I like to try apps. I think most of you do, too.
The problem is it's really difficult to uninstall an app in Android. I have an iPod Touch, and I can't say uninstallation on iPod Touch is that easy, but Android is worst.
Is there any app (with root privilege), that can uninstall multiple apps without confirming at each app? I tried many apps on the market, but non of them worked like that. One app could remove multiple system apps without confirmations, but it couldn't do that for user apps.
Please tell me if there is a way to achieve this.
And, Google should provide an option to turn off the uninstall confirmation + the useless "uninstalled" message boxes. Or add a way to uninstall multiple apps with only one confirmation (not at each app).
Titanium Backup - you can do batch installs and uninstalls of apk files.
Did not work
I tried the trial version of Titanium Back Up. It did have a menu for that, but executing it did not work. It just hung at 0% and did not progress.
Hello, I was checking my phone with CCleaner and AVG and I found two unknown apps, one is called AcerOOBE [com.acer.android.oobe], I found it on the Disabled Apps on CCleaner but it doesn't appear in my settings. The other one is Shell [com.android.shell], and AVG tells me it's malware but it can't be deleted 'cause it's a system app (I rooted my device one hour ago), I'd like to know if Shell is really Malware becuase I saw in my settings that it has permission for everything, phone calls, SMS, status bar, etc.
Also I'd like to know what is OOBE, I looked over the internet but I found nothing, Idk if I should uninstall both apps, enable OOBE, keep Shell active, what should I do?
Please, if anyone can help me It'll be great
how to slow AcerOOBE problem in acerE39
Hi Everyone,
I've already posted a question about zdemo.app and what it did, only to discover that MalwareBytes considers it malware, and managed to uninstall it.
Problem is, it's coming back with a vengeance every day or so, and it brought a friend called System Input Method with it.
Both are treated as threats by MalwareBytes (strangely enough, Avast doesn't do anything about it...), and can be uninstalled, but they'll come back the next day.
At this point, I must add that my phone is dual-SIM and I have to manually switch from one to the other at least once a day due to network coverage issues in different locations I must go to, and I've noticed that both malware show up again in my Applications list right after I've switched SIM cards.
I doubt any of my cellular carriers would push malware onto my phone whenever I connect to their network, and I've had to deal with malware preinstalled in a former Leagoo baseband before (I've chosen to bypass the built-in Leagoo App Store because of that, and only install from Google Play Store), but I haven't found any new (and free...) firmware since March 2018, so there's a good chance my phone isn't really secure in the first place.
Still, I'd like to be rid of those two pesky applications once and for all, so if you have any advice, I'll take it!
A little heads-up: I think (I'm not sure, but I think) those two malware come bundled with both Pie Launcher and Rootless Pixel Launcher, because I've uninstalled both, reverted to Nova Launcher, and the malware is gone.
Is there a way to download .apk packages for both launchers and test them for malware before installing them? I can find the .apk packages easily enough, but I don't know if the content can be examined by an anti-malware program without installing them first.
Where did you download the Rootless Pixel Lanucher?
I'm pretty sure there are 0 malwares/virus in the Rootless Pixel Lanucher
Also you can get Rootless Pixel Lancher on Google Play Store now if you do not trust .apk installation
Peak.Krittin said:
Where did you download the Rootless Pixel Lanucher?
I'm pretty sure there are 0 malwares/virus in the Rootless Pixel Lanucher
Also you can get Rootless Pixel Lancher on Google Play Store now if you do not trust .apk installation
Click to expand...
Click to collapse
I only download apps from the Play Store. Both malware seem to download their .apk onto a hidden directory called ".meteor" on my device, because that's where either Avast or MalwareBytes have rooted (no pun intended) them out of in all the instances I've had to uninstall them.
What worries me is that both install as regular applications, they don't even try to hide or anything, since they appear/reappear in the Applications list, same as, say, Twitter or Dropbox. There seems to be a hidden conduit through which both malware land on my device, and I sure hope it's not via Google Play...
UglyStuff said:
I only download apps from the Play Store. Both malware seem to download their .apk onto a hidden directory called ".meteor" on my device, because that's where either Avast or MalwareBytes have rooted (no pun intended) them out of in all the instances I've had to uninstall them.
What worries me is that both install as regular applications, they don't even try to hide or anything, since they appear/reappear in the Applications list, same as, say, Twitter or Dropbox. There seems to be a hidden conduit through which both malware land on my device, and I sure hope it's not via Google Play...
Click to expand...
Click to collapse
My dubious friends are back: I had installed Nova Launcher, then Evie, but wasn't satisfied with the user experience, so I went back to the Play Store and installed a Pixel-inspired launcher called CPL.
After an hour or so, Avast notified me that the two malware were back and would I like to uninstall them. I said yes, as you can imagine.
Now, when I take a look in the "About CPL" info in the launcher settings, I notice that one of the contributors is Amir Zaidi, who's also behind Rootless Pixel Launcher. I posted about this on the Play Store, because I don't believe in coincidences...
I'm also using Leagoo T5c. In Nov 2018, I discovered system messages warning me of battery drain by "System Input method" (with path containing: "com.ss.android.cleanmaster").
But I did not install zdemo or nova launcher. But System Input Method coincided with IReader apk which I did not install. Both programmed by Zhangyue (.zhangyue.com/products/iReader)
Whenever Ireader reinstalled, System Input Method came back after many uninstallations.
---------- Post added at 11:08 AM ---------- Previous post was at 11:04 AM ----------
Malwarebytes classed "System Input Method" as Android/PUP.Riskware.HiddenAds.cma
I don't remember ever install IReader, but I may have install this app or that from this developer, though I can't be sure. I know that both zdemo and System Input Method are classified as "riskware", or PUP, and not as malware per se, still, I don't like the idea of having such software on my phone.
FWIW, I've done a factory reset twice since I posted my OP here, and reinstalled all my apps, including Rootless Pixel Launcher, and the "riskware" haven't returned.
My apologies to Rootless Pixel Launcher's dev, unless, maybe, he cleaned his repo of any malware that may have been hiding there.
1) Install Android SDK in order to use the ADB program.
2) Goto android sdk folder on computer and open command prompt.
3) You need to enable Developer Options in your phone first and then enable USB debugging. Set USB connection type to MTP Transfer.
4) Connect your phone to computer and set usb connection type to MTP Transfer.
3) Type "ADB Devices" to confirm that your phone is connected.
4) Type "ADB Shell"
5) Type "pm uninstall -k --user 0 com.ss.android.secure.cleanmaster
---------- Post added at 04:22 PM ---------- Previous post was at 04:21 PM ----------
SniperAlert2046 said:
1) Install Android SDK in order to use the ADB program.
2) Goto android sdk folder on computer and open command prompt.
3) You need to enable Developer Options in your phone first and then enable USB debugging. Set USB connection type to MTP Transfer.
4) Connect your phone to computer and set usb connection type to MTP Transfer.
3) Type "ADB Devices" to confirm that your phone is connected.
4) Type "ADB Shell"
5) Type "pm uninstall -k --user 0 com.ss.android.secure.cleanmaster
Click to expand...
Click to collapse
can also use ADB to uninstall Leagoo Default Launcher. But you need to install another launcher first.
I once did that shortly after getting my phone, to uninstall Sujet.app, Leagoo's default launcher that came with an embedded malware, but the subsequent ROM I installed was devoid of any unwanted surprise, so I left it as is.
In my case, and after two factory resets, zdemo and System Input Method haven't come back. Fingers crossed, but I'll keep your solution handy, just in case.
Thanks for your Input (pun intended)...!
UglyStuff said:
I once did that shortly after getting my phone, to uninstall Sujet.app, Leagoo's default launcher that came with an embedded malware, but the subsequent ROM I installed was devoid of any unwanted surprise, so I left it as is.
In my case, and after two factory resets, zdemo and System Input Method haven't come back. Fingers crossed, but I'll keep your solution handy, just in case.
Thanks for your Input (pun intended)...!
Click to expand...
Click to collapse
After a few days of uninstalling Leagoo Default Launcher ("Default Home") and and System InputMethod ("com.ss.android.ssecure.cleanmaster"), my phone battery usage increased significantly.
Seems like someone / some program trying to hack my phone.
Today, I discovered 2 new apps installed (by itself) on my phone - "HAIKE NEWS" ("com.lcworld.haiwainet") and H5Plugin ("com.ss.android.h5plugin"). Their permissions include full network access, connect and disconnect wifi, change network connectivitiy, request install packages.
and somemore SystemInputMthod returned.
Checked the log of malwarebytes and found that all 3 apps (Haike News, H5plugin, SystemInputMethod) installed at the same time. Seems like systeminputmethod is riskware created and used by China state agencies. Services used by Haike News included services with the woirds "Tencent" and "Baidu".
The services used by Haike News are "DaemonService ("cn.jpush.android.service"), DownLoadAppService ("com.lcworld.haiwainet.ui.update"), DownloadService and PushService (both named "cn.jpush.android.service"), TinkerResultService ("com.tencent.bugly.beta.tinker", f ("com.baidu.location").
---------- Post added at 06:01 AM ---------- Previous post was at 06:00 AM ----------
Haike News is "comprehensive news application built by People's Daily Overseas Edition. Inheriting the idea of “promoting China's voice, serving overseas"'
so most likely coontrolled by China state media authority.
Seems heavy, man!
I think a possible (probable) culprit is Leagoo's own AppStore, which I have deactivated right after the second factory reset I did. It's laden with ads, and probably discretly pushes some adware and assorted PUPs onto Leagoo phones every time you use it: case in point, even if you haven't allowed app installation from unknown sources, Leagoo's AppStore will install .apk files anyway, every time you install or update an app through it.
I only install apps through the Google Play Store now, and I haven't noticed anything untoward of late.
Finally found Sytsem Input Method's playstore link
Application Process: System Input Method (Process Name: com.ss.android.secure.cleanmaster)
[Playstore link: https://play.google.com/store/apps/details?id=com.ss.android.secure.cleanmaster&hl=en_GB]
Installed APK: /data/user/0/com.ss.android.secure.cleanmaster-1/base.apk
/data path: /data/user/0/com.ss.android.secure.cleanmaster
Version: 1.05
Target SDK: 22
Permissions:
Have full network access.
View WiFi connections.
View network connections.
Download files without notification.
Read phone status and identity
Modify or delete the contents of your usb storage.
Read contents of your Usb storage
Prevent phone from sleeping
Retrieve running apps
Draw over other apps
MainService: ime.mobile.ime.main
NOTE: This app written for older Android OS. So if installed in newer android versions, all permissions will be allowed even if you blocked it.
OK, so I know where that comes from: in the CPL launcher I mentioned earlier (or was it in my other thread?), there's a one-click cleaning icon on the desktop, that supposedly cleans caches and whatnot. I used it on occasion, then uninstalled the launcher for other reasons, and went back to Rootless Pixel Launcher after factory reset.
Ergo, CPL is the one that packs the malware, not Rootless Pixel Launcher. The latter serves as code base for CPL, according to Rootless's dev, so what they roll into their launcher is anybody's guess, at this point....
Thanks a bunch!
from what I observed... it seems that System Input Method installs itself individually or with another random app (eg Ireader around Nov'18 period - this may change to escape suspicious from users) or another news app (eg Haike News) with H5pluging app - on a rotational basis. Check the installation date / time stamp of the apps.
This is to confuse the phone owners from tracing the source of the riskware / malware.
So I suspected that the malwares / riskwares came form leagoo itself. Culprits might be Leagoo App Store (default launcher), leagoo's Updater app (com.redstone.ota.ui) and System Update (com.sprd.systemupdate).
So I Rooted phone and then installed Afwall+ firewall. But the firewall steathily disables internet filtering at odd hours. (or maybe the firewall is bugged or the phone hacked from phone HQ server).
So decided to deactivate Updater app (linked to redstone) and the OTAupdater... system app since phone already rooted and that the Leagoo company does not provide OS updates more than once or twice. (Seems like updater only pushes nuisance apps like Haike News, System Input Method and H5plugins riskwares to the phone on a rotational basis to avoid suspicious or confuse users).
Well, although AFwall+ firewall did not work, thereby exposing my phone to the internet without filtering IP traffic, the riskwares did not return. So uninstalling Updater (the one with the com.redstone.ota.ui pathname) and the System Update (com.sprd.systemupdate) works for me. The riskwares / malkwares did not return. and the phone no longer resets and randomly ask for sim card pin number inputs.
This is talking about the Chinese version of the device, PCCM00.
I remember using ADB and debug mode when the phone first came out to uninstall the ColorOS since it kept me from using Nova Launcher, but now, when I attempt to uninstall the launcher using ADB Shell and the command "pm uninstall -k --user 0 com.oppo.launcher", it says DELETE_FAILED_INTERNAL_ERROR. I can still uninstall other system apps and see them erased. There are a couple that tell me the same error, but this is the one I'm concerned about. Has anyone had any problems uninstalling that one? Is there a work-around? Or a specific reason this is happening? Is there a solution?
I have the same version and haven't made it yet. Would also like to have the Nova Launcher.
Prometheus80 said:
This is talking about the Chinese version of the device, PCCM00.
I remember using ADB and debug mode when the phone first came out to uninstall the ColorOS since it kept me from using Nova Launcher, but now, when I attempt to uninstall the launcher using ADB Shell and the command "pm uninstall -k --user 0 com.oppo.launcher", it says DELETE_FAILED_INTERNAL_ERROR. I can still uninstall other system apps and see them erased. There are a couple that tell me the same error, but this is the one I'm concerned about. Has anyone had any problems uninstalling that one? Is there a work-around? Or a specific reason this is happening? Is there a solution?
Click to expand...
Click to collapse
Yes, due to their integrated work among their apps, they have made it hard to get some components removed. I too expect companies to have modular behaviour in their software!
Even if you make another launcher your default launcher, for example Nova Launcher, then there are some flickering and animation issues (specifically when swiping to go to homescreen) which is a problem created by OPPO and Nova can't do anything more to solve it.
The default launcher also runs in the background continuously, despite trying to shutoff all its integrated services like search, widgets, Lockscreen magazine, etc
Because of which at the end, I'm using its stock apps
messages
launcher
phone
I have just brought a Realme GT 5G and wonder if I should send it back.
First I had to discover that some preinstalled apps, not only can't be uninstalled, but also not disabled (without root): YouTube, Netflix, Google. The last I had to disabled on previous phones because it became active out of itself.
The second problem is that the Camera app asks rather strange permissions and exits when I don't give it. Why should I give a Camera app permission to read my phones state?
From: https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE
"Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device."
Not something you need to make a picture.
They claim that they need it to know if it is functioning properly.
Sound like nonsense. Where do they use it for?
I can see one valid use case for READ_PHONE_STATE, if you are in a call and go to take a picture, generally the camera is full screen so it makes it hard to end the call, dial, or other phone functions.
Very weak argument but that is all I have.
If you really want to disable the apps you can use Device Owner to disable them. If you don't trust an app you can use the Google Test DPC app.
RRiVEN said:
.. .If you really want to disable the apps you can use Device Owner to disable them. If you don't trust an app you can use the Google Test DPC app....
Click to expand...
Click to collapse
I found that you can do something like
adb shell pm disable-user --user 0 com.google.android.apps.googleassistant
Only for disabling a component of an app, root seems to be required.