[Q] Possible malware aMusic201011_3.apk - Android Apps and Games

I just upgraded to Titanium Backup Pro and after exiting the program my Browser pops up with this page advertising HotMusic for the Android with a sexy female photo. I exit the browser, and immediately my phone starts downloading the above app. I then get the message that HotMusic application was stopped from loading as it wasn’t from the Android Market. I checked ASTRO File Manager and under downloads I find aMusic201011_3.apk sitting there (with the female thumbnail photo), so I delete it, and run a Lookout malware scan. I’ve searched online as well as on the boards and don’t find any mention of this application or the site. My questions are, is this malware, and has any one else had this problem? Also, if I update to a different ROM will I still have the protection of some unwanted software being able to sideload onto my phone.
Thanks

tahoeflyer said:
I just upgraded to Titanium Backup Pro and after exiting the program my Browser pops up with this page advertising HotMusic for the Android with a sexy female photo. I exit the browser, and immediately my phone starts downloading the above app. I then get the message that HotMusic application was stopped from loading as it wasn’t from the Android Market. I checked ASTRO File Manager and under downloads I find aMusic201011_3.apk sitting there (with the female thumbnail photo), so I delete it, and run a Lookout malware scan. I’ve searched online as well as on the boards and don’t find any mention of this application or the site. My questions are, is this malware, and has any one else had this problem? Also, if I update to a different ROM will I still have the protection of some unwanted software being able to sideload onto my phone.
Thanks
Click to expand...
Click to collapse
I don't have Titanium Pro, but are there ads in it? Possible you clicked one?
In my experience with computers (ie: people using IE calling me to fix their malware), these sort of things often intentionally don't manifest themselves until a bit after their initial infestation.. My guess is so it's harder to determine where they came from.
What other programs have you installed recently? Honestly I still am not that quick to believe that there is malware going on, rather some accidental click or selection, but..

I'm surprised as well, but have come across hijacked respectable websites in the past, so I feel anything is possible. I did not have the browser open when the event took place, nor was it running in the background. I find it hard to believe that the developers of the Titanium package intentionally placed this package on it.
Is this possibly a new malware package or vulnerability exploit of the Android system (or am I just the lucky one)?

Do you still have the "aMusic201011_3.apk" which was downloaded? Might make to easier to figure out

khaytsus said:
I don't have Titanium Pro, but are there ads in it? Possible you clicked one?
In my experience with computers (ie: people using IE calling me to fix their malware), these sort of things often intentionally don't manifest themselves until a bit after their initial infestation.. My guess is so it's harder to determine where they came from.
What other programs have you installed recently? Honestly I still am not that quick to believe that there is malware going on, rather some accidental click or selection, but..
Click to expand...
Click to collapse
Joel doesn't include ads in his app. It's all ad-free and purely run off donations, which I'm sure he receives a lot of.
But I agree with you that OP probably mis-tapped something and thats what caused all this.

Thanks, maybe it was a faulty thumb
Thank you for your responses. It's possible that my thumb hit an ad, it happened very quickly after paying for the pro/premium version. My first inclination was to stop the browser, and then delete the program, so unfortunately I did not keep a copy.
There has not been any further problems with the phone, so consider this post finished. Thanks

Related

Marketplace "copy protection" cracked

I will not do anything with this, or publish how. But you can be assured the "warez" guys from that one site will figure this out within a day or so as well...
As most of you will know I am a software developer by trade, with some commercial offerings from my company.
And then there was Marketplace. For commercial devs, something nice to have. But if you have followed the news, the piracy protection for commercial developers is not much to speak of. See this document http://download.microsoft.com/downl...tplace for Mobile Anti-Piracy White Paper.pdf.
I will refrain from quoting the obvious mistakes in this document, if you give this thing a read, you will notice them soon enough. What it all comes down to is that there is no copy protection, not even at the advanced level, at least if they implement it in the way I interpret from reading that document.
So today I started up Marketplace and it worked. Hurrah. The current level of protection is making sure the CAB files are deleted upon install - which is obviously not a way to protect anything - but even this, I thought, should easily be circumventable.
Now, because I wanted to see how fast it could be done, I went with a hunch instead of doing any investigation. And that hunch worked like charm. It took me less than five minutes to circumvent this "protection", and get the ability to save the CABs the MarketPlace app downloads to a different folder. As the CAB file is the same for every downloader, you could just give this CAB you payed for out to all your friends.
Obviously I will not disclose the method, because that would be working against other commercial developers, and ultimately myself. It's just to let you know how ridiculously easy it is, and to give fair warning to those looking to sell apps on the Marketplace.
So, the moral of the story is... WTF MICROSOFT?
I know firsthand there is no such thing as perfect copy protection, but this is just plain ridiculous.
What we really need is for apps to be able to use our own copy protection schemes... you know, like the good web-based app stores out there.
EDIT: l3v5y has also succeeded in doing something similar, and it seems the WMPowerUser admin also found another easy way to do it... Yay, and it ain't even out yet!
Not even 12 hours after launch...that's pretty quick
Oh noes.... that's not good!
Imagine Microsoft reads this and decides to offset tomorrow's Marketplace launch...
Or even worse, Microsoft launches the Marketplace but developers decide not to submit their apps because they're concerned that their apps get pirated.
Thats what happens when devices aren't locked down.
That sounds bad, but it's really no different to how things are today. Perhaps there are some apps that have more security than either nothing or a serial key, but none that I use have anything more sophisticated.
Even as a developer myself, I'd easily take this over some DRMfest.
So, if I'm reading this correctly, when you buy something from marketplace it's not tied into your username with a password like most apps? Instead, you just buy it and it installs the app, but doesn't give you a cab? Yeah, I don't think it's that hard to work around that and get a cab for yourself. Some of the cheaper apps at Handango are like that. Can you re-download an app onto a new device or if you have to hard reset, and is it free or do you need to buy download protection like form Handango?
Good, copy protection pisses me off, all it does is piss of the genuine users. We have to deal with codes and activation to be legit, while people getting it free, just click here and there, copy a code here and huzah.
Copy protection doesnt work, someone will always find a way around it. Unless its linked to a windows live profile/xbox live profile. Which I can see probably happening when they bring out Zune on mobile phones, which sounds like it might be sooner rather than later!
I did something like this earlier... MS haven't quite got security done yet, though my guess is the iPhone is no better...
I'm really surprised by the lack of any drm; what's the point of signing in w/ one's Windows Live account? The easiest thing to do is to associate valid applications w/ one's Window's Live account. That's what itunes does for music at least (I don't know about apps as I don't have an iphone/ipod touch). Of course, what would happen is that an internet connection of some form is needed when the application is first installed, which could become inconvenient.
The truth of the matter is that the percentage or ratio of people who would bother to do this is pretty small. Most WinMo usersbarely even know how to setup e-mail not to mention install a cab file.
Most of the people in this forum already know how and where to get cracked apps or warez if they wanted too. I don't see this so called "flaw" as being an issue to MS or developers.
Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM
fatmonk said:
Must admit that I find it a bit worrying that your not able to make a backup of the applications you buy by taking a copy of the cab file somewhere safe.
After having sent back 4 HTC phones (two different models) in the last 10 months, and having an SD die on me I'd really like to know that I have a backup of anything I've paid for.
Can anyone confirm if its possible to reinstall something you've paid for through the Marketplace app if it gets removed from your phone, or you get another phone? ie if you log into Marketplace with the same Lice ID does it show apps that you've bought but which aren't on the phone your connected with?
If I look at an app that I have installed through Marketplace there is no install button anymore and Marketplace tells me that it is installed... so no obvious way to get the application back...
Not enough free apps on the UK store for me to mess about with really (have installed Shazam trial but don't want to risk uninstaling it just to see what happens).
-FM
Click to expand...
Click to collapse
looks like it keeps track of all apps you purchased.
ow well, I guess it's a matter of time when there will be sites that point to all the cabs available on upload sites and stuff. Just like those sites exists for iphone/ipod (appulo.us for example)
I guess that's what happens when people see that there a lot of apps available on other country stores..
what do you think...
double post
thedicemaster said:
looks like it keeps track of all apps you purchased.
Click to expand...
Click to collapse
Hi dicemaster,
How did you try this? Uninstalling and reinstalling on the same phone or another phone? Or the same phone after a hard reboot / content erase?
I'm just interested to know from what state you can get back to your purchased applicationsand whether is purely your windows live id that connects you to your purchases or if there is some device specific stuff checked as well.
Cheers,
FM
Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V
I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.
vijay555 said:
Is there anything to stop Software Authors implementing (or continuing to use) their normal Serial number protection systems?
Looking at the Market Place, there are obviously some of the Big Names we all know and love, and I don't see why they would remove protection systems they have in place already, unless it was a MarketPlace requirement.
Personally, I can't say I'm at all impressed with the MarketPlace implementation - it heralds back to the early days of PocketPC. Maybe they're going for lowest common denominator hardware support, but frankly even the relatively poor Android marketplace on Hero is massively better. And the Appstore even more so. And I think Cydia tops most of them!
Let's hope that the MarketPlace at least drives prices down.
V
Click to expand...
Click to collapse
Microsoft does not support your own serial systems. There is no information you can compare runtime vs purchases either, so you can't roll your own. Well ok, you DO actually have device ID information you could use, but that way purchasers can only run the application on the phone they actually bought it on. It is not clear how 're-download' information will be transmitted. If that also transmits a device id, then it is possible to roll your own, though it would be pretty nasty.
zim2323 said:
I am assuming it's more difficult then just going to \Windows\AppMgr\Install folder while the installer is running and copy the CAB file to another location. This is how I get the CAB files from PC only installers.
I personally use SKTracker a lot. I take a snapshot before, and then during the install and see what has changed. That generally tells me right where any install files/CABs are that I need to grab.
Click to expand...
Click to collapse
If you go to C:\Program Files\Microsoft ActiveSync on your PC, you'll probably find an archive of many things that you installed over active sync.
SK Tools is a good way to re-pack any installed programs into cabs. I would guess that it works with programs from Market Place.
good find bud..i sent it to engadget for ya
http://www.engadget.com/2009/10/08/dev-finds-windows-marketplace-drm-severely-lacking-easily-circu/

ChompSMS flagged as malware by several AV's

Hi ppl in the xda hood
I just write to let you know that ChompSMS has now been flagged as malware, both on 2 phone here locally with Avast as scanner, and subsequently by upload to Virustotal, and flagged by some of the major names too.
This concerns both the 5.30 and the update from tonight to v5.31
As Im new, I cannot post urls, but you can dump the apk from both versions, upload for a scan, and have a look at the report yourself from virustotal dot com
XDA must decide if its worth it alarming the community, but better safe than sorry, right?
I guess it could be a false positive, and I do know things should not be rushed about accusations of malware developing, but seeing that several of the major scanners is flagging it both before and after the update, certainly raises my concerns.
I hope those of you who knows your way around decompiling and analyzing code will look into this, so that we can get more eyes on it than "just" the AV companies reports.
Sincerely, Omnius
After a bit of micro-investigating I have so far found these domains in the code, so if you do HAVE to use ChompSMS, (I do) you can ad them to your HOST file, just for the sake of it.
I dont know when or why they will be used but as they are in the code, there is a potential connection lurking in it. Decide for yourself, untill further ppl have a close look than mine.
Im not a dev of any sort, but I do know how to poke around to learn. Therfore please do not just take my words for granted until more competent ppl here have their say.
I do know that a few of these is for "normal" android app ads, and analytics and so on, but these are my finding so far, so filter our what you like it to connect to yourself. If you dont mind ads connections in-app, serve your wish, so to speak.
millennialmedia.com
gateway.textfreek.com
report.bitesms.com
nexage.com
inapp.chompsms.com
adserver.com
greystripe.com
smsgateway.chompsms.com
m.advc.us
cvt.mydas.mobi
rest.starttalking.com
mobileads.google.com
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
All of them appear to be valid to the program. Half are ad for ads, the other half are for functionality in ChompSMS.
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
zelendel said:
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
Click to expand...
Click to collapse
chomp was never flagged before the 5.30 update a few days ago...
really bothers me, i love chomp. i donated to remove the ads. i'm hoping they fixed it with 5.31 and the virus scanners are just still reporting it as a false positive. until it's sorted out though, i uninstalled...
Update : avg doesn't detect anything wrong with the newest version, 5.31.
Lemme tell you...
I noticed the new permissions requested in 5.30 (special access to browser history/bookmarks), and kinda shrugged it off. Dumb move on my part. Immediately upon launching 5.30, I get a notification from ADWLauncher that it cannot fit a new shortcut on my desktop (because the main page was full). So I'm naturally all like WTF... so I flip through my desktop pages to notice that ChompSMS had made itself a shortcut to searchmobileonline.com.
I also heard that it replaces your default browser home page and search method with the same. I use xScope exclusively, so I haven't been able to check that yet.
Delicious, Inc. has really crossed the line with this latest stunt. What were they thinking!? ChompSMS was the best Android messaging app IMHO. Why jeopardize such a great reputation? If it's money they were after, I'd imagine they could've raked in a nice bundle of cash for selling the product to another company.
Does anyone have a copy of this apk that I could take a look at?
kyokeun1234 said:
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
GoSMS is a security risk
Sent from Narnia
xHausx said:
Does anyone have a copy of this apk that I could take a look at?
Click to expand...
Click to collapse
I know this is a old thread but better than starting a new one.
I would like to ask if there is any news on this. I love chomp SMS, imo the best messanger for my taste. I have bought the pro version, to stay away from ads and unnecessary internet data. I have chomp on a brand new phone, no sim card, no messages, just activated chomp and my firewall instantly found chomp active on internet. I watched this for some time and really chomp was trying to do something even I did nothing with it.
important note: there is no data mining in any of their terms. Or at least I did not find anything.
So I contacted chomp about the behavior and they said that "they never seen this before" and suggested reinstall. I did, didn't help.
On the second try, they told me that it is connecting because of ads, but I had the pro version (and they knew it). So no luck.
After the third attempt, they said that chomp is sending once a day info that it is installed so they know how many installs they have.
This sucks a lot. Security concerns appears instantly.
I think it would be worthy to literally sniff a bit around this, since so many people is using chomp.

Ok....i give...need some solid information.

I have googled and searched my fingertips to the bone. Whenever i ask a technical question, i get answers from the clueless and the blind. I am beginning to hate this game.
So here we go. Stock android 4.4.2 ....rooted. How do you control which apps autostart and load in the background? Right now I have been trying to kill the Music app. Nothing works. It always restarts. So that means there is a sticky setting in some file somewhere in the system that needs to be edited that more than likely can not properrly be controlled from the childish controls android offers. In windows this is controlled in the registry and the startup process. Where is this in android? Why does no one share this information?
Yes i know it's dangerous. Yes i know not to putts around in the operating system. But if youre rooted, give us the data to control things.
So i await a learned response that probaly only one of the "developers" can answer. Because it sure as s€£%t ain't out there to be found.
Signed, royally frustrated
I'm reminded of that saying "You can catch more flies with honey than with vinegar." Not sure why your posts are so charged but many seasoned developers and posters aren't going to engage in conversation with someone who uses condesending and self righteous tones.
I've never seen detailed posting of how it works, nor do I care to know, but by installing Greenify you can effectively control what you wish to control. Greenify allows you to hibernate applications keeping them asleep until manually called.
Some applications have associated services that are used by other parts of the system or other applications and therefore stay loaded to provide that service. If you also install Xposed Framework it will allow Greenify to inject itself further to keep applications that you choose to hibernate from being called upon by other applications (facebook for example has services that often get called upon by other applications for various reasons and so it can be hard to keep hibernated).
Sent from my SM-P900 using Tapatalk
muzzy996 said:
I'm reminded of that saying "You can catch more flies with honey than with vinegar." Not sure why your posts are so charged but many seasoned developers and posters aren't going to engage in conversation with someone who uses condesending and self righteous tones.
I've never seen detailed posting of how it works, nor do I care to know, but by installing Greenify you can effectively control what you wish to control. Greenify allows you to hibernate applications keeping them asleep until manually called.
Some applications have associated services that are used by other parts of the system or other applications and therefore stay loaded to provide that service. If you also install Xposed Framework it will allow Greenify to inject itself further to keep applications that you choose to hibernate from being called upon by other applications (facebook for example has services that often get called upon by other applications for various reasons and so it can be hard to keep hibernated).
Sent from my SM-P900 using Tapatalk
Click to expand...
Click to collapse
I am sorry. I did not intentionally want to come off as charged or spraying vinegar. Quite the opposite. But I have found, after reading tons of post, that we are living in the land of the blind and hardly anyone with sight is actually participating or for that matter even providing a modicum of usefull data. Beginning to think that I don't blame them.
It seems, after deep searching and research that children are actually in charge. What other explanation can you give for an operating system that is struggling with "basic" features found in DOS or windows 3.1 from 20 years ago. Similar to the slow evolution of linux, itself which only now, barely, is win xp like in its features after decades as a skeletal nightmare to load and setup.
You may not have caught the news a few months ago, but Samsung was floating the idea of abandoning android for a flavored and skinned version of linux for future devices, both phones and tablets.p, starting with the China market.
Tell me that Microsoft did not head that off by providing reciprocal licensing to Samsung for windows 10 to abandoning linux. Would not be suprised if we start seeing win10 handsets in the near future here.
Once android looses support from major manufacturers, then it is DEAD.
Read every other post and you will see the lament about the quality of google store apps.
So when I ask a specific, technical question requiring a precise answer.....which requires actual proframming skill.....which has yet to appear...you can see how the lack of response to that colors the situation.
If I offended anyone, I apologize. I get excited sometimes. Repeatedly slamming ones head against the wall, figuratively tends to make you anxious.
At this rate, my raw participation on these boards may be curtailed if I continue with this sense of useless effort.
Sorry to make anyone upset. You can let the kids back in the room. I think there is ice cream.
Have you considered freezing the processes you want to prevent from running with Titanium Backup?
ShadowLea said:
Have you considered freezing the processes you want to prevent from running with Titanium Backup?
Click to expand...
Click to collapse
Titanium backup would work. The other option since you are rooted is to just remove the offending music app. I don't mind the samsung music app, but I don't find it absolutely necessary either. You could also uninstall the updates and force stop the app. That should also keep it from starting.
Another option that I haven't looked at completely but might work is the app "tasker" that lets you assign certain apps to start only when you want them too. So you could have the music app start only when you tap on media files. But I haven't tried this myself.
The problem currently with asking technical questions about the note pro is that it's a low selling device from 2014 so it just doesn't get much action on the forums anymore. It's a bummer for such a great device but that's how it is.
mjkurke said:
Titanium backup would work. The other option since you are rooted is to just remove the offending music app. I don't mind the samsung music app, but I don't find it absolutely necessary either. You could also uninstall the updates and force stop the app. That should also keep it from starting.
Another option that I haven't looked at completely but might work is the app "tasker" that lets you assign certain apps to start only when you want them too. So you could have the music app start only when you tap on media files. But I haven't tried this myself.
The problem currently with asking technical questions about the note pro is that it's a low selling device from 2014 so it just doesn't get much action on the forums anymore. It's a bummer for such a great device but that's how it is.
Click to expand...
Click to collapse
Low selling are not the words. More like abandoned. Samsung has moved away. My questions where android specific. "Freezing" apps, using a convoluted set of more apps to control unwanted apps, ridiculous. It is all ridiculous. Either root gives control or it does not.
I want full control, what runs, what doesn't, what runs in the background. Is that not why we root? So a comprehensive list of whats what WOULD RREEEAAAALLLLYYY HELP.
I am alone in the wilderness screaming at the trees demanding to know why it rains.
Do you understand?
Options like freezing in Titanium or using Greenify have already been addressed. Tasker is good for starting things but not so good at keeping things killed, not the proper tool to use for the job of keeping apps from loading.
My strategy:
1) Freeze anything that's safe to freeze that I know I'll never use in Titanium first. That way they never pre-cache into memory.
2) Greenify applications that I rarely use so that they don't pre-cache, taking care not to greenify applications that need to stay loaded to operate properly (like email clients, weather apps or messaging apps).
In the end on a clean boot my application/precache list is full of my commonly used apps. I worry not about how much free RAM I have, as long as the list of apps in RAM/cache is populated with the stuff that I commonly use.
NOW, all of that said if you're looking for something that works like windows startup manager then installing Xposed Framework and then BootManager is the way to go. I've done this in the past but find that employing freezing and greenify is good enough for my own needs so I've stopped.
globalsearch said:
Low selling are not the words. More like abandoned. Samsung has moved away. My questions where android specific. "Freezing" apps, using a convoluted set of more apps to control unwanted apps, ridiculous. It is all ridiculous. Either root gives control or it does not.
I want full control, what runs, what doesn't, what runs in the background. Is that not why we root? So a comprehensive list of whats what WOULD RREEEAAAALLLLYYY HELP.
I am alone in the wilderness screaming at the trees demanding to know why it rains.
Do you understand?
Click to expand...
Click to collapse
I am starting to suspect you have greatly misunderstood the meaning of root access. From what it sounds like, you seem to think it miraculously gives you access to settings and functions that non-rooted users can't see. Which is why you can't seem to get the answers you seek.
There is no such thing as a root-menu. Android does not have that functionality build into its GUI.
Root access simply means administrator access to the system's root directories. Hence the word Root.
You will always need additional apps and software to root access to change functionality. Titanium Backup, Xposed, SuperUser/SuperSU, etcetera.
If you want those options in the system, you'll need a customROM.
ShadowLea said:
Root access simply means administrator access to the system's root directories. Hence the word Root.
You will always need additional apps and software to root access to change functionality. Titanium Backup, Xposed, SuperUser/SuperSU, etcetera.
If you want those options in the system, you'll need a customROM.
Click to expand...
Click to collapse
Right and even with a custom ROM you can't run away from using 3rd party utilities to make the tweaks. Custom is usually a good start though as they are typically debloated. Civato's is good for lightly modified stock with xposed baked in.
Sent from my SM-N910T3 using Tapatalk
Now we are getting somewhere. So what you have all told me is that stock android, even when rooted, is still a sandbox with all kinds of limitations to customization. Even with apps to tweak some of it.
This is the nail in the coffin for me and android then. Im not in the least interested in all those custom roms where there is always some shortcoming or lack of support for a feature that does not work properly.
Thanks all. I am done.
globalsearch said:
Now we are getting somewhere. So what you have all told me is that stock android, even when rooted, is still a sandbox with all kinds of limitations to customization. Even with apps to tweak some of it.
This is the nail in the coffin for me and android then. Im not in the least interested in all those custom roms where there is always some shortcoming or lack of support for a feature that does not work properly.
Thanks all. I am done.
Click to expand...
Click to collapse
for what its worth I do have your answer, better late than never right?
anyways android is built on a linux kernal and normally access to the linux command line does not come pre-installed to keep normal people from messing up their system.
so you will need to download a terminal emulator app if you don't already have one if you plan to do this from android. (Alternatively you can do it from the android debug bridge while connected to a computer if preferred)
First you will want to get the package name for the app you want to disable.
you can do this with a root file browser app by going to system / Data / App and then finding the package you want to disable.
however since it sounds like you want to do this manually we will go over the terminal process:
open a terminal window.
type: su
Hit: enter
the terminal will ask you for root access, go ahead and grant it.
to list the android packages type: pm list packages
hit: enter
This will show a list of the installed packages (Apps)
find the ones you want to disable.
now type: pm disable insertpackagename
hit: enter
for example to disable youtube type: pm disable com.google.android.youtube
Hit: Enter
that's it.
you will likely want to restart your launcher or even just restart the tablet afterwards as most launchers don't constantly poll for disabled apps so it will need a refresh.
also you probably already realise this so I apologise if its redundant but make sure you know what you are disabling
as with any linux environment disabling system packages and packages that another application is dependant on can cause trouble.
firefly6240 said:
for what its worth I do have your answer, better late than never right?
anyways android is built on a linux kernal and normally access to the linux command line does not come pre-installed to keep normal people from messing up their system.
so you will need to download a terminal emulator app if you don't already have one if you plan to do this from android. (Alternatively you can do it from the android debug bridge while connected to a computer if preferred)
First you will want to get the package name for the app you want to disable.
you can do this with a root file browser app by going to system / Data / App and then finding the package you want to disable.
however since it sounds like you want to do this manually we will go over the terminal process:
open a terminal window.
type: su
Hit: enter
the terminal will ask you for root access, go ahead and grant it.
to list the android packages type: pm list packages
hit: enter
This will show a list of the installed packages (Apps)
find the ones you want to disable.
now type: pm disable insertpackagename
hit: enter
for example to disable youtube type: pm disable com.google.android.youtube
Hit: Enter
that's it.
you will likely want to restart your launcher or even just restart the tablet afterwards as most launchers don't constantly poll for disabled apps so it will need a refresh.
also you probably already realise this so I apologise if its redundant but make sure you know what you are disabling
as with any linux environment disabling system packages and packages that another application is dependant on can cause trouble.
Click to expand...
Click to collapse
Finally. Thank you, thank you, thank you.
globalsearch said:
Low selling are not the words. More like abandoned. Samsung has moved away. My questions where android specific. "Freezing" apps, using a convoluted set of more apps to control unwanted apps, ridiculous. It is all ridiculous. Either root gives control or it does not.
I want full control, what runs, what doesn't, what runs in the background. Is that not why we root? So a comprehensive list of whats what WOULD RREEEAAAALLLLYYY HELP.
I am alone in the wilderness screaming at the trees demanding to know why it rains.
Do you understand?
Click to expand...
Click to collapse
Just thought I would clarify a bit here, I know how confusing it can be coming from windows, I made the switch myself not so many years ago and had a lot of the same questions.
to explain root, the closest comparison I have imperfect as it may be is that root access is similar to windows admin access.
the noticeable difference in a lot of cases is what comes pre-installed.
for example in windows if you have an admin account it automatically unlocks access to the command prompt which was already pre-installed.
in android root access gives you the option to use a terminal but often one is not pre-installed, in fact even a file manager is often not included.
this is actually not a limitation of android so much as a limitation put in place by the specific device manufacturer as to what comes pre-installed.
for example a lot of cheap android tablets running google AOSP (Android open source Project) code actually do come with terminal apps and in some cases even come pre-loaded with root access.
in comparison a lot of more well known devices do not come with this pre-loaded to prevent people from breaking things. (For a windows comparison, its hard to delete the system32 folder without admin access, a file browser and command prompt right?)
As far as samsung abandonment, its a bit trickier there.
Basically what you would normally be used to is the Microsoft scenario.
1. Microsoft - Microsoft makes the OS but it runs on hardware made by others.
a. hardware issues go to the hardware manufacturer for as long as they support it.
b. OS updates are handled by Microsoft, they have more or less full control of the OS as it is closed source.
2. the Samsung Scenario - The hardware is made by the manufacturer, the bootloaders are locked, the OS is made by Google and then tweaked by the manufacturer.
a. all official updates come through the manufacturer (In this case Samsung) after google releases the open source code, samsung then alters it as they like and then they release an update.
b. Samsung is the sole support for the hardware and software as google no longer supports the software for the most part after its been altered.
c. it takes a lot of time and work for samsung to develop an update and push it out and then deal with all of the issues that come with updating the OS.
d. its often easier to leave a device that comparatively very few people bought on an OS that they knew was usable rather than spend all the time and money updating it and dealing with all of the related issues.
With that in mind this tablet has been out for about 2 years now which is a huge amount of time for this type of hardware.
All that being said Samsung very recently released the update to android 5.1.1 for this tablet
so it is definitely not abandoned yet, in fact its had more attention than even other devices by the same manufacturer but I suspect 5.1.1 will be the last official update we see.
if you have one of the note variants with an unlockable bootloader as well as a bit of time on your hands I would very much recommend trying a custom rom if you are worried about samsung abandonment.
you may have to try several different ones though, as you'll find a mix of roms that may seem almost half baked, more alpha release style but are cutting edge (I like those ones myself) to roms that are even more stable than the original.
My apologies if some of this is redundant information, I just thought I would throw in my two cents in case it helps
Two points . . for what its worth . . 1) the use of package manager's disable command effectively does the same thing that freezing in Titanium does, the main difference being that you're using a GUI to do it (there can be differences in how the apps are flagged though and using the pm command means not having to rely on yet another app); 2) disabling/freezing means you'll be unable to ever launch said application unless you enable the app again manually (using the package manager PM commands or Titanium).
Main reason in my initial response I didn't go straight to freezing/disabling apps is because that approach isn't exactly the same thing as managing startup in the context of the example given about managing what apps start up on boot in Windows (i.e. msconfig command and unchecking startup options). When someone takes an app out of startup in Windows the software isn't permanently disabled (unavailable) it is merely prevented from preloading when the system is started. So . . in reference to the music app referred to in the original post, if the goal is to be able to use the stock music app but just not have it load itself into memory on its own then the solution isnt disabling it or freezing it, its to hibernate it with something like Greenify or prevent it from starting using something like Boot Manager and Xposed Framework.
Firefly6240 got exactly what I was asking for. Freezing and hybernating, et al, is not total control. When i kill an app and i want it gone. I want it gone. Example, the google music, google books and google films. I gave stopped, killed even "uninstalled" in Purify and in Kingroot. On random reboot, the buggers are back. Fireflys solution is ceasars thumbs down. Wonderful. He understood the TOTAL control I was looking for.
Also, i loaded android terminal to run the commands.
By the way, Knox and EML are next on my list.
Thanks again firefly6420
globalsearch said:
Firefly6240 got exactly what I was asking for. Freezing and hybernating, et al, is not total control. When i kill an app and i want it gone. I want it gone. Example, the google music, google books and google films. I gave stopped, killed even "uninstalled" in Purify and in Kingroot. On random reboot, the buggers are back. Fireflys solution is ceasars thumbs down. Wonderful. He understood the TOTAL control I was looking for.
Also, i loaded android terminal to run the commands.
By the way, Knox and EML are next on my list.
Thanks again firefly6420
Click to expand...
Click to collapse
OK good, then I misunderstood the question. Hibernation has its place, it's just not what you wanted, you wanted complete uninstallation basically.
Sent from my SM-P900 using Tapatalk
like it or not, OEMs, even Google cannot just give the public ready-made controls to such things because the way a lot of (non-essential but) pre-installed apps are designed they depends on other apps being present and/or running.
AppOps was a classic example cuz once ppl found it and made public how to take advantage, a lot of dependant apps and services were affected and people called in to their OEMs complaining of broken phones when it was simply tinkered permissions.
there is no mobile OS more robust than android. all have their forms of depth, appeal, features and restrictions but none embrace admin access & leaving open the ability to do it more than android (just need the carrier and sometimes OEM to leave the bootloader the hell alone lol)
if you want a smartphone with admin privileges out-of-the-box and full control of all system services etc, I would recommend an Ubuntu phone. they're about a year into commercial availability which is still kinda fringe but stable and will lack certain major perks of owning either iOS (yuck!) or Android. there is a couple Ubuntu/android dual boot phones out there too, and that comes with the issue of storage space after holding 2 OS's
in another year or 2 Ubuntu phones should be more plentiful and bring over some popular apps and active development but I don't anticipate seeing it take off quite like other mobile OS's cuz when it comes to feeding the masses, more options and less restrictions can have the same effect as asking an 80 year old to put in an address on your navigation in the car while you're on the highway. it's a learning curve simple to some that seems too simple not to understand but can be bad for business.
I think android and iOS beat this problem initially because when they started, there weren't any other well-established alternatives. BlackBerry and some fringe PDAs were about it...
Note pro 12.2
I was/am dealing with the Note Pro 12.2 specifically. Not other handsets. This device is coming up on two years and support has been waning. When I bought it all was well. Less than a few months later the damned KitKat update came and suddenly I found myself without proper access to the external sd card, that had worked perfectly when i purchased the unit. I was furious. Especially when we where being told that it was for our own good and google was pushing internal memory over external. Damn them. I bought samsung BECAUSE it had the sd slot. And when Samsung did not provide the fix to the platform.xml file I was livid. 5.01 came out and Samsung destoyed support for most external blue tooth keyboards. And so it goes, one stupid blunder after another. Their updates destroyed my workflow.
So yes, damned right I want full control of my device, because they have shown they have NO regard for our needs and DO NOT ADDRESS our concerns. Just buy our stuff and shut up. Well in this case, i was sold a product that they later incapacitated.
I can not abide with that. I tried so hard not to root, for a year and a half. I shut off automatic updates on EVERYTHING because even updates from google play would sometimes destroy a goid priducy. I started saving apks from versions of apps that worked. I stayed stock 4.4.2 because everything worked but the sd write. How many threads do we have here where people upgraded to marshmellow and then begged to get back to kitkat? Last week after reading thread after thread of problems and convoluted fixes and a gazillion rom versions each of which has its own imperfections and then reading that the new samsung tablet was released windows 10. I knew it was over.
At that moment the decision was inevitable. I rooted and IMMEDIATELY fixed the sd write issue. And i unrooted. Two days of random reboots and i roited again, this time to take the bull by the hirns and control this thing. I became increasingly frustrated with the lack of displayed technical knowledge here at xda and the tons pf advice from also clueless posters. I tried everything. Even got scolded by an admin who has been here less time than me. (Follow the rules, follow the rules...don't you dare to ask the important questions)
Not till the reply from firefly6240. Now he knows something. And he shared a little with me. Which i greatly appreciated. I have a direction now. And the tweaks I have done have increased my battery tije, the screen reojse time and overall improvement of the environment. All on 4.4.2.
I still have some minor issues, but google and android code monkeys WILL NO LONGER CONTROL MY DEVICE, MY PROPERTY.
It is time people take control of the ELECTRONIC items which we purchase with OUR hard earned money and stop letting manufacturers turn those devices into nothing more than sales portals to make more money and deny us control or the ability to JUST SAY NO.

Question I possibly have a virus. Need some feedback

I've got an A32 5G that functionally performs ok. it's had some slow loading pages recently and some YouTube videos buffering, which I attributed to the recent system updates as well as the move to 5g in my area. I still think these are the likely sources of my lower performance, but. . ... I went to grc.com and ran their Shields Up test the other day, probing all common ports. my results came back that I have a port 179 open about 95% of the time (meaning I've ran the test quite a few times since then, only a few of those times it showed stealth). appx. 10% of the time I ran the test, it showed port 1, and port 1&2 closed, but not stealthed. the other test results showed them to be stealthed.
prior to now, and when having my friends run the tests on their phones, my former and everyone else's current results were 100% stealthed.
my questions -
1. can a few of you with the same phone as me run the same tests and see what your results are. (it's at grc.com, then Shields Up, then Shields Up, then proceed, then All Service Ports)
2. short of resetting the phone, how do I find out the source or cause of this port being open? (I've done a lot so far, none of which has helped, so I won't bore anyone just yet)
3. is there a better section to post this in?
See if you can ID the app using it with a firewall.
If running on Pie or below Karma Firewall will detect apps accessing the internet.
If you can't ID and eliminate it, factory reset.
You are what you install and download, exercise caution.
This is what I get when I run that check:
the only apps on my phone are Firefox & Brave browsers, CX File Explorer, File Viewer, New Pipe, SMS Backup & Restore, and a few games from Yiotro.
never been on Facebook, nor any other social media
blackhawk said:
See if you can ID the app using it with a firewall.
If running on Pie or below Karma Firewall will detect apps accessing the internet.
If you can't ID and eliminate it, factory reset.
You are what you install and download, exercise caution.
This is what I get when I run that check:
View attachment 5648189
Click to expand...
Click to collapse
the test I was referring to was this one
and I'm on Android 12. the firewall approach is null with that?
mr_horsepower said:
the test I was referring to was this one
and I'm on Android 12. the firewall approach is null with that?
Click to expand...
Click to collapse
Lol, I scanned that exe with Virustotal and while most might trust it... I don't!
Android 12 will gut firewall apps not designed to run on it. Even 10 does this.
A big reason I still run on Pie; functionality for trusted apps.
Nuke it if there's any doubt. Change Google account password, check if its been breached.
Likely something you installed...
blackhawk said:
Lol, I scanned that exe with Virustotal and while most might trust it... I don't!
Android 12 will gut firewall apps not designed to run on it. Even 10 does this.
A big reason I still run on Pie; functionality for trusted apps.
Nuke it if there's any doubt. Change Google account password, check if its been breached.
Likely something you installed...
Click to expand...
Click to collapse
how do you keep your system from updating?
mine is set to only do it over wifi, and I never use wifi (literally never) and eventually it gives in I guess and downloads it over my data connection. I've got auto updates on the play store turned off and I've never had anything update without my choosing to, again, thru just the play store.
I'm fairly certain that Steve Gibson, the guy that runs the Security Now site and podcast is a 100% safe environment.
*I also realize my recommendations on what's safe and what's not mean nothing, especially given the thread I just started, lol.
mr_horsepower said:
how do you keep your system from updating?
mine is set to only do it over wifi, and I never use wifi (literally never) and eventually it gives in I guess and downloads it over my data connection. I've got auto updates on the play store turned off and I've never had anything update without my choosing to, again, thru just the play store.
I'm fairly certain that Steve Gibson, the guy that runs the Security Now site and podcast is a 100% safe environment.
*I also realize my recommendations on what's safe and what's not mean nothing, especially given the thread I just started, lol.
Click to expand...
Click to collapse
I use a package disabler to block OTA updates.
A nasty little app...
I think his site's probably ok, but caution is best when in doubt. My current load is over 2 yo and runs very well.
I've just spent the past 5 hours doing a full restore on my phone. I just ran the scan again and I got the same effing results. will someone please, for the love of all that is good in this world, pretty friggin please, run that scan and see if they get the same port open? please.
you don't even have to do the whole scan, which takes all of 30 seconds. just type 179 in the box and hit enter. it will open open to another page and you hit the 'probe this port' button. it's Steve Gibsons website. it's safe. he's one of the grandfathers of internet security.
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
blackhawk said:
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
Click to expand...
Click to collapse
didn't reload the games (they're zero permission games from an awesome source though). I did a reinstall of DDG browser, File Viewer, SMS Backup & Restore, and Textra. I went through all my permissions and deleted all the b.s. bloatware, fired up the browser and went and ran the test. same results. I've ran the test a bunch over the years, first time with that result ever a few days ago.
I'm going to order a new phone tomorrow. if I'm lucky, it'll be in in time for me to blow this thing up on the 4th.
*I also ran the test at a few other port scanners prior to the reset. one of 3 didn't show the port open, the others did. I haven't rechecked it at those places after the fact
*it doesn't sound like you're familiar with Steve Gibson or his work. it'd be worth poking around his website a little. also listening to or reading transcripts of his weekly podcast he's done for years. that website is as pure as the driven snow.
blackhawk said:
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
Click to expand...
Click to collapse
and to clarify, it's not an app. you go there with your browser and click on a button. it's just a web page, it's just a button. you don't even need Javascript to be on at his website.
*and while I appreciate your offering up that .apk, I'm not in the habit of sideloading apps from a barely known source. that's a small example of what makes this problem I'm having so perplexing.
mr_horsepower said:
and to clarify, it's not an app. you go there with your browser and click on a button. it's just a web page, it's just a button. you don't even need Javascript to be on at his website.
*and while I appreciate your offering up that .apk, I'm not in the habit of sideloading apps from a barely known source. that's a small example of what makes this problem I'm having so perplexing.
Click to expand...
Click to collapse
Won't run in my browser. Tried disabling a few things that might have blocked it, no go.
My current setup hasn't had any malware issues, has been fast and stable for over 2 years so I'm not playing with it further than this for no good reason.
I don't have in depth knowledge of these protocols. Been a long while since I setup a router. Meh, although I'm curious about this... but it's your rabbit hole to chase down. It's a pretty deep hole.
Karma Firewall been updated.
NetGuard is fully functional on 12, root not needed. I haven't played with this yet.
Install a firewall and see if you can spot it...
if you went there, and proceeded like this, with or without Javascript on (my default everywhere is its off unless I decide to give sites that liberty), I can't see how in the world it's not running. I appreciate your time regardless.
A link be nice...
Here's would I got on my N10+/Pie:
blackhawk said:
A link be nice...
Here's would I got on my N10+/Pie:
View attachment 5648803
Click to expand...
Click to collapse
that's the unplug and pray test. I can't provide a link to anything (try anything you would be able to create a link from at a typical site and you'll see it doesn't work there) but the main page because of the way his site is set up. here's hopefully a better picture of what you are pressing, and what to choose instead.
*check your link, which doesn't go where you think it does, and he explains why not.

Question How to find out what app(s) are trying to connect to two malicious sites?

Spoiler: Warning - don't visit these two sites:
Code:
www.vu239trk.com
int.vaicore.store
Trend Micro says both of these sites are malicious.
Full story - I recently changed router brands. Our new routers have the ability to block malicious sites that are trying to be accessed. Thankfully, this isn't happening on my rooted phone - it's happening on my wife's Pixel 7 Pro which is unlockable but is locked. The same was the case a week and a half ago with her Pixel 6 Pro. Problem is, that my wife has no idea which of her apps - I'm guessing a game, but who knows - would be accessing those. I've tried to pin them down according to what time the router blocked access, but it hasn't helped.
The router has blocked access to those sites from her phone(s) a total of seven times between October 5th and the 19th:
10/5 - vu
10/9 - vu
10/12 - vaicore
10/14 - vu
10/15 - vu
10/16 - vu
10/19 - vu
So it's not every day, and not repeatedly on the same day. I've let her know each time the router notifies me, but nothing has come to mind for her, so I don't know if it's happening in the background or when she's actively using an app.
I've tried some simple Google-fu for this question, or specifically regarding these sites without any promising help.
Does anyone have any suggestions for how to find out what apps are accessing them? I'm aware of solutions like NetGuard - no-root firewall to whitelist/blacklist internet access - however, my wife is non-technical - I don't root her phones anymore as she's not interested in the benefits and it's less work for me, and no chance for me to mess up her configuration. Also, we both suspect that it's one of her games that is trying to access those sites, and those games might already require internet access for them to work, so I'm more interested in tracking down which without a process of elimination. She's also not methodical like I am, at least for technical things.
I could probably dump a list of her apps to at least get some ideas. All her apps came from the Play Store and were just restored from there during our recent transition to the Pixel 7 Pro, so whatever it is, Google hasn't caught it yet. She doesn't use any special web browsers, just Chrome, and she doesn't do anything techie or hacky.
Also trying to avoid both a factory reset and not using Google's cloud backup. She forgets her passwords constantly so fresh setups always cause high anxiety for her, and therefore for me too.
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
EtherealRemnant said:
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
Click to expand...
Click to collapse
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
EtherealRemnant said:
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
Click to expand...
Click to collapse
Thanks for that information! In this case, she doesn't have the Audible app.
EtherealRemnant said:
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
Click to expand...
Click to collapse
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
Click to expand...
Click to collapse
Words of wisdom for maintaining a happy marriage
Lughnasadh said:
Words of wisdom for maintaining a happy marriage
Click to expand...
Click to collapse
New movie: "Honey, I disabled half of your apps!"
EtherealRemnant said:
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Click to expand...
Click to collapse
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things.
┤Mod Edit├┤Unneeded remark removed├
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Sequel: "Why I now sleep on the couch"
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Translation: "Honey half your apps were spyware, can we still be friends after the divorce?"
Lughnasadh said:
Sequel: "Why I now sleep on the couch"
Click to expand...
Click to collapse
"...and use the cat's litterbox..."
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
Thanks for that information! In this case, she doesn't have the Audible app.
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
Click to expand...
Click to collapse
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it... and teach her new tricks.
blackhawk said:
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things. No saving dumb bunnies, you are what you load/download.
Click to expand...
Click to collapse
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
blackhawk said:
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Click to expand...
Click to collapse
Absolutely. I got her to install it - later when we're both not working, I'll work with her to have it do its thing. I meant to mention in my earlier reply, to thank you for that advice.
blackhawk said:
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it...
Click to expand...
Click to collapse
I use Brave for select things, but to try to move her completely or even partly from Chrome to Brave would ultimately not be an effort well spent. I'm getting anