Better Mobile App

Zygote and Whatsapp requesting root??

Hello, I have a Redmi Note 3 Pro running sMiUI (based on the Xiaomi.eu ROM) but this seems to be irrelevant.
while this strange behaviour doesn't seem to be limited to this device, being noted here and here, it does seem that the symptoms are the same.
In the SuperSU logs i found that firstly Whatsapp tried to gain root and was denied, followed by zygote requesting 3 times over the following few hours. The log for each is blank.
I have just rebooted my device and after unlocking whatsapp immediately requested root. Yet to see zygote request root again but I'll update you should it appear.
UPDATE: Whatsapp has again requested root.
UPDATE2: WhatsApp continues to request, however zygote has not. It appears to be happening every half-hour (ish)
U3: uninstalled WhatsApp, will see what happens at the half-hour mark.
Anyone know what's going on?
Also some probably irrelevant weirdness but I'll write it anyway given this only started appearing after this happened:
My phone did something weird earlier, I restarted, and normally on my ROM it just has a spinning little loading thingy in the middle of an otherwise blank screen, then goes off and reboots, showing the Mi logo, this time however it randomly showed a kinda-pulsating android logo shortly after the usually " spinning loading icon" and then continued to the usual Mi logo. Given I'm running sMiUI I've never seen it display a large android logo before like this. I just rebooted again and this behaviour was not repeated.

Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI

immns said:
Try xiaomi.eu rom, or stock rom. Or might be you're just installed modified WhatsApp and zygote apk from untrusted source. I don't use sMIUI
Click to expand...
Click to collapse
The struggle I went through to get off of the vendor ROM, I'm not going back to stock. sMiUI was based on the Xiaomi.eu ROM, so the zygote is probably straight out of that.
I have installed WhatsApp from Google Play so I assume it doesn't get more secure than that. I've made no attempt to replace zygote, I don't really know what it does, something about starting apps.
The ROM I'm using doesn't seem to be remotely relevant to this, given it's happened on 3 different devices from different brands as I can see from the links I provided.

It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.

immns said:
It doesn't make any sense. WhatsApp is used to not request any root permission unless it's infected by mallware. You can try to use xiaomi.eu rom alongside with 3rd party mods instead of use pre-moded rom from sMIUI.
Click to expand...
Click to collapse
Indeed, last WhatsApp update was 13th December, so I would have seen this happening before today if it was in normal WhatsApp. This is nothing to do with sMiUI, I've had this ROM installed for many months now with no issues.
And as previously stated it is based on Xiaomi.eu ROM.
But yes my suspicion is malware, however it's not specific to MIUI or any varients as this was also occurring on a Galaxy S5 and another device.
Everyone: Please read the entire thread before replying so I don't have to keep restating facts

Hey, i have same problem too, im using redmi note 2, today i get notif, whatsapp need access root, after several minute, zygote need access root too, now i deny that access at super su

first time root/customrom/kernel etc.
Ive had the same thing happen..First time I thought it was strange though and denied permision was with the zygote thing asking permission...ive granted whatsapp and whatsapp extensions permisson for example cause i thought that was just the way it worked. ive granted LMT permission and a couple more apps
thought it was more of a windows type "" do you trust this program to do things" type thing.
things is my, installation is pretty fresh. and I dont get where I should've gotten malware from
htcm8/Viperrom/elementalx kernel
bunch of file explorers (sdmaid /totalcommander) and terminals all from the playstore. Xposed installer and a couple modules that all seemed reputable with ongoing xda threads and downloaded from the original source. amplify/bootmanager(something with that maybe?)/chromepie/secure settings for a tasker profile/minminguard.
you see something we have in common on the phone?
phone is running fine..nothing strange. The zygote i got for the first time today and I denied and hopped on google...whatsapp is in my rootlog constantly. i see the greybox popping up every once in a while that root was granted. never thought anything of it.
today I installed termux ternimal from the playstore...maybe thats where the zygote su request comes from?
---------- Post added at 10:05 PM ---------- Previous post was at 09:39 PM ----------
from what I see elsewhere the whatsapp extension module in xposed, which is a root app might have something to do with the whatsapp requests. I dont exactly know how these things work but the altering might explain app doing thing they normally dont do.
dont know about zygote...got it one time and it has not been back

Same here.
I'm on a fresh install and this zygote su request wasn't appearing until I reinstalled all my apps.
Another forum states that zygote is run at such a raw level that it simply would never request root.
I am for now denying su requests with little to no adverse effects.
Can anyone confirm for certain that zygote should never need to request root? Is there anyway to dig out the rogue source/apk when av apps are showing nill?
As I have nothing Whatsapp on my phone, thinking it may be an xposed mod. Might be a good idea for us to list are xposed mods so we can cross reference. Not sure?
samsung i9505 | resurrection remix | android 6

SafetyNet?

Is there anything I can do about this?

Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...

LeGi0NeeR said:
Did you try this:
https://forum.xda-developers.com/apps/magisk/fix-magisk-manager-20-3-ctsprofile-t4080921
- Before starting the steps, uninstall all Magisk modules and reboot.
- If your device is not listed in the Props Config, you can try Google Pixel 2 or 3 and Android 10.
- Don't forget to hide Magisk in the Options and Google Play Services, Google Play Store, Google Pay and all banking/game apps in the Magisk Hide menu.
- You should know that all Samsung services (Pay, Pass, Secure Folder, etc.) related to KNOX will never work after rooting (= KNOX tripped)...
Click to expand...
Click to collapse
@jhill110 sorry for necroposting this, but does it work out for you?

Arobase40 said:
SafetyNet fix !
Quicker and easier SafetyNet fix :
Erase the cache from Magisk and flash one of these two fixes :
I used the first one and it works so I didn't test the second...
At least Secure Folder is working fine. Knox deployment is behaving weirdly as it is asking a two pass authentication and it is asking a numerical code when I receive an alphanumerical code... ^^
I don't use Samsung Pay (should at least work with Android Pay but I didn't test it) and I don't use Samsung Pass either but I don't think there should be a real problem as it was asking me to set it up but I removed totally from the system...
Click to expand...
Click to collapse
actually for me safety net fix only works for android 11 version rom of this device, and even then secure folder doesnt work correctly (for me?), it doesnt save the password, and keep poping up asking to set a password whenever I tried to enter it. The device itself become unstable and keep hot rebooting after every unlock, eventually get thermal throttled for no reason. Though the safety net solution I used was this one: kdrag0n/safetynet-fix , and prob not the one you listed actually its the same developer, though his repository does not contain a v2 release. I still gona try it though
edit: working now, not hot rebooting (yet), but secure folder still doesnt save password, thus cant still be used yet

Arobase40 said:
So make sure you pass the SafetyNet test in Magisk. When done and passed, uninstall completely and properly Secure folder from your settings, and reboot.
Click to expand...
Click to collapse
the safetynet fix worked on my device when the rom is still on android 10. That is to say, it passed the safetynet test. It was extremely unstable though, hot rebooting after every unlock (unlock, black screen samsung, then back to lock screen) I couldn't get into magisk and disable it, had to delete it through twrp. It was until android 11 that I tried it again. not extremely unstable, just "useable unstable". That was the release file on kdrag0n's repository. Your uploaded v2 file works amazingly. Thanks for sharing:>

Arobase40 said:
I wonder why you mention Android 10 when we're with Android 11 for a long time now...
So is your issue totally fixed with no instability at all anymore and is Secure Folder working also ?
Click to expand...
Click to collapse
I just want to share my experience about the same device with (prob) the same safety net fix that works on yours, but not my device.
yes, with your safety net fix my tab runs absolutely stable, and I've just tried uninstall secure folder and reinstall it again. Its working perfectly now

Android 11 update disabled the ability to install sideloaded APK's

This might not be the right place to ask this question but I have been lurking here for a bit and am hoping someone can help me out.
A quick bit of background. I just recently started using Android Tablets. So far all I do with them is to read ebooks, browse the web in an emergency, and, wirelessly access my Xfinity live TV and Peacock streaming service. I have 3 Onn tablets (7", 8" and 10") one of which is Android 10 and the other two are Android 11.
I have absolutely no interest in anything Google and have disabled pretty much all the pre-installed apps based on guides I found here. The only pre-installed apps I use are Files-by-google and Gboard. I use the Nova7 launcher. I do have a google account and access to the google play store but only use it in the extremely rare case I want a purchased app, otherwise I download APK's from sites like APKMirror and APKPure to my PC, validate them using MetaDefend and VirusTotal and then load to the device via usb.
I also have no interest in any cloud based storage.
In general I have all goggle apps disabled. In the rare case I do use the play store I have to first enable Google Play Services and Google Play Store and then once the specific app is installed I re-disable Google Play Services and Store. Also I only go online to use the Xfinity and Peacock apps, everything else I do offline.
So everything worked as I wanted it until at some point I allowed an Android 11 "security patch" to install on one of my Android 11 devices. Immediately I could no longer install any APK file on that device (see attached). Note that previously I could install apps with the Nova7 launcher, the Files app, the Files-by-google app and Firefox, all of which are enabled to install unknown apps. Now all of these methods result in the same error message (see attached). Still no problem installing on the Android 10 device or the other Android 11 device that I've kept from updating.
So does anyone know how I can get back to being able to install APK's? I've followed the standard recommendations of restarting the device, making sure install unknown apps is enabled and reset app preferences and the only thing that I see to do at this point is a factory reset. A factory reset would cause me a whole lot of pain to set things back up to how they were before and I'm not even sure that a factory reset is guaranteed to fix this.
Can anyone help me?

A factory reset won't undo the update.
If that is the cause and there's no work around you would need to reflash to the version without the update. System upgrades/updates tend to break things...

blackhawk said:
A factory reset won't undo the update.
Click to expand...
Click to collapse
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.

Would rooting the device solve the problem?
So far I've been able to do everything I wanted to do using adb shell pm disable-user --user 0 <package_to_disable>.
But given I'm going to throw the device out if I can't fix this, it seems like the perfect candidate to risk trying to root.

Mumblefratz said:
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.
Click to expand...
Click to collapse
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.

blackhawk said:
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.
Click to expand...
Click to collapse
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.

Mumblefratz said:
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.
Click to expand...
Click to collapse
Not sure as I never used that approach. I use whatever comes in handy...

[question]

I need a way to force an app to start on boot without any interraction (ie not after it has been unlocked with a pass code)
I am willing to root and bootloader unlock if needed but prefer not.
Almost any android phone would be fine. I am currently using a unlocked pixel 6a for this project due to lack of crapware and being fairly cheap.
Does anyone know how I can achieve this.
Alternatively a way to guarantee a phone never reboots would help too. No auto restart for an update or similar.
Thanks

Thre is plenty of apps doing it + other options. Here is one.
AutoStart - No root - Apps on Google Play
Autostart will automatically start your selected apps at device boot-up.
play.google.com

in BFU state no user apps can run on FBE encrypted phone. you need any phone running good old FDE encryption.

CXZa said:
Thre is plenty of apps doing it + other options. Here is one.
AutoStart - No root - Apps on Google Play
Autostart will automatically start your selected apps at device boot-up.
play.google.com
Click to expand...
Click to collapse
I have tried several of these and none work on android 13 on the pixel 6a.

what exactly you have tried? is it related to my comment?
you can try another app
https://play.google.com/store/apps/details?id=com.ryosoftware.initd
+
https://stackoverflow.com/a/68461795

I wonder how would initd support work better?
Well, monkey failed to work. So I tried the "old" way..
Code:
#!/system/bin/sh
am start --user 0 -n cxz.johnnysquirrel.riddleofthebox/.MainActivity

Girlfriend virus

Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks

If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.

V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one

alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?

alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.

V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid

Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.

Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load

blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most

alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.

blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help

alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.

blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.

V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that

blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.

V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for

blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good

alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.

Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful