Question about data saving after app deletion - Android Q&A, Help & Troubleshooting

I am using Android 6.0.1 though i'm not sure that would make a difference with my question. So my question is after an app has been uninstalled through Settings --> Apps and then clicking the "Uninstall" button after selecting the particular app is there, in general, any evidence left on the phone that the app was ever installed? Secondly, if so how can that evidence be removed? Sort of like how a browser has a "browser history" after you've visited sites is there anything analogous in a history or a cache of some sort that can be recovered to see that the app was once on the phone and OS (barring a sophisticated forensic analysis). If i were to hand the phone to someone who is tech savvy or knows their way around android would they be able to ascertain that the app was once there?

Hey @AndroidPlistic,
So my question is after an app has been uninstalled through Settings --> Apps and then clicking the "Uninstall" button after selecting the particular app is there, in general, any evidence left on the phone that the app was ever installed?
Click to expand...
Click to collapse
The short answer is yes it is very likely that there is evidence left by the app.
Uninstalling the app will automatically clean up the private storage areas used by the app however any created files or modifications to files in the common storage area will remain and could be used as evidence that the app was installed at some point.
Orphaned data left over could include:
System log messages which would include the unique identifier for the app, e.g. com.skype
Files in common areas of the file system, e.g. photos saved by a photo editing app.
Secondly, if so how can that evidence be removed? Sort of like how a browser has a "browser history" after you've visited sites is there anything analogous in a history or a cache of some sort that can be recovered to see that the app was once on the phone and OS (barring a sophisticated forensic analysis). If i were to hand the phone to someone who is tech savvy or knows their way around android would they be able to ascertain that the app was once there?
Click to expand...
Click to collapse
While I haven't used them there are a number of apps that claim to provide an automatic app cleaning feature. Examples include: "SD Maid" and "ES File Explorer". These apps would search the common areas of the phone to see if there are any orphaned files based on some kind of proprietary smarts however there is no guarantee that these will find every file created or modified. I'd also be surprised if they automatically cleaned the system logs as they are primarily designed to increase free space on the device rather than forensically clean data from it.
If you really wanted to ensure that the installation of an app was never known about based on the information on the device itself I would recommend a full factory reset of the phone.
Hope that helps.

Related

[Q] Temp install apps-app?

Is anyone aware of an app (compatible with Gingerbread/2.3.6, rooted) that can temporarily install an app?
Even with Link2SD there's only so much internal space available and things get real hairy when you approach the limits (lib file extraction on startup faster than Link2SD can move things, data Link2SD can't/won't move, large apps that install to internal first, etc.)
( Something Google seemingly copied from Windows Mobile - it was a pain on WM, it's a pain on Android (pre-ics?) )
But many apps find rather infrequent use and so don't technically need to be installed at all until needed - at which point the install process (a few seconds) is quite acceptable.
Right now I manually install/uninstall but it would be awesome if there were an app that could automatically...
1. install an app from an APK
2. launch the app (where applicable)
3. uninstall the app when closed
Even more awesome would be if it could...
- Create an app itself with the icon from the original app (so that an 'uninstalled, but available' app can remain visible in launchers/etc.)
- Have a delay on the uninstall process (when just flipping back to a previous app, intending to go to the temp-installed app again within a time limit).
or
- Have a notification that could be tapped for uninstall on-demand
I did search, but between 'temporary root' and 'batch install' type apps popping up as results, I have not found what I'm looking for.
If such an app doesn't exist - could it?
And if you believe it could because you're a dev, would you be interested in developing it? ( my next stop after this would be hitting up e.g. vworker, so I'd be happy to fund initial development )
PseudoBob said:
Is anyone aware of an app (compatible with Gingerbread/2.3.6, rooted) that can temporarily install an app?
Even with Link2SD there's only so much internal space available and things get real hairy when you approach the limits (lib file extraction on startup faster than Link2SD can move things, data Link2SD can't/won't move, large apps that install to internal first, etc.)
( Something Google seemingly copied from Windows Mobile - it was a pain on WM, it's a pain on Android (pre-ics?) )
But many apps find rather infrequent use and so don't technically need to be installed at all until needed - at which point the install process (a few seconds) is quite acceptable.
Right now I manually install/uninstall but it would be awesome if there were an app that could automatically...
1. install an app from an APK
2. launch the app (where applicable)
3. uninstall the app when closed
Even more awesome would be if it could...
- Create an app itself with the icon from the original app (so that an 'uninstalled, but available' app can remain visible in launchers/etc.)
- Have a delay on the uninstall process (when just flipping back to a previous app, intending to go to the temp-installed app again within a time limit).
or
- Have a notification that could be tapped for uninstall on-demand
I did search, but between 'temporary root' and 'batch install' type apps popping up as results, I have not found what I'm looking for.
If such an app doesn't exist - could it?
And if you believe it could because you're a dev, would you be interested in developing it? ( my next stop after this would be hitting up e.g. vworker, so I'd be happy to fund initial development )
Click to expand...
Click to collapse
try this app Quick App Install once:
https://play.google.com/store/apps/details?id=com.bitants.quickappinstall&hl=en
vivek_bhoj said:
try this app Quick App Install once:
https://play.google.com/store/apps/details?id=com.bitants.quickappinstall&hl=en
Click to expand...
Click to collapse
Thanks - that app is definitely useful in terms of a nicer graphical interface to APKs stored on the SD card (finds them very quickly, originally made via App Backup & Restore), but unfortunately doesn't seem to do any of the things I was wondering about, unless I'm missing a hidden gem there
I also tried some other app backup/restore type apps in case any of them did the trick.. Delta Backup (com.ds.deltabackup), My Backup Root (com.rerware.android.MyBackupRoot), AppMonster Free Backup Restore (de.android_telefonie.appmanager) and Ti Backup (com.keramidas.TitaniumBackup), and while they were all capable app backup/restore apps, none of them really facilitate easy 'temporary install' or organization (long flat lists or "You get 2 categories: Apps and Games" make me just hit up Total Commander instead).
So, still looking

[Q] Android Security Questions

I am a hardware engineer with some limited software knowledge. I am ULTRA paranoid when it comes to security and have a few questions:
1) People do seem to be paying attention to app permissions now. If an app only had network and storage access permissions, people would probably think it seemed pretty tame. Am I wrong in thinking this is probably the most dangerous an app could be? With these permissions it seems that the app could siphon EVERYTHING off your phone to their servers.
I guess my question would be, do Apps that have read/write storage access, have at the very least read access to all files? For example, it seems that my music app can scan for music, which is fine obviously, but what is stopping it from scanning ANYTHING else on my phone? Like business related documents, private notes, etc...then uploading these to their servers.
2) If an app only has network access, but no access to storage, I assume it would have no ability to add anything malicious locally after installation (or transmit anything off your phone)? Basically, can an app load malicious code from the network?
3) One nice feature on the iPhone is that a full reset actually does a decent job protecting your data. On Android this is not the case. Does Android device encryption actually encrypt everything (i.e. starting from the root (/) directory)? If this is the case, I would assume that a full device encryption, followed by a factory reset would nearly be akin to running a dd urandom on the drive.
4) Google seems to be stepping in the right direction with the new App Ops in Android 4.3. I am not sure what direction they will be taking this, but currently on my Nexus 7 it does not allow you to prevent access to storage or the network (for example I would like to block Final Fantasy from having network access and Weather Bug from having storage access).
Regardless, can an app automatically run on installation? The reason I ask is let's say you are downloading a seemingly benign app, but it really wants to make a dump of personal data and send it to their servers. If I download the app, could it start doing this immediately, or would I need to manually launch it first? If this was the case, then App Ops would not be very useful against certain malicious apps if they have the 1-2 minutes to dump off your contacts list before you could shut them off in the menu.
during installation it'll ask for granting permissions before installed
once installed, it can do the things you granted without further request for permission
with popular apps like viber, this is supposed to be okay

[Q] Is it possible to make KitKat usable?

Since the release of Android 4.4, I was unable to upgrade from 4.3 JellyBean because of two issues that completely disqualify newer Android versions for me:
1. Apps have no access to the external SD card.
This issues is NOT solved by moddification of /system/etc/permissions/platform.xml file
Examples of apps include:
- Sygic GPS navigation
- BeyondPod podcast manager
- Locus trekking app
- BTSync
Full access to the external SD for all those apps is indispensable to me and I was unable to get it with KitKat even though I applied all the fixes I was able to find AND used Carbon ROMs which are supposed to have this enabled to boot.
2. Only one app at a time has access to SMS box.
This is also not acceptable, because normally I send/receive SMS messages with GoSMSPro, but I also use MySMS to send/receive/type texts on my mobile through my laptop.
In KitKat each time I have to switch the default SMS app which defeats the purpose.
I would like to know whether there is there a fix for either of those problems, and whether those issues are likely to continue on Android L?
impactor said:
Since the release of Android 4.4, I was unable to upgrade from 4.3 JellyBean because of two issues that completely disqualify newer Android versions for me:
1. Apps have no access to the external SD card.
This issues is NOT solved by moddification of /system/etc/permissions/platform.xml file
Examples of apps include:
- Sygic GPS navigation
- BeyondPod podcast manager
- Locus trekking app
- BTSync
Full access to the external SD for all those apps is indispensable to me and I was unable to get it with KitKat even though I applied all the fixes I was able to find AND used Carbon ROMs which are supposed to have this enabled to boot.
2. Only one app at a time has access to SMS box.
This is also not acceptable, because normally I send/receive SMS messages with GoSMSPro, but I also use MySMS to send/receive/type texts on my mobile through my laptop.
In KitKat each time I have to switch the default SMS app which defeats the purpose.
I would like to know whether there is there a fix for either of those problems, and whether those issues are likely to continue on Android L?
Click to expand...
Click to collapse
Neither one of these things are problems or are broken things. They work as intended and have been explained as security measures. Annoying for some, yes, but this isn't a "bug".
http://www.androidcentral.com/kitkat-sdcard-changes
As far as the SD card, if you are rooted, which I am assuming because you mentioned playing around with the platform xml, there are a couple different ways to return full R/W functionality.
http://forum.xda-developers.com/xposed/modules/kitkat-sd-card-access-t2790992
https://play.google.com/store/apps/details?id=nextapp.sdfix
https://play.google.com/store/apps/details?id=com.geeksoft.extcardpatch
https://play.google.com/store/apps/details?id=jrummy.sdfix
For SMS on the desktop, you might check out PushBullet. Their recent update has enabled replying to SMS, though not sure how well it works with Go, but they do support a variety of other solid SMS app connections.
https://play.google.com/store/apps/details?id=com.pushbullet.android&hl=en
I am aware of Google's justification of breaking the SD card functionality. Whether we call it a “security measure” or “bug”, the fact remains I can no longer use a phone with KitKat to fulfil functions it used to, so to me it is no longer a smartphone.
The solutions you liked to I tried and they all failed to fix the issue. I have not tried the Xposed module, but I suppose it does the same thing as other “fixes” so I have little hopes with it.
As for PushBullet, it took me years to find MySMS which was then the only desktop SMS app that provided delivery reports. Are you aware if PushBulled does it, too?
In any case, this is a non-isue as long as there is no solution for the SD card.
Not sure why the SD card isn't "fixed" for you as it works for 1000s of others (including many of my customers), meaning there is something else going on - quite possibly how the apps were developed. Do ANY apps work right with the fix applied? And once again, no, it's not a bug, as it was done intentionally. If it is a must have and nothing else works, you can always convert the necessary apps to system apps, if you have room(you should).
I do not know what do you mean by „works”, but for all the programs I need on all the phones and KitKat roms I tried, SDcard DOES NOT work. This is even stated by developers of some of those programs (like BeyondPod).
To see if I am not mad, I just tried it again – I installed KitKat on another Samsung debvice. Latest version of GoBackup and BeyondPod could not write to SD card. 'Fine' – I think – 'I will install the Sdfix from PlayStore'. I did, and rebooted.
NOTHING changed!
KitKat is worse than a bug, because a bug is a accidental, and usually does not cause such gargantuan damage to functionality. What Google did with KitKat is worse, because it is deliberate.
This is ridiculous. If Android L changes nothing, I will have to keep all my phones with 4.3.1 forever, because of how useless Google made Android on devices with external SDcard.
Maybe they killed SD card functionality to force people to buy newer phones with huge internal memory, maybe they want to force people to use their cloud storage, or maybe they did it just out of pure mindlessness.
But they did, and - as I suspect - they don't plan to revert it.
Have you tried the fix for BeyondPod suggested by their team...?
http://beyondpod.mobi/android/help/FAQKitKatSDReadOnly.htm
Tried switching the apps to /system apps so they'll have more permissions?
es0tericcha0s said:
Have you tried the fix for BeyondPod suggested by their team...?
http://beyondpod.mobi/android/help/FAQKitKatSDReadOnly.htm
Tried switching the apps to /system apps so they'll have more permissions?
Click to expand...
Click to collapse
Yeah, the fix they suggest does not work on KitKat, because you can't select external card.
I did not try to set BeyondPod to system app, but I can't do it with every app I want to use. Many apps refuse to even start if converted to system app status, and besides system partition is limited in size, and can hardly accommodate all apps.
impactor said:
Yeah, the fix they suggest does not work on KitKat, because you can't select external card.
I did not try to set BeyondPod to system app, but I can't do it with every app I want to use. Many apps refuse to even start if converted to system app status, and besides system partition is limited in size, and can hardly accommodate all apps.
Click to expand...
Click to collapse
I have an idea on why none of the fixes are working for you...
Install this: http://forum.xda-developers.com/showthread.php?t=2524485
and try the mods again and reboot.
I'm not a 100% sure it'll help, but will only take a minute to figure it out... This step would also be necessary to make something like Xposed work properly on newer Samsung devices with Knox and all that security stuff they added.
Do you mean that SELinux may be preventing changes to the /system/etc/permissions/platform.xml file?
impactor said:
Do you mean that SELinux may be preventing changes to the /system/etc/permissions/platform.xml file?
Click to expand...
Click to collapse
Yes. It prevents a lot of different kinds of changes to the system.
es0tericcha0s said:
Yes. It prevents a lot of different kinds of changes to the system.
Click to expand...
Click to collapse
Than this is not it, because the changes are being applied correctly and appropriate lines in the appropriate files are changed/added.
Which is why, when I try to apply yet another SDfix from the playstore, the program informs me there's nothing to do because the fix is already applied.
Just because the line is there doesn't mean something else isn't interfering. Just telling you what I would try, since it takes a minute or 2. *shrug* Haven't had a phone with an SD card in awhile so don't have anything to test it with.
Thanks, but it wouldn't take 2 minutes, because I don't have a phone with KitKat. And to install a KitKat and restore all the necessary data would take several hours.
So I might try it next time I give KK a shot, but I don't have high hopes for it because I think what I have with KitKat is what everyone else has - it's just most people either don't care about it or don't need the functionality.

VisionProvider hidden app

So, i started getting memory full notifications on my S9+, so went in thinking I'd just have to move some pictures or other media, as it randomly decides it wants to save camera images to internal storage instead of the sd card. Even after moving and deleting apps i wasn't using, i keep getting this message of storage space running low.
Long story short, i finally went in and told it to show me hidden files, and i find this app called VisionProvider. I have 64gb internal storage, and this thing is using 36+gb! What the crap is it, do i need this, and how can i get rid of it or at least reduce its size?
I'd factory reset mine only take up 10.05 mb that seems like something went wrong or its showing wrong
Could try clearing the data and cache for the app to see if that helps.
As for what the app is it was rather easy to determine, and why it is probly best to not mess with removing it.
Looking in my apps list I found the vision provider which is a system app (so not something you can disable via the phone). Upon looking I saw mine is using 1.80MB of storage, but I imagine this is because I do not use Bixby for anything other then voice dictation for texts.
Looking at the "App details in store" I saw it was downloaded from Galaxy Store. Did a quick search on Galaxy store and saw plain as day what it was... A provider app for Bixby Vision, so given it's integrated with Bixby I would just clear the cache/data for the app rather then try to mess with it. IMHO safer to do this rather then attempt to remove it, break something and have more problems.
Vision provider
So, i went into mmt apps, and, through the hamburger menu, told it to show system apps. I had looked at it here before, but the buttons to clean cache and data were greyed out and i couldn't select them. This time, however, i wad ankle to select them both, and, voila, all is well in the Samsung android world. Thanks.

Can't get rid of spyware

I have done the following in attempt to get rid of this spyware:
flashed Havoc os
stock roms from official Miui using xiaomi flash tool and using twrp
erased partitions using adb before flashing (boot, system, recovery, data, cache)
It seems like it doesnt even touches it. I know its still there because he can control my phone (play notifications sounds from messenger i dont even have installed, closing/freezing my browser, freezing my screen, lockscreen goes on i dont even touch the phone).
What else can i do? Is there a way to erase every bit of data from the phone? What remains after flashing a stock rom?
edited//
Is there any way i can find Qualcomm Snapdragon 439 firmware and flash it? Can anyone help me pls?
I saw chimera tool can do firmware update but it costs 120 euro and idk if its gonna work
Can you explain more about the spyware?
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
pulshar18 said:
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
Click to expand...
Click to collapse
How did you get get infected by this ?
He got physical access to my phone.
pulshar18 said:
He got physical access to my phone.
Click to expand...
Click to collapse
That wasn't too clever. Lol, rootkit from hell.
You need to wipe the internal memory 100% as well the SD card if any.
If it has a sim card I'd replace that as well.
Or make the perp fix it... legally.
Any associated Google accounts reset the passwords... now.
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
I am in a similar situation.
I install YouTube vanced and WhatsApp Plus
in the latter case something deleted my entire data without asking me -I suspect it was clean master and my vanced applications were uninstalled all of a sudden.
I seem to know what cause that com.miui. securitycenter if you disable it it will boot loop if you to change and restrict access to various permissions then phone functionality is upset
I took out a separate thread on that here on xda Google com.miui. securitycenter draconian legitimate spyware from redmi
there is a thread on XDA I use havoc ~ two years or so but because it does not support VoLTE and trying to enable that has been in vain I am forced to come back to China ROM.
Did you install any apps after flashing ROMs / gapps?
pulshar18 said:
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
Click to expand...
Click to collapse
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
actually step back a little how do you conclude it's your phone that is affected you say he has access to our accounts and password maybe e is connecting on your Wi-Fi network IP address is the same and then trying to tinker with your accounts. what specifically makes you think that your phone is hacked as against something else
blackhawk said:
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
Click to expand...
Click to collapse
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
sieger007 said:
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
Click to expand...
Click to collapse
Jeeeesze, downloads from WhatsApp?
That's a great way to pick up creepy crawlers.
WhatsApp, FB, Instagram don't get on my devices. Ever.
They ruin lives, careers and more... they are spyware and malware by their very nature.
I never have had anything detect these little buggers, I'm not saying there aren't detectable, but don't count on it. The two I found I didn't even consider keeping them for analysis.
They wasted enough of my time as it was. Finding them in an ocean of jpegs could be problematic.
Rule #1, all downloads go to the download folder.
Choose what goes into your database after observation and at least scan it with Malwarebytes. Online Virustotal for any download remotely suspicious. Open jpegs at least once in the download folder and be aware of anything unusual afterwards... that may be the only clue you get.
If you really think one of these images has a malicious script, you need to isolate it. Scan with Malwarebytes and whatever else you want.
Try reloading, confirm the device is still clean then load the suspect database.
Problem being the trigger is opening the jpeg or some other related action to it like deleting the email it was associated with in Windows Outlook. If you get nailed again, reload and break/import your database in groups. You can see where this is going... it may take a while.
I've seen what they can do, I avoid downloading clickbait pics from untrusted sites, people and emails (email is kept in the cloud ie gmail).
My backups are also from different time periods on hdds completely isolated from each other and the PC. I could lose some of my database but not all of my it. With over 1 tb of data I'm not playing around.
The second and last(?) malicious jpeg I ran into was on Android about 1.5 years ago.

Categories

Resources