[Q] looking for evidence of app installation - Android Q&A, Help & Troubleshooting

Hi all,
Today my Nexus 6 (shamu) on T-Mo running the factory Project Fi image (rooted LVY48C, 5.1.1) auto downloaded and installed "T-Mobile My Account" app. I promptly took a screenshot of it having been installed and then uninstalled it. I have since spoken to T-Mobile, Motorola, and Google tech support looking for answers, like, who initiated this install? How did it install without my consent? etc. But nobody can answer these questions. T-Mobile claimed they have no possible process for auto-installing this specific package (it's not an OTA package). Motorola pointed me back at T-Mobile. Google, oddly, has so far claimed they "cant answer that for you unfortunately".
This is unacceptable -- that an app (with so many access permissions ie phone ID, contacts, GPS, SMS, phone logs, microphone, etc) can be installed without my consent.
What I would like help with is finding my own answers to these questions. As [email protected] via an ADB shell, running logcat, it appears that history only goes back about 2 hours. I did not run logcat until several hours later. It appears that Android does not have capable logging mechanisms. I also was not able to find any references to "t-mobile" or "tmobile" in a Root Explorer search.
Can you please help me investigate? Where should I look?
Cheers!

Related

[Q] How can I prove that my Android Device (SGS2) has been used by someone else?

Back Story:
My phone was left in my house (shared with other people) yesterday while I was at work. When I got home I was checking missed calls, voicemail etc and I noticed that some text messages were missing. I looked a bit more and it seems that 2 seperate sms message threads had been deleted and a number of contacts had been deleted too. Now, this has happened before to another housemate but we couldn't prove that it had been done. We are pretty sure we know who did it but I need concrete evidence that the phone was accessed.
Phone Specs: Samsung Galaxy S2, rooted, running CM7 latest nightly. I also have Cerebrus installed if that helps.
So my questions are as follows:
1) Is it possible to see what activity was happening on my phone yesterday? I don't have any "logging" software running.
2) Is it possible to retrieve the deleted SMS messages?
I work in IT so am pretty tech savvy, just not in the workings of the Android OS!
All help greatly appreciated.
P.S. I have already been able to restore the contacts that were deleted using the restore functionality in gmail.
The short answer is no. It is, at least in theory, possible to "undelete" stuff, but it isn't usually practical. Even if you did, you wouldn't have "proof" in the legal sense.
That said, I have been involved in a similar situation. Here's the approach we used. It is reasonable to assume that this behavior will continue. Therefore, get some logging software installed. Do NOT talk about it. Do nothing out of the ordinary. Just quietly install some software that will let you see what is going on with your phone. I know there are apps which will email an alert when accessed, snap a pic from the front-facing camera, log SMS to email, remotely lock the phone, etc etc. Based on what you need to accomplish, get these set up and then BE PATIENT. wait a few days (unless you normally leave your phone at home) and leave it again when the person in question might be around.
A pic would be sufficient proof I would think for confronting a roomie. If nothing else log your sms's. I use integrated Google Voice so I'd get an alert on my PC even if I didn't have the phone (very handy, that), but that may not be an option for you.
I also use SeekDroid for remote locking, and I -think- there's a remote camera provision, but it's at a higher paid level than I am subscribed to. At any rate that's my suggestions.
Or, the simple solution: Put a better lock code on your phone.
-JB
A lock code would help prevent the behavior in the future. For catching the vandal red-handed, I believe an app like Gotcha! may do what you need.

[Q] New android phone, multiple questions

Hi all, I just received my new handset, a Sony Xperia Z3 Compact as an upgrade to my Samsung Galaxy S4. I'm not a noob per se, but these are noob questions I have, any answers for which I would be most grateful. My otherwise stellar google-fu has failed me these past two days and some clearer, direct advice and answers would be immensely helpful.
- A general question re: the Play Store. If I purchase a paid app, does it remain available to me to re-download and update forever after? Does it last between multiple/new devices? I want to buy Navigon Europe, but wanted to know if it's a once-only deal or remains available to me to download permanently.
- Contact syncing. On my past android phones, I've always somehow managed to import all my contacts from various online accts (eg. FB, GMail, etc). I have all my contacts (up-to-date) in Outlook on my PC and ideally want them, and only them, on my device contact list. I don't want the phone to synch anything with anything except my Outlook contacts but don't know what steps I can take to avoid that.
- Battery: I've had mixed messages about the first charge (currently in-progress at the time of writing!). Do Li-Ion batteries need to be charged for 16hrs or just until they're full?
- Converting the SIM Card: My S4 uses a MicroSIM, the Z3 Compact a NanoSIM. I heard they can be cut manually...is it safe to do that, or should I wait 3 days for TMobile (UK) to send me one?
I have two last questions that are more general advice than anything, but answers still appreciated!
- What apps/services are best to transfer my data over from my old handset to the new one? I can figure this out, but any recommendations from experience in doing the same would be welcome. I can figure out how to use them, just a general idea of apps/services to make sure I don't miss anything (texts, calendar, apps). Presumably I can download an app, *export* a file to my SD card, install the app and SD card on the new phone and "import" the file?
- This is a tough one...I have Barclays Mobile Banking app and kept my S4 stock since it apparently stopped working on rooted phones. I'd like to root my Z3 Compact but would have to stay stock for the Barclays app alone. Is there a good way to like trick the phone to believe it's not rooted, or stealth it, etc?
Any advice would be most gratefully received. I think I've answered the battery question but am still concerned about the rest. Many thanks in advance.
KingsGambit said:
Hi all, I just received my new handset, a Sony Xperia Z3 Compact as an upgrade to my Samsung Galaxy S4. I'm not a noob per se, but these are noob questions I have, any answers for which I would be most grateful. My otherwise stellar google-fu has failed me these past two days and some clearer, direct advice and answers would be immensely helpful.
- A general question re: the Play Store. If I purchase a paid app, does it remain available to me to re-download and update forever after? Does it last between multiple/new devices? I want to buy Navigon Europe, but wanted to know if it's a once-only deal or remains available to me to download permanently.
- Contact syncing. On my past android phones, I've always somehow managed to import all my contacts from various online accts (eg. FB, GMail, etc). I have all my contacts (up-to-date) in Outlook on my PC and ideally want them, and only them, on my device contact list. I don't want the phone to synch anything with anything except my Outlook contacts but don't know what steps I can take to avoid that.
- Battery: I've had mixed messages about the first charge (currently in-progress at the time of writing!). Do Li-Ion batteries need to be charged for 16hrs or just until they're full?
- Converting the SIM Card: My S4 uses a MicroSIM, the Z3 Compact a NanoSIM. I heard they can be cut manually...is it safe to do that, or should I wait 3 days for TMobile (UK) to send me one?
I have two last questions that are more general advice than anything, but answers still appreciated!
- What apps/services are best to transfer my data over from my old handset to the new one? I can figure this out, but any recommendations from experience in doing the same would be welcome. I can figure out how to use them, just a general idea of apps/services to make sure I don't miss anything (texts, calendar, apps). Presumably I can download an app, *export* a file to my SD card, install the app and SD card on the new phone and "import" the file?
- This is a tough one...I have Barclays Mobile Banking app and kept my S4 stock since it apparently stopped working on rooted phones. I'd like to root my Z3 Compact but would have to stay stock for the Barclays app alone. Is there a good way to like trick the phone to believe it's not rooted, or stealth it, etc?
Click to expand...
Click to collapse
Paid apps are transferrable between devices, assuming you use the same Google account that it is linked to.
When you sign into Google (and your other accounts) it will ask if you want to Backup and Restore. Just leave it unchecked and then when finished importing Outlook contacts, you can go into your Google account and just make sure to only sync the options you're interested in by checking/unchecking whatever boxes you need.
I find a good way to transfer texts, call logs, apps, etc from device to device is by using an app like Go Backup. You were on the right path with the idea of backing up on the phone, transferring to PC, and switching it to a new phone. If you don't have access to a PC at the time, you can use something like Wifi File Explorer Pro to connect to it, assuming you have access to wifi or can wifi tether between the 2.
Cutting of the SIM is possible manually, but if you don't have access to a good SIM card cutter tool (obviously you don't have one in your possession, but any respectable repair shop or cell phone provider will have one. It only takes 5 seconds, but still there is a slight risk of damaging the card. It is best to get a new one. It is possible to cut with a sharp Exacto knife or something of the sort, but when going to nano, the margin of error is so small that I don't recommend.
As far as root and Barclay's, I don't believe it is an option. There have been attempts to bypass this restriction, but I believe that it has been without success. See:
http://repo.xposed.info/module/com.devadvance.rootcloak
Thank you for your helpful reply! I've moved most of my data over successfully, installed/copied most apps and setup most accounts. I did however ruin my MicroSIM in my attempts at converting it to Nano size. Have ordered a replacement but currently unable to call or text. Ah well!
I took the plunge and blew some money on the Play Store. I have the apps working now, and hope that they will remain available to me hereafter.
Thanks for the info on the Barclays App. I think I will skip rooting again *sigh* It's very annoying. There's a bunch of bloat I cannot freeze/quarantine, the ability to move apps to the SD card isn't available...all for one app If I found an APK of an old version, from back when it worked on a rooted phone, that might be an option?
Only issue I now have (apart from getting used to a few changes!) is with Email. On the S4, I set up my email as follows: Email: Forwarding Address - Incoming Server: BT Internet - Outgoing: Gmail (Set to send using my forwarding address). It worked fine. Now on the Z3C, I no longer have a box to enter my "Email address". Only "Username" and "Password". I can get my Emails from BT, can send via Gmail but it comes with "On behalf of..." in the sender field which is driving me mad! These are the little things that reallyget aggravating. Spent 2 hours already trying to work it out

DeCrypting .crypt8 files from WhatsApp and locating the Crypt Key

Hey guys,
This is my first post on XDA. I have some knowledge of programming or otherwise manual operation of computers and like devices, but I am admittedly no expert, and more likely fall in between the novice and intermediate category. So excuse me if any of my questions sound somewhat fundamental. Normally, with some research, I'm able to figure out whatever problem I'm having and fix it. This time though, I've done all the digging I could and I'm still hitting a wall. So I could really use and would appreciate your help! Here's the situation...
I have a Moto X (2nd gen.) with a shattered screen and broken digitizer/display. The phone still functions (it vibrates and receives messages, etc. but the screen has zero life in it and remains completely black. I cannot get it fixed because I am in Mexico and apparently they do not sell this phone here (I originally bought it in the USA, through Verizon). I'm able to plug the phone into my MacBook Pro (OS Yosemite), and Android File Transfer pops up normally. So pictures, movies, music, all of that stuff I am able to recover without a problem. The main thing I'm after, however, is my WhatsApp History.
I have since bought a "new phone" - a Moto E, which operates almost identically, even though it's a dumbed down version of what I had, in order to be able to chat with people and maintain some very important convos through WhatsApp, which is how the rest of the world outside of the USA communicates. I am able, therefore, to download the WhatsApp folder onto my computer easily. Problem is, none of these programs that I've found are able to decrypt .crypt8 files without me either providing the Crypt Key (which I've gathered is found in a root folder that I cannot access) or by enabling USB Debugging (which I cannot with my broken screen).
Anyone familiar with WhatsApp might ask why I've gone through that trouble when I could simply open WhatsApp on the new phone and verify my number, which would then restore my chat history and contacts, except for this problem: My WhatsApp number was connected to my US line and Verizon phone number and never changed it in WhatsApp, despite having a Mexican sim card. Now, when I start WhatsApp, it requires that a verification text or call is made, which I obviously cannot receive. So I am unable to sync accounts this way.
If anyone could help me out here, I would greatly appreciate it. I don't need to sync them. I just want to read the messages that I missed the last week. Thank you very much.
John

(What are) Must have APPS and To-Do to newbies to Galaxy S9+ (?)

Hey all.
Within a couple of days I'm getting my new Galaxy S9+ (Exynos) phone.
I made a year break from Android and switched to Apple, and now I'm back.
Unfortunately, I know nothing about newest Galaxy phones.
Maybe anyone has suggestions what should I do (download) when I'll set-up my phone (I've watched all the reviews of "must have" etc., don't suggest me to do that)?
I used to root and unlock bootloader for each my android phone, but I won't do that to my Galaxy S9+ at least for 6 months.
Hence, many root apps not working: "AdAway", "Viper4Android" etc.,
Maybe anyone knows Ad Blocking app without rooting a phone?
Or just mention anything that newbie to Galaxy S9+ should know.
(If you're wondering why am I "spamming" with these "stupid" questions: And no, I didn't find any similar thread to this)
Thanks in advance!
I use to root and rom all my phones, but I don't think it is as necessary as before.
I also use to download all the tweaks, but I don't do that either.
Non-root to block adds try Blokada it is in the F-Droid store.
It is Free and it Works.
I also swear by ES File Explorer to view and move files on your app. Also to sync any cloud storage you have.
If you have a regular phone number and google voice number going to the same phone
Voice Choice 2.0 is a nice app that allows you to make calls with a specific number
i.e. family and close friends have you carrier number
work partners, resume, business line has your google number
when you make a call you don't have to select anything, based on your rules set up it will dial out using the appropriate number.
re
qnc said:
I use to root and rom all my phones, but I don't think it is as necessary as before.
I also use to download all the tweaks, but I don't do that either.
Non-root to block adds try Blokada it is in the F-Droid store.
It is Free and it Works.
I also swear by ES File Explorer to view and move files on your app. Also to sync any cloud storage you have.
If you have a regular phone number and google voice number going to the same phone
Voice Choice 2.0 is a nice app that allows you to make calls with a specific number
i.e. family and close friends have you carrier number
work partners, resume, business line has your google number
when you make a call you don't have to select anything, based on your rules set up it will dial out using the appropriate number.
Click to expand...
Click to collapse
Thanks! Maybe you know anything about removing / disabling Bloatware as well?
LaurynasVP said:
Thanks! Maybe you know anything about removing / disabling Bloatware as well?
Click to expand...
Click to collapse
check out this thread at your own risk. It works I disabled Facebook (don't see why that would be on and unlocked phone fro Samsung, but i digress)
https://forum.xda-developers.com/galaxy-s9-plus/how-to/s9-s9-bloatware-removal-thread-g960u-t3817810
Be careful with the commands and understand what is being done before you hit the enter/return key
Good thing about disabling is if you fubar the phone you can do a factory restore and start all over
I only disabled Facebook. will investigate the other software as i play with the phone. Only had it 2 weeks so far.
re
qnc said:
check out this thread at your own risk. It works I disabled Facebook (don't see why that would be on and unlocked phone fro Samsung, but i digress)
https://forum.xda-developers.com/galaxy-s9-plus/how-to/s9-s9-bloatware-removal-thread-g960u-t3817810
Be careful with the commands and understand what is being done before you hit the enter/return key
Good thing about disabling is if you fubar the phone you can do a factory restore and start all over
I only disabled Facebook. will investigate the other software as i play with the phone. Only had it 2 weeks so far.
Click to expand...
Click to collapse
Thanks, I'll keep everything in mind

Secure compromised device

Hi everyone! This is my first post, but I have used the search tool already without success. I am just a user, not developer and quite noob regarding mobiles and security.
Situation
1. I've got hacked, total control (photos, emails, camera, contacts, whatsapp, screen etc) of my unrooted android phone (xiaomi redmi note 7).
It was a targetted attack, no manual app installed, no unsafe 3rd party apps allowed. Attackers only had my gmail account (linked to android) and telephone number. I know them personally, and they leaked personal information to people at work (who enjoy it between them but won't help me at all).
No high consumption of battery/data. Just leeching information, launching some apps eventually, and few interactions with the screen minimizing etc.
2. I Installed antimalware (e.g malwarebytes), antivirus (avg, esset etc). No positive results. I also installed "Noroot firewall" to control programs accessing internet, nothing strange.
3. I've changed emails(new), SIM + Telephone. Got hacked again. I suspect my own wifi was compromised.
Additionally, added 2 step verification to emails, changed passwords, encrypted the device etc. I have found no IP from them in the emails log, nor alert from gmail. Only once a session from Linux device (not mine). I believe they have accessed through the device.
4. I want to restore the device somehow and avoid getting hacked again.
One of the problems I face is taht that now I'm not in the same circle of people from which I gathered most of the info on the leaked information, so I can't get to know if the actions I am taking got rid of the hack, besides some punctual actions they may do (launch app etc). So I have to act quite paranoid and do the most secure action.
Question
1. Any idea on how they managed to do that? how can I prevent it or prove it? a reset would get rid of any proof, but I kinda prefer it if it is once and for all.
2. A hard reset only formats one partition (user data), so if there is a trojan located in /system it would be pointless. With an unrooted device I can only get rid of /cache and /data.
Should I install another ROM?(my phone has always been unrooted) which one? (restoring the stack ROM would probably be pointless if the vulnerability is due to android...
3. Is there any other measure I could take?
I'd appreciate any help.
Thank you!

Categories

Resources