hello,
been having this weird bug/problem with com.miui.security center with every miui 9 release for poco(miui 10/pie security app runs fine but i didnt like miui10!)
the strange thing is that xiaomi is sending updates to all its apps on miui 9 exept security center!!(am talking about the app update not about the antivirus defs update etc).
the question is : can i remove the security app?and how?( am on miui 9.6.14 global stable ....rooted).
Install Titanuim Backup and uninstall from there.
P.S you can run into problems and force close issues along with other unbearable ****. so backup Security App on Titanium Backup and then uninstall it
Don't even think of uninstalling the Security app. I tried it twice and ended up in bootloop. I spoke to a miui dev and he said Security app is an essential part of miui rom and messing with it means messing with the ROM.
Right
Same here
com.miui.securitycenter
Need a mod for this can someone help.
How do i mod this so that all undesirable tracking & spyware components can be removed. It is obvious that this of a tracker agent making it unsafe for the user only makes it safer for XIamoi & its partners.
So I opened up the the app components-
Broadcast receivers activities services etc. And here is what I found .....
In something that supposedly claims to be a for security component for the phone
- Dunno if they will let me stick in a screenshot here . There are adware and spyware components down to the core.
Code:
AdsProcessPriorityService
com.facebook.ads.internal.ipc.AdsProcess
PriorityService
AdsMessengerService
com.facebook.ads.internal.ipc.AdsMessen
gerService
That is to name a few
- any attempt to disable this component is futile because even if you run pm disable the component is force enabled
- the other singers if I am rooted and I am ' magiskcally ' I hide magisk from all these redmi components. ..... even Here it forces need to unhide magisk could you see the extent of spyware organisation down to the core
I would like to continue this thread with an invitation to vah word wants to give me an approach and work with me so that a magisk module that will grab his component from the current phone and mod it -let the original spyware component load during boot time and post boot do a swap with the mod
Is it possible to do this kind of modification & unspy MIUI
Yes it can be. Use lucky patcher and "delete system app". It worked for me without bootloop. I think there wasn't many things changed after that except for no 10s warnings and no sidebar functions
Vipxpert said:
Yes it can be. Use lucky patcher and "delete system app". It worked for me without bootloop. I think there wasn't many things changed after that except for no 10s warnings and no sidebar functions
Click to expand...
Click to collapse
i can confirm this , i on miui 13.0.11 , redmi note 10(mojito) . uninstalled com.miui.securitycenter , rebooted . no bootloop. i will let other know if i encounter some bug later
Edit1: cant open battery setting, manage apps show nothing
Vipxpert said:
Yes it can be. Use lucky patcher and "delete system app". It worked for me without bootloop. I think there wasn't many things changed after that except for no 10s warnings and no sidebar functions
Click to expand...
Click to collapse
can i delete miui cleaner ?
Apih95 said:
can i delete miui cleaner ?
Click to expand...
Click to collapse
Well.... Isnt that intergrated into Security Center app as well lol
ron_hyatt said:
hello,
been having this weird bug/problem with com.miui.security center with every miui 9 release for poco(miui 10/pie security app runs fine but i didnt like miui10!)
the strange thing is that xiaomi is sending updates to all its apps on miui 9 exept security center!!(am talking about the app update not about the antivirus defs update etc).
the question is : can i remove the security app?and how?( am on miui 9.6.14 global stable ....rooted).
Click to expand...
Click to collapse
Lucky patcher (slightly sketchy) and De-Bloater appear to work to remove apps on rooted devices
Obviously
Code:
adb shell pm uninstall --user 0 com.miui.securitycenter
will not remove it but if all you need is it to be disabled you can try that
Hello, this probably won't be seen, but to the very few travelers who discover this message on google or something:
As of January 19th 2023, the "Security Center" application on MIUI 13 is extremely sketchy.
I'm planning on trying to decompile it if possible.
Currently (According to the AOSP part of the settings) The app has permissions that are very worrying. Downloading files without permission, proprietary MIUI perms, full network access, etc.
Not only that, the built-in package manager utility (PM), refuses to disable com.miui.securitycenter due to being unable to "disable core miui packages..." and spitting out an exception dump.
This is clearly a protected app, that has too many permissions, for no apparent reasson.
Setting SELinux to permissive dosen't help either.
