Related
Forgive my ignorance, but ive never used android before and expecting my phone delivered tomorrow (htc hero! )
As i understand it, the android app store signs the apps similar to iphones itunes store to prevent piracy and malware.
Is this correct?
Ive read about how one can "root" the device by loading a image file thru the bootloader over usb, but i wonder, is there a sudo command or similar to temporarily enable root access and later return to default state?
I suppose i could flash it with the root image, install the app and then flash back the default os image, but that feels pretty awkward procedure and would probably raise a bunch of new problems as how the default os would launch the app installed under another os.
I was hoping to start tinkering with programming, but im unsure if i can "throw in the app" and expect it to work..?
After using mac´s for over 20 years ive become too used to stuff just working right out of the box, so i dont feel like experimenting on my own...
There is an option in the settings that lets you install unsigned apps, so no rooting required.
xarvox said:
As i understand it, the android app store signs the apps similar to iphones itunes store to prevent piracy and malware.
Is this correct?
Click to expand...
Click to collapse
Not exactly! Many paid apps are copy protected, but most of the free ones are not. Unlike the iPhone, where you can only install "unauthorized" apps if you jail break the device, Android allows you to install and run applications from a variety of sources on a stock device.
In essence, you do not need to root the device to develop for it, but there are certain things that applications can only be done on a rooted device (for example, receiving a file via Bluetooth, WiFi tethering etc).
I was hoping to start tinkering with programming, but im unsure if i can "throw in the app" and expect it to work..?
Click to expand...
Click to collapse
Well, programming errors aside ( ), and as long as you don't need to do anything that requires root privileges, yes you can. You should bear in mind that the *vast* majority of Android devices will not have been rooted, and therefore the vast majority of available applications do not require rooted phones.
Personally, I expect that later Android builds will remove many of the restrictions that require applications to have root access, so that they can function without requiring a device to be rooted.
Regards,
Dave
Ive found a app that would tether my laptop (mac) over wifi, but requires me to root the device.
Is there a way to temporarily do this, install the app and make the neccisary changes and then switch back to default state?
I don't believe so.
As far as I'm aware, the application requires the elevated privileges when it runs as opposed to just configuration changes. I don't think that even a setuid would help, since I believe the app expects to find and use su/sudo.
Regards,
Dave
My antivirus shows a virus in the clockwork mod but I am not sure whether it is a virus or a program to root the phone. Kindly help whether I delete it or keep it. The name of the file is shown as [email protected] Is it a part of clock word mod or is it actually a malware.
There is no such thing as viruses in ClockworkMod, that's just a false positive, an infection is impossible. Moreoever Android uses Sandboxing and that also means that anti-virus apps are largely useless for protection (except for anti theft) since they don't have access to the low level system resources, so they cannot protect anything. They can't even access anything from another running App. At most they compare your list of installed Apps with their online database.
What Antivirus App did you use?
I'm going through the same :/
AW: [Q] virus in clockwork mod
JavyerS3 said:
I'm going through the same :/
Click to expand...
Click to collapse
Cwm is open source and you could convince yourself with a look at the source. It's just failed alarm.
Maybe you are using windows and it doesn't understand the .IMG ending.
zaded said:
My antivirus shows a virus in the clockwork mod but I am not sure whether it is a virus or a program to root the phone. Kindly help whether I delete it or keep it. The name of the file is shown as [email protected] Is it a part of clock word mod or is it actually a malware.
Click to expand...
Click to collapse
false positive!
Hey guys, how are y'all doing?
Here's a little background on my problem:
A year ago bought a cheap-ass smartphone for my mom, from a big supermarket chain in my country that was selling french phones cheaply, it was only 60€ and my mom needed a phone, so there it is!
Anyway cut to the present, the phone is riddled of what I suspect is malware that installs itself as soon as I remove it such as Free Games, com.google.toolkit, MiniChrome, N62Androidpt, System Component, adservice, and a couple others.
It also keeps switching wi-fi off, and turning on that option that allows apps to be installed from unknown sources, and worst of all it keeps opening the phone in built browser with adds, and even porn sites on occasion, which is really not desirable as my very young aged nieces love stealing the phone and try to use it.
I installed malwarebytes, also did a factory reset to no avail it fixed nothing.
So I decided to flash a stock rom to see if I could get rid of it, searched around and found a repository of stock roms or firmwares or whatever it's called (I'm not too familiar with this side of smartphones), which I'd love to post, but apparently can't because I've last than 10 posts: doc-doapi.com/EM/selecline/smartphone/
It has a lot of roms for different models of my brand.
Used the UpgradeDownload - R2.9.2015 tool that was in that folder and flashed it successfully.
After I turned on the device it opened the new phone setup process, logged in to my google account, and restores my stuff like contacts, and a few trusted google apps from before the flash, but it soon started again to install those malware apps I stated up there on it's own, and it was soon in the same state as before...
Anyway here's some info about my phone that probably should've gone to the top.
It's a Selecline phone
Model S4S5in3g
Android version: 5.1
Kernel version: 3.10.65
Compilation number: S3S5in3g.V1.2_20160307
At the back it has a sticker and another model number 870712 which I used to find the folder on that repository of stock roms.
And that's all in a big nutshell, anyone has any tips?
Thanks.
lil' bump
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Quick tip for getting rid of Malware even before they start. Go to Settings and check Data Usage. See which apps are using lots of data (downloading junk into your device). Note if there are any strange sounding apps that are downloading a lot of data, especially if it is not an app that you yourself were directly using.
Next, flash the stock ROM again. Once you flash the new ROM, you have to find a way to root the device. Try KingRoot. Then after the phone is rooted, go to Playstore and download SD Maid. Run SD Maid and give it root access. In the settings for AppControl of SD Maid, allow it to show system apps. Then run app control and freeze any strange-looking user apps (or anyone that was downloading a lot of data) and system app that are not required.
Please, let me know about the website and how to access the ROMs.
As mentioned before, install a clean room again. Copy virustotal app from the attachment of these post (https://forum.xda-developers.com/showpost.php?p=77053739&postcount=11) to SD-card and install it. Turn wifi on and let it run. Control every app and the system-apps. Post a screenshot of the findings. If there are findings, then the room is infected. The only way to deal with this, is to root it, install rootexplorer an kill the infected app. This can be dangerous, if for example, the lauchner is infected, an alternative launcher must first be installed and set as default, before you can kill the infected one (otherwise you will own a useless phone until you flash it again ;o).
Hey guys, thanks for trying to help.
I tried literally everything before, I've even somehow got a kitchen up and running and I removed everything that looked suspicious and all those bran add-ons from the rom, but even then I'd still get infected.
I didn't really try the antivirus route though and to be honest I already shelved that phone, but I'm kinda bored, so I'll try y'all suggestions, an extra working phone can always come in handy.
CVAngelo said:
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Click to expand...
Click to collapse
I'd love to help you mate, I found that repository in a forum maybe forum.gsmhosting, and I've tried to access it earlier, and I'm also denied access.
What's the best way to remove bloatware on my s23 ultra it has Verizon bloatware and it's unlocked with a clean imei
Universal android debloater gui
Or
Adb app control
spart0n said:
Universal android debloater gui
Or
Adb app control
Any way to do it without a restore or loss of everything.?
Click to expand...
Click to collapse
Both work without removing your data. All they do is give you the power to uninstall apps that are system apps that are bloat and not actual system apps
Never used either of these 2 before, but am interested.
Can you use these both without root, or does the phone have to be rooted?
Do they only remove the system app and nothing else, the phone won't reset etc will it?
Also, do you need to redo this a lot on each android firmware update? Will updates generally reinstall some apps you have removed?
Regards
James
james_lpool said:
Never used either of these 2 before, but am interested.
Can you use these both without root, or does the phone have to be rooted?
Do they only remove the system app and nothing else, the phone won't reset etc will it?
Also, do you need to redo this a lot on each android firmware update? Will updates generally reinstall some apps you have removed?
Regards
James
Click to expand...
Click to collapse
They can be used without root. What they do is just removing the apps from the list of installed apps, their aren't physically deleted from the phone storage, so there is no need to reset the phone. Regarding updates I don't know.
spart0n said:
Both work without removing your data. All they do is give you the power to uninstall apps that are system apps that are bloat and not actual system apps
Click to expand...
Click to collapse
Thanks for the info does this also remove the Verizon startup I want to remove everything that has to do with Verizon from this phone
cudahy_boy said:
Thanks for the info does this also remove the Verizon startup I want to remove everything that has to do with Verizon from this phone
Click to expand...
Click to collapse
I'm no expert here but I think that to fully remove carrier customisation you need to flash a different CSC through Odin.
I just use ADB to uninstall the packages...
Mine is unlocked so might not have much bloat as yours....
Removing Bloatware on the Samsung Galaxy S10 Series (Android 10)
You might recall seeing this article: https://medium.com/@aviparshan/removing-bloatware-on-the-axon-7-running-android-8-0-7448b1b0ec6b
aviparshan.medium.com
Hello,
Does anyone has a list of save to remove apps?
Thanks in advance.
salapolivalenta said:
Hello,
Does anyone has a list of save to remove apps?
Thanks in advance.
Click to expand...
Click to collapse
Both programs, universal android debloater and adb app control both have lists built-in and if there's one you don't know what it is or does, it shows the package name (com.android.whatever.app.calls.itself) in both programs so you can search for it online for a description of it
I have used universal android debloater and didn't even uninstalled all recommended and the result is not so good because I am not able anymore to install EXPERT RAW. I should have installing from the beginning, before to try the debloat
For some reason export didn't worked but I manually did screenshots. Can you please tell me what broke the posibility to install EXPERT RAW in camera?
I am not using Samsung account, just logged in with google account instead. It is mandatory to use samsung account for this particular camera plugin?
Thanks in advance!
No clue, I don't use that app but how are trying to install it?
You can sort by uninstalled and have "install" for each application which will ofc install it back.
salapolivalenta said:
You can sort by uninstalled and have "install" for each application which will ofc install it back.
Click to expand...
Click to collapse
You're trying to install expert raw from the debloater?
If it was already on the device then I'd restore all the apps and expert raw included, then remove apps again and not remove expert raw.
Otherwise you have to leave the Samsung Galaxy store to install it from there
As I mentioned, expert raw was not installed, I have discovered after debloat that the camera raw install method is from camera app itself but now is not possible anymore, nothing happens when tap on the icon.
Some samsung modules/system apps are missing, installing back everything doesn't solve the issue.
I will reset to factory defaults, and I will login to samsung account just to be able to install expert raw and then I will debloat again (what exactly is not clear atm).
I know battery life on this model is not bad but I want to make it more efficient, my problem is that some of the apps from the provided list shouldn't be removed and I don't know which one is.
All I want is to keep everything related to camera capabilities, other thinks like microsoft apps, knox, sasung acccount, galaxy store. bixby and some google apps I don't need because for sure they are running in the background and are eating from the battery life.
s23 ultra is too new, recommended apps from universal android debloater are not safe to remove, at least not all of them so I can't find anywhere a SAFE LIST to debloat for this phone.
Any point into the right direction will be much appreciated.
Thank you!
salapolivalenta said:
As I mentioned, expert raw was not installed, I have discovered after debloat that the camera raw install method is from camera app itself but now is not possible anymore, nothing happens when tap on the icon.
Some samsung modules/system apps are missing, installing back everything doesn't solve the issue.
I will reset to factory defaults, and I will login to samsung account just to be able to install expert raw and then I will debloat again (what exactly is not clear atm).
I know battery life on this model is not bad but I want to make it more efficient, my problem is that some of the apps from the provided list shouldn't be removed and I don't know which one is.
All I want is to keep everything related to camera capabilities, other thinks like microsoft apps, knox, sasung acccount, galaxy store. bixby and some google apps I don't need because for sure they are running in the background and are eating from the battery life.
s23 ultra is too new, recommended apps from universal android debloater are not safe to remove, at least not all of them so I can't find anywhere a SAFE LIST to debloat for this phone.
Any point into the right direction will be much appreciated.
Thank you!
Click to expand...
Click to collapse
Unfortunately I don't think there are multiple lists of what you can uninstall. The lists in both apps I suggested are all safe to remove and the phone still work as a phone without anything extra. My only recommendation is that you just remove a couple things at a time and make sure that your camera still works as you intend it to. I wish I could be of more help, I'm sorry.
Hello,
I fixed the issue, actually is very easy. The list I initially provided (via screenshots) is fine, you just need to install back galaxy store and from there search for expert raw without being logged to a samsung account and then install it.
I haven't pay attention, the galaxy Store app name is com.sec.android.app.samsungapps.
Many thanks for your involvement!
Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful