I have an old non-rooted smartphone that I currently need and cannot format. Scanning with the app Diskusage the part named "system data" has reached the size of half of all memory. It has gotten bigger as time has gone on, but particularly in the last few months. A year ago, for example, it was half the size of now.
The point is that today I noticed when and how this "system data" gets bigger: it happens when I uninstall an old app, perhaps a large one. This system data becomes bigger after uninstalling, and even reinstalling the same app, the size does not decrease again. This makes me think that android does some sort of backup of some kind when an uninstall of a certain type happens (probably big and old app, it seems). No cleaner is able to decrease this part.
Could there be a solution to decrease the now enormous size of this system data without formatting?
Back up all critical data. That's all that really matters.
Try SD Maid Pro, scan with Malwarebytes.
If that fails it's factory reset time, if that fails and it's not Android 9 or higher it may need reflashed.
Possible virus or rootkit. Android 8 and lower are vulnerable to the infamous XHelper.
You are what you load. Maybe just a poorly coded 3rd party app that corrupted or permanently changed hidden user settings in the user data partition (factory reset will clear this if you can't rectify it) or outright invasive malware.
Maybe someone here has a better plan...
Tried both, neither cleaner or antimalware fixes. I think it's some kind of bug.
What device and OS version?
What do you mean by "can not format"?
It's a MT6580, with Android 5.1
I can't do the reset otherwise the problem was solved
Could be a faked one? Then partition sizes can be anything...
Anyways, with those specs if they are real, mtk-su should work.
It's real, enlarging this part decreases the available space, like there's something in the system files that gets bigger, junk files or backups, or something like that. And it happens progressively, I've often read about this problem on the forums (this for example: https://community.oneplus.com/thread/514553 ),but I've never found a solution.
Anything below Android 9 is suspectable to partition worming nasties like Xhelper. Malware should always be considered when persistent and abnormal behavior is seen especially in older Android versions.
Something is generating the data. Obviously you need to find/examine that data then extrapolate the process responsible if the easy fixes don't work. To start you need to find the tools to do this. This deeper than I ever need to or care to go at least thus far. If you want to continue to play with it you might want to kill it's internet connection and isolate it as a security precaution.
However, I've gone through various antiviruses, including Malwarebytes, but it doesn't find any type of malware or virus.
Related
I was wondering if there is a way to always keep commonly used apps preloaded into memory for instant access. (sms, contacts, browser)
xemi1 said:
I was wondering if there is a way to always keep commonly used apps preloaded into memory for instant access. (sms, contacts, browser)
Click to expand...
Click to collapse
Start them once, and they will be remaining in memory until Android OS decides the memory is better needed elsewhere.
What you describes is not The Android Way. Primary memory is the most critical resource in Android, lacking virtual memory. Due to this fact, an app may be killed by the OS if more memory is needed for other needs. On the other hand, an app often used, is very likely to reside in memory, giving you this "instant access" you want. If you'd be able to lock an app and its memory, the phone would get out-of-memory not being able to release it when you try stating Angry Birds.
This said, some devices have "Don't keep activities", "Background limit: no processes" or so much bloatware installed, leaving an app gets it more or less instant killed, causing the next start of it to be considerably slower. In this case, the solution is to adjust those parameters, not forcing your apps active.
Read this thread. It might give you some light. Specially the " bulletproof " thing.
The only reason I'm needing this is because of the buggy dialer/contacts that comes with the stock sgs s3 ics 404, where if they go out of the memory they take like 1 sec to load, whereas different dialers and any other stuff is pretty much instant.
It's annoying to experience that delay whenever you need to make a call on a flagship smartphone.
And other market dialers are ugly and/or need the stock dialer to open for them to work.
I would like to avoid rooting g and losing my warranty as well.
I've been using android for a while, and I'm not afraid to fiddle with my phone, so generally I root, remove bloatware and install ad blockers and stuff.
My motivation in this situation is that I'm low on storage space.
However, my current phone isn't remotely as ubiquitous as the HD2 I had previously and I can't just shrink down the system partition to make more room for internal user apps (at least not with confidence I won't brick my device).
So, I tried moving all my google apps back onto the system partition (I only like having apps I know I use regularly on system, so my OEM apps, Google apps, Skype and Facebook) and only half of them work.
I'd like to understand why this is and if there's anything I can do to fix it, because most of these apps were installed as system apps originally and worked fine (I moved them to user because pushing updates to system caused this same issue, and having duplicate installations is redundant).
A secondary part to this question is whether odexing is required or not on system (I thought this might be the issue, but odexing all system apps didn't work. I've read it's better to deodex and zipalign, so I will do that if odexing isn't important.
All good questions, I am in the same boat. Upgraded from an S3 to an S4, addicted to the CM themes and the best of them are quite large but require system space usage so even though I have loads of space on my ExtSD I have run out of space on my internal and now am having an issue with pushing simple updates to my system apps. Hope you get an answer to this question soon
I have done the following in attempt to get rid of this spyware:
flashed Havoc os
stock roms from official Miui using xiaomi flash tool and using twrp
erased partitions using adb before flashing (boot, system, recovery, data, cache)
It seems like it doesnt even touches it. I know its still there because he can control my phone (play notifications sounds from messenger i dont even have installed, closing/freezing my browser, freezing my screen, lockscreen goes on i dont even touch the phone).
What else can i do? Is there a way to erase every bit of data from the phone? What remains after flashing a stock rom?
edited//
Is there any way i can find Qualcomm Snapdragon 439 firmware and flash it? Can anyone help me pls?
I saw chimera tool can do firmware update but it costs 120 euro and idk if its gonna work
Can you explain more about the spyware?
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
pulshar18 said:
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
Click to expand...
Click to collapse
How did you get get infected by this ?
He got physical access to my phone.
pulshar18 said:
He got physical access to my phone.
Click to expand...
Click to collapse
That wasn't too clever. Lol, rootkit from hell.
You need to wipe the internal memory 100% as well the SD card if any.
If it has a sim card I'd replace that as well.
Or make the perp fix it... legally.
Any associated Google accounts reset the passwords... now.
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
I am in a similar situation.
I install YouTube vanced and WhatsApp Plus
in the latter case something deleted my entire data without asking me -I suspect it was clean master and my vanced applications were uninstalled all of a sudden.
I seem to know what cause that com.miui. securitycenter if you disable it it will boot loop if you to change and restrict access to various permissions then phone functionality is upset
I took out a separate thread on that here on xda Google com.miui. securitycenter draconian legitimate spyware from redmi
there is a thread on XDA I use havoc ~ two years or so but because it does not support VoLTE and trying to enable that has been in vain I am forced to come back to China ROM.
Did you install any apps after flashing ROMs / gapps?
pulshar18 said:
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
Click to expand...
Click to collapse
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
actually step back a little how do you conclude it's your phone that is affected you say he has access to our accounts and password maybe e is connecting on your Wi-Fi network IP address is the same and then trying to tinker with your accounts. what specifically makes you think that your phone is hacked as against something else
blackhawk said:
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
Click to expand...
Click to collapse
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
sieger007 said:
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
Click to expand...
Click to collapse
Jeeeesze, downloads from WhatsApp?
That's a great way to pick up creepy crawlers.
WhatsApp, FB, Instagram don't get on my devices. Ever.
They ruin lives, careers and more... they are spyware and malware by their very nature.
I never have had anything detect these little buggers, I'm not saying there aren't detectable, but don't count on it. The two I found I didn't even consider keeping them for analysis.
They wasted enough of my time as it was. Finding them in an ocean of jpegs could be problematic.
Rule #1, all downloads go to the download folder.
Choose what goes into your database after observation and at least scan it with Malwarebytes. Online Virustotal for any download remotely suspicious. Open jpegs at least once in the download folder and be aware of anything unusual afterwards... that may be the only clue you get.
If you really think one of these images has a malicious script, you need to isolate it. Scan with Malwarebytes and whatever else you want.
Try reloading, confirm the device is still clean then load the suspect database.
Problem being the trigger is opening the jpeg or some other related action to it like deleting the email it was associated with in Windows Outlook. If you get nailed again, reload and break/import your database in groups. You can see where this is going... it may take a while.
I've seen what they can do, I avoid downloading clickbait pics from untrusted sites, people and emails (email is kept in the cloud ie gmail).
My backups are also from different time periods on hdds completely isolated from each other and the PC. I could lose some of my database but not all of my it. With over 1 tb of data I'm not playing around.
The second and last(?) malicious jpeg I ran into was on Android about 1.5 years ago.
Hello,
So I've been perusing the threads, searching for an answer on this, however, I've not found it. I need to recover data after my phone was inadvertently wiped. I have a cryptocurrency wallet on there I need to get the app data for/recover. I tried a few applications, but they required me to root the phone. I then found this forum, and have been searching for more information, however, it seems rooting my phone model is circumstantial?
I've done OEM unlock, activated debugging mode, and the option that states "allow bootloader" unlock. In light of that, do I still have to flash the phone? If so, will it be possible to recover any data that hasn't been overwritten? Has anyone successfully rooted the Oneplus Nord N10 5G BE 2026?
I would humbly appreciate any advice on this matter, thank you.
If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.
blackhawk said:
If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.
Click to expand...
Click to collapse
Blackhawk, thank you so much for providing this information to me. This is what I thought, but don't have the background to understand this. I will follow your advice and hope for the best after finding a data specialist. Hopefully, someone can pull off a miracle. In the meantime, I will continue to peruse the forums to expand my knowledge to perhaps be better prepared for this in the future.
Truly, thanks again!
You're welcome.
Android is generally a very stable and reliable platform. However setting lock screens and such are more likely to lock you out of your own data than someone else. Sometimes through no fault of your own. If no lock is set, there's no password to get corrupted. I got locked out of a laptop bios like that.
Androids can and do crash often with little or no warning although this is rare. Drops probably kill more than anything else.
Always redundantly backup critical data to at least two hdds that are physically and electronically isolated from each other and the PC. Never encrypt data drives... lock it in a safety deposit box if you must.
Hi everyone,
My OnePlus 9R often crashes, and it looks like it's related to the internal storage. Read and write operations stop working, to the point where apps won't open and restarting hangs until I do a hard reset.
When I do restart, the same apps always fail in the same ways - mainly apps like Instagram and Sync for Reddit sign me out, indicating that there might be a problem with secure storage?
I think it may be triggered by me using a certain amount of space, though I'm not entirely sure about that.
This happens on custom ROMs as well as on Oxygen OS.
Has anyone ever seen anything like this before? If there are indeed bad blocks in my internal storage, is there a way to avoid them?
You have a memory leak?
blackhawk said:
You have a memory leak?
Click to expand...
Click to collapse
I doubt it, when this happens it will generally keep happening within minutes of rebooting until I go into TWRP and delete some files.