There are 2 options that people have currently - Either leaving a piece of a PUP (Potentially unwanted program) on their phone, or risking bricking it by uninstalling it.
According to the posts on this thread some people have had success, some got a soft-brick.
Doing so shouldn't result in a hard brick, so if you have backups, a userdata format should solve the issue.
TheMagnificent_Y said:
Hello, this probably won't be seen, but to the very few travelers who discover this message on google or something:
As of January 19th 2023, the "Security Center" application on MIUI 13 is extremely sketchy.
I'm planning on trying to decompile it if possible.
Currently (According to the AOSP part of the settings) The app has permissions that are very worrying. Downloading files without permission, proprietary MIUI perms, full network access, etc.
Not only that, the built-in package manager utility (PM), refuses to disable com.miui.securitycenter due to being unable to "disable core miui packages..." and spitting out an exception dump.
This is clearly a protected app, that has too many permissions, for no apparent reasson.
Setting SELinux to permissive dosen't help either.
There are 2 options that people have currently - Either leaving a piece of a PUP (Potentially unwanted program) on their phone, or risking bricking it by uninstalling it.
According to the posts on this thread some people have had success, some got a soft-brick.
Doing so shouldn't result in a hard brick, so if you have backups, a userdata format should solve the issue.
Click to expand...
Click to collapse
i recommend lineageos rom instead of miui but make backups
Hi I'm struggling with the same problem trying to stop de SecCenter. Maybe there is a way to stop the app to run. I tried on my Note 10 Pro with MIUI12.0.6 Global (Android 11) and it works.
You need root on the phone. You should change the owner of the folder "/data/user/0/com.miui.securitycenter" to a user the is not System. In my case a run the command "chown -R root:root /data/user/0/com.miui.securitycenter". After that you need to kill the process of the "com.miui.securitycenter". So at the end the process doesn't start anymore. In the next boot you need do the process again because the boot change the permission of the folder to the system again.
I'm trying to create a Magisk Module to do that but i don't know how until now.
Related
Hello, I have a Redmi Note 3 Pro running sMiUI (based on the Xiaomi.eu ROM) but this seems to be irrelevant.
while this strange behaviour doesn't seem to be limited to this device, being noted here and here, it does seem that the symptoms are the same.
In the SuperSU logs i found that firstly Whatsapp tried to gain root and was denied, followed by zygote requesting 3 times over the following few hours. The log for each is blank.
I have just rebooted my device and after unlocking whatsapp immediately requested root. Yet to see zygote request root again but I'll update you should it appear.
UPDATE: Whatsapp has again requested root.
UPDATE2: WhatsApp continues to request, however zygote has not. It appears to be happening every half-hour (ish)
U3: uninstalled WhatsApp, will see what happens at the half-hour mark.
Anyone know what's going on?
Also some probably irrelevant weirdness but I'll write it anyway given this only started appearing after this happened:
My phone did something weird earlier, I restarted, and normally on my ROM it just has a spinning little loading thingy in the middle of an otherwise blank screen, then goes off and reboots, showing the Mi logo, this time however it randomly showed a kinda-pulsating android logo shortly after the usually " spinning loading icon" and then continued to the usual Mi logo. Given I'm running sMiUI I've never seen it display a large android logo before like this. I just rebooted again and this behaviour was not repeated.
Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI
immns said:
Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI
Click to expand...
Click to collapse
The struggle I went through to get off of the vendor ROM, I'm not going back to stock. sMiUI was based on the Xiaomi.eu ROM, so the zygote is probably straight out of that.
I have installed WhatsApp from Google Play so I assume it doesn't get more secure than that. I've made no attempt to replace zygote, I don't really know what it does, something about starting apps.
The ROM I'm using doesn't seem to be remotely relevant to this, given it's happened on 3 different devices from different brands as I can see from the links I provided.
It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.
immns said:
It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.
Click to expand...
Click to collapse
Indeed, last WhatsApp update was 13th December, so I would have seen this happening before today if it was in normal WhatsApp. This is nothing to do with sMiUI, I've had this ROM installed for many months now with no issues.
And as previously stated it is based on Xiaomi.eu ROM.
But yes my suspicion is malware, however it's not specific to MIUI or any varients as this was also occurring on a Galaxy S5 and another device.
Everyone: Please read the entire thread before replying so I don't have to keep restating facts
Hey, i have same problem too, im using redmi note 2, today i get notif, whatsapp need access root, after several minute, zygote need access root too, now i deny that access at super su
first time root/customrom/kernel etc.
Ive had the same thing happen..First time I thought it was strange though and denied permision was with the zygote thing asking permission...ive granted whatsapp and whatsapp extensions permisson for example cause i thought that was just the way it worked. ive granted LMT permission and a couple more apps
thought it was more of a windows type "" do you trust this program to do things" type thing.
things is my, installation is pretty fresh. and I dont get where I should've gotten malware from
htcm8/Viperrom/elementalx kernel
bunch of file explorers (sdmaid /totalcommander) and terminals all from the playstore. Xposed installer and a couple modules that all seemed reputable with ongoing xda threads and downloaded from the original source. amplify/bootmanager(something with that maybe?)/chromepie/secure settings for a tasker profile/minminguard.
you see something we have in common on the phone?
phone is running fine..nothing strange. The zygote i got for the first time today and I denied and hopped on google...whatsapp is in my rootlog constantly. i see the greybox popping up every once in a while that root was granted. never thought anything of it.
today I installed termux ternimal from the playstore...maybe thats where the zygote su request comes from?
---------- Post added at 10:05 PM ---------- Previous post was at 09:39 PM ----------
from what I see elsewhere the whatsapp extension module in xposed, which is a root app might have something to do with the whatsapp requests. I dont exactly know how these things work but the altering might explain app doing thing they normally dont do.
dont know about zygote...got it one time and it has not been back
Same here.
I'm on a fresh install and this zygote su request wasn't appearing until I reinstalled all my apps.
Another forum states that zygote is run at such a raw level that it simply would never request root.
I am for now denying su requests with little to no adverse effects.
Can anyone confirm for certain that zygote should never need to request root? Is there anyway to dig out the rogue source/apk when av apps are showing nill?
As I have nothing Whatsapp on my phone, thinking it may be an xposed mod. Might be a good idea for us to list are xposed mods so we can cross reference. Not sure?
samsung i9505 | resurrection remix | android 6
Is there anything I can do about this?
Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...
LeGi0NeeR said:
Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...
Click to expand...
Click to collapse
@jhill110 sorry for necroposting this, but does it work out for you?
Arobase40 said:
SafetyNet fix !
Quicker and easier SafetyNet fix :
Erase the cache from Magisk and flash one of these two fixes :
I used the first one and it works so I didn't test the second...
At least Secure Folder is working fine. Knox deployment is behaving weirdly as it is asking a two pass authentication and it is asking a numerical code when I receive an alphanumerical code... ^^
I don't use Samsung Pay (should at least work with Android Pay but I didn't test it) and I don't use Samsung Pass either but I don't think there should be a real problem as it was asking me to set it up but I removed totally from the system...
Click to expand...
Click to collapse
actually for me safety net fix only works for android 11 version rom of this device, and even then secure folder doesnt work correctly (for me?), it doesnt save the password, and keep poping up asking to set a password whenever I tried to enter it. The device itself become unstable and keep hot rebooting after every unlock, eventually get thermal throttled for no reason. Though the safety net solution I used was this one: kdrag0n/safetynet-fix , and prob not the one you listed actually its the same developer, though his repository does not contain a v2 release. I still gona try it though
edit: working now, not hot rebooting (yet), but secure folder still doesnt save password, thus cant still be used yet
Arobase40 said:
So make sure you pass the SafetyNet test in Magisk. When done and passed, uninstall completely and properly Secure folder from your settings, and reboot.
Click to expand...
Click to collapse
the safetynet fix worked on my device when the rom is still on android 10. That is to say, it passed the safetynet test. It was extremely unstable though, hot rebooting after every unlock (unlock, black screen samsung, then back to lock screen) I couldn't get into magisk and disable it, had to delete it through twrp. It was until android 11 that I tried it again. not extremely unstable, just "useable unstable". That was the release file on kdrag0n's repository. Your uploaded v2 file works amazingly. Thanks for sharing:>
Arobase40 said:
I wonder why you mention Android 10 when we're with Android 11 for a long time now...
So is your issue totally fixed with no instability at all anymore and is Secure Folder working also ?
Click to expand...
Click to collapse
I just want to share my experience about the same device with (prob) the same safety net fix that works on yours, but not my device.
yes, with your safety net fix my tab runs absolutely stable, and I've just tried uninstall secure folder and reinstall it again. Its working perfectly now
This might not be the right place to ask this question but I have been lurking here for a bit and am hoping someone can help me out.
A quick bit of background. I just recently started using Android Tablets. So far all I do with them is to read ebooks, browse the web in an emergency, and, wirelessly access my Xfinity live TV and Peacock streaming service. I have 3 Onn tablets (7", 8" and 10") one of which is Android 10 and the other two are Android 11.
I have absolutely no interest in anything Google and have disabled pretty much all the pre-installed apps based on guides I found here. The only pre-installed apps I use are Files-by-google and Gboard. I use the Nova7 launcher. I do have a google account and access to the google play store but only use it in the extremely rare case I want a purchased app, otherwise I download APK's from sites like APKMirror and APKPure to my PC, validate them using MetaDefend and VirusTotal and then load to the device via usb.
I also have no interest in any cloud based storage.
In general I have all goggle apps disabled. In the rare case I do use the play store I have to first enable Google Play Services and Google Play Store and then once the specific app is installed I re-disable Google Play Services and Store. Also I only go online to use the Xfinity and Peacock apps, everything else I do offline.
So everything worked as I wanted it until at some point I allowed an Android 11 "security patch" to install on one of my Android 11 devices. Immediately I could no longer install any APK file on that device (see attached). Note that previously I could install apps with the Nova7 launcher, the Files app, the Files-by-google app and Firefox, all of which are enabled to install unknown apps. Now all of these methods result in the same error message (see attached). Still no problem installing on the Android 10 device or the other Android 11 device that I've kept from updating.
So does anyone know how I can get back to being able to install APK's? I've followed the standard recommendations of restarting the device, making sure install unknown apps is enabled and reset app preferences and the only thing that I see to do at this point is a factory reset. A factory reset would cause me a whole lot of pain to set things back up to how they were before and I'm not even sure that a factory reset is guaranteed to fix this.
Can anyone help me?
A factory reset won't undo the update.
If that is the cause and there's no work around you would need to reflash to the version without the update. System upgrades/updates tend to break things...
blackhawk said:
A factory reset won't undo the update.
Click to expand...
Click to collapse
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.
Would rooting the device solve the problem?
So far I've been able to do everything I wanted to do using adb shell pm disable-user --user 0 <package_to_disable>.
But given I'm going to throw the device out if I can't fix this, it seems like the perfect candidate to risk trying to root.
Mumblefratz said:
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.
Click to expand...
Click to collapse
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.
blackhawk said:
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.
Click to expand...
Click to collapse
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.
Mumblefratz said:
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.
Click to expand...
Click to collapse
Not sure as I never used that approach. I use whatever comes in handy...
I need a way to force an app to start on boot without any interraction (ie not after it has been unlocked with a pass code)
I am willing to root and bootloader unlock if needed but prefer not.
Almost any android phone would be fine. I am currently using a unlocked pixel 6a for this project due to lack of crapware and being fairly cheap.
Does anyone know how I can achieve this.
Alternatively a way to guarantee a phone never reboots would help too. No auto restart for an update or similar.
Thanks
Thre is plenty of apps doing it + other options. Here is one.
AutoStart - No root - Apps on Google Play
Autostart will automatically start your selected apps at device boot-up.
play.google.com
in BFU state no user apps can run on FBE encrypted phone. you need any phone running good old FDE encryption.
CXZa said:
Thre is plenty of apps doing it + other options. Here is one.
AutoStart - No root - Apps on Google Play
Autostart will automatically start your selected apps at device boot-up.
play.google.com
Click to expand...
Click to collapse
I have tried several of these and none work on android 13 on the pixel 6a.
what exactly you have tried? is it related to my comment?
you can try another app
https://play.google.com/store/apps/details?id=com.ryosoftware.initd
+
https://stackoverflow.com/a/68461795
I wonder how would initd support work better?
Well, monkey failed to work. So I tried the "old" way..
Code:
#!/system/bin/sh
am start --user 0 -n cxz.johnnysquirrel.riddleofthebox/.MainActivity
Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful