/system included) through adb/fastboot.
I wanted a secure phone without google crap, only FLOSS apps, and CopperheadOs is one of the few allowing you (more like forcing you) to relock you bootloader to activate boot secure and prevents anyone to use fastboot/adb shell if your phone gets stollen.
Concerning your question, maybe this http://sovworks.com/eds/ ? Sort of veracrypt for android, also working with veracrypt containers.
After losing all the data of my internal storage twice, I am searching for a final solution of this disaster.
If I let the phone encrypt everything, am I facing the problem of accessing it through twrp again?
Sometimes I just forget to install the decryption patch after each update.
Often I saw twrp asking me for a pattern, after an unwanted encryption. I couldn't enter a code like 6363 by swiping. --> data lost!
Any advice would be really appreciated.
SilentEYE said:
After losing all the data of my internal storage twice, I am searching for a final solution of this disaster.
If I let the phone encrypt everything, am I facing the problem of accessing it through twrp again?
Sometimes I just forget to install the decryption patch after each update.
Often I saw twrp asking me for a pattern, after an unwanted encryption. I couldn't enter a code like 6363 by swiping. --> data lost!
Any advice would be really appreciated.
Click to expand...
Click to collapse
Fastboot and install the twrp with decryption support
Just rename it to recovery.zip before install
No need for passwords in twrp
FDE is optional when using this
https://www.androidfilehost.com/?w=files&flid=283470
pingufanpoy said:
Fastboot and install the twrp with decryption support
Just rename it to recovery.zip before install
No need for passwords in twrp
FDE is optional when using this
https://www.androidfilehost.com/?w=files&flid=283470
Click to expand...
Click to collapse
I already had installed twrp with encryption support.
After flashing havoc rom the system started encrypting my internal storage.
TWRP was asking for encryption password, but there was none, because it was a clean flash.
The first time my system got encrypted ( maybe even deleted) was after upgrading to vendor / firmware v10.
Gesendet von meinem Redmi Note 4 mit Tapatalk
You need to flash Force encryption disabler zip every time you upgrade ROMs because on Pie encryption gets enabled on boot. Even if you decrypt using TWRP, if you flash another ROM it will still encrypt on boot if you don't flash FED.zip. I learned this the hard way too
AntwnhsAnt said:
You need to flash Force encryption disabler zip every time you upgrade ROMs because on Pie encryption gets enabled on boot. Even if you decrypt using TWRP, if you flash another ROM it will still encrypt on boot if you don't flash FED.zip. I learned this the hard way too
Click to expand...
Click to collapse
Sorry, but I don't get it.
At its very first boot, LOS encrypted my unencrypted phone without asking me for the key.
So I think it just chose a key at random (or maybe even an hardcoded one: who knows?).
How can this even work with (any) update?
What if I need to reboot my device? Will it reboot? (I don't dare to even test it).
I also run LOS on another phone (OP3T) which has asked me the encryption key when I chose to encrypt it.
So I see two main oddities with this phone:
LOS is encrypting MY OWN phone without asking me permission to do so and
LOS is failing to tell me which encryption key it's using, thus acting more like a bitlocker than as a security feature.
And I need a way to chose my very own encryption key, anyway. How to?
Uqbar said:
Sorry, but I don't get it.
At its very first boot, LOS encrypted my unencrypted phone without asking me for the key.
So I think it just chose a key at random (or maybe even an hardcoded one: who knows?).
How can this even work with (any) update?
What if I need to reboot my device? Will it reboot? (I don't dare to even test it).
I also run LOS on another phone (OP3T) which has asked me the encryption key when I chose to encrypt it.
So I see two main oddities with this phone:
LOS is encrypting MY OWN phone without asking me permission to do so and
LOS is failing to tell me which encryption key it's using, thus acting more like a bitlocker than as a security feature.
And I need a way to chose my very own encryption key, anyway. How to?
Click to expand...
Click to collapse
Its not LOS its the vendor/firmware flashed, everytime you put a new/vendor firmwar it "force encrypts" your phone on first boot. So used "disable force encryption" if you dont want it. Its just how it is so stop whining about "final solutions" for a disaster. Theres no disaster spen 10$ on an sd card and move your pictures or whatever there even while encrypted you can (keep it portable) then theres no problem.
Mooatreides said:
Its not LOS its the vendor/firmware flashed, everytime you put a new/vendor firmwar it "force encrypts" your phone on first boot. So used "disable force encryption" if you dont want it. Its just how it is so stop whining about "final solutions" for a disaster. Theres no disaster spen 10$ on an sd card and move your pictures or whatever there even while encrypted you can (keep it portable) then theres no problem.
Click to expand...
Click to collapse
I surely haven't fully understood this encryption thing.
Mainly because on one phone, the OP3T, it was done by the OS itself upon my request with my encryption key.
While on another one, the POCO F1, is being done by something else, the so called "vendor software".
I was willing to have encryption on the POCO F1, it looks like I cannot have it. Bare truth.
With LOS v16 on an OP3T, if I reboot to TWRP recovery (or system) and don't provide the key I defined myself, I won't get access to the storage.
With LOS v16 on a POCO, I can reboot to TWRP recovery (or system) and have the storage decrypted by the " vendor software" without providing any key.
So, to my very limited understanding at least, POCO F1 doesn't have encryption unless you are trying to access the storage from the bootloader or from a device which has been turned off!
Or am I missing something very important?
P.S.
I don't see how a uSD card would save me. Can I enable user controlled encryption on an uSD?
so I picked up a used pixel from craigslist. seems ok. but I starting thinking... how can I be certain this phone is not booby trapped. it would be awful to have a trojaned device and not really know it.
I searched quite a bit about about malware that can survive factory reset. so it seems that simply resetting is not so great.
then I thought adb sideload an official google factory image to both slot a and slot b would purge any demons. but then again, I cannot find any documentation that make it clear what get overwritten and and what doesn't. (eg do the bootloader or recovery partition remain intact... seems like a great place to hide malware on a booby trapped phone). similarly, it is unclear what /system paritition blocks get replace.. all of them? some of them? can a clever trojan/rat survive an ota?
and then there is the full factory image install via fastboot. the problem is that I cannot enable oem unlocking b/c Verizon locked bootloader. booooooo
final thing. and the trigger that really had me thinking about this. after setting up the phone and connecting to the network, I saw a notification that subtley asked to install a Google screen reader. no idea why. and no google searches return anything useful. was this device hacked already??!
specifically the notification said:
"install app for screen share" and "tap to install from the play store"
so, any security minded android users out there who can help me understand if I need to trash this phone?
Infrequent pop-ups when using a web browser or when running an app can be normal. However, if you are getting pop-ups even when you’re not opening a browser or when using a totally different app, there could be malware in your phone. Malicious pop-ups are often brought about by a bad app that you may have installed in the past. In some cases, legit looking apps may update to a sinister version after some time and cause pop-ups to be displayed.
Run the phone in safe mode and observe it. Safe mode is great tool in detecting a problem app. On this mode, all third party apps will be suspended so if the problem is absent when your Android is running on safe mode, that means there’s a malicious app in the system. While in this mode, you should be able to use preinstalled apps normally as well as use basic networking services without a problem.
My recommendation to have a malware-free phone:
Do a factory reset
Before re-installing any app install an anti-virus app
So will sideloading an official factory OTA image using adb from recovery, completely remove any malware? (I read about malware that can survive a factory reset.)
Also, has anyone else ever seen a notification asking to install a screen reader? This appeared after a factory reset, immediately after connecting to the wifi network. No apps installed.
A factory reset really only deals with the Data and the Cache partitions. System partition isn't affected. This is true regardless device is rooted or not So if malware got installed in System partition it survives a factory reset. A factory reset will also not remove any ROM upgrades or OTA's.
Hopefully by now you have a better understanding of what a factory reset is.
May be the browser - what typically is installed as system app / system-privileged app - is the culprit: Use another browser and see what happens.
I think I understand how the factory reset works. For this discussion, I am do used on Google Pixel line, no modifications, and no root, and only app from the official Play Store.
The adb sideload of a Google factory OTA is the part I don't fully understand.
For example, doe the OTA merely replace files? Or does to do a bitwise blocklevel swap? Does it modify anything in the bootloader, or recovery partitions?
I cannot find clear documentation on this.
The notification requests to install Screen Reader do not come from Chrome or any browser. They appear to come from the system. (Android 10).
So what I am trying to figure out is whether some malicious actor/app installed a persistent malware into the system partition, or the bootloader, or the recovery. Such that a factory reset cannot remove it (like with xHelper malware)
Like for example, can a malware get into the system partition, and a manual adb OTA sideload , or even manual fastboot factory image install, fail to remove the malware from the system partition? That would be. a nightmare for security.
Finally, I cannot find any documentation from Google that Pixel (3) on Android 10 will automatically try to install a screen reader as a native operation.
Basically, is this used, never rooted phone, permanently Trojan-ed junk now?
@thehighhat
Sorry to say this: I'll no longer waste my time with this ...
oops: duplicated post deleted
jwoegerbauer said:
...
My recommendation to have a malware-free phone:
Do a factory reset
Before re-installing any app install an anti-virus app
Click to expand...
Click to collapse
OK. Not sure why you're done with this - if you have insight, sharing it is good for everyone.
anti-virus (13 different ones) all show no malware. shows it is clean.
there are well known malware that can survive a factory reset.
the notification to install "screen reader" occurred immediately after a newly wiped phone connected to internet, even before any of the default apps (chrome, settings, etc.) opened
still looking for answers from someone who knows:
has anyone ever seen a system notification asking to install a "screen reader"?
does anyone know if
Code:
adb sideload official.google.ota.img
on a pixel modifies the boot partition or the recovery partition?
does anyone know if that manual ota install will guarantees the system partition contains only unmodified valid files/blocks?
thehighhat said:
OK. Not sure why you're done with this - if you have insight, sharing it is good for everyone.
anti-virus (13 different ones) all show no malware. shows it is clean.
there are well known malware that can survive a factory reset.
the notification to install "screen reader" occurred immediately after a newly wiped phone connected to internet, even before any of the default apps (chrome, settings, etc.) opened
still looking for answers from someone who knows:
has anyone ever seen a system notification asking to install a "screen reader"?
does anyone know if
Code:
adb sideload official.google.ota.img
on a pixel modifies the boot partition or the recovery partition?
does anyone know if that manual ota install will guarantees the system partition contains only unmodified valid files/blocks?
Click to expand...
Click to collapse
If you fastboot flash an official google system.img partition. From Google. With the correct hash value to insure correct download. It should flash the entire partition. Same goes for any other partition. If you have a certified unmodified image and flash it, the entire partition should be flashed, not just part of it.
With OTA updates. You only get patches. At least that's how the normal process goes. You got the smaller sized ota update and it only modifies the specific files that are being patched for that particular OTA update.
So with normal OTA only pieces of the partitions get updated. Sometimes they all are not touched with every update.
Delgoth said:
If you fastboot flash an official google system.img partition. From Google. With the correct hash value to insure correct download. It should flash the entire partition. Same goes for any other partition. If you have a certified unmodified image and flash it, the entire partition should be flashed, not just part of it.
With OTA updates. You only get patches. At least that's how the normal process goes. You got the smaller sized ota update and it only modifies the specific files that are being patched for that particular OTA update.
So with normal OTA only pieces of the partitions get updated. Sometimes they all are not touched with every update.
Click to expand...
Click to collapse
Thank you. This is exactly what I was looking for
So it sounds like file level replacement instead of block level.
Does the ota verify the other files on the system partition that it does not intend to modify?
thehighhat said:
Thank you. This is exactly what I was looking for
So it sounds like file level replacement instead of block level.
Does the ota verify the other files on the system partition that it does not intend to modify?
Click to expand...
Click to collapse
It does in the sense that it verifies before and after the process begins/ends, the correct size of the partition. This is true in the sense of Ssmsung devices and how the typical standard recovery image works.
But it is the update zip that does most if not all of the size/digest verifications after the files have been patched. Because there is no real way for the rom to know how big the updated build(s) is going to be before the update arrives.
Generally I've seen it verify all the hash values are the same as last time it updated when it begins. And the update zip specifies the ending size.
Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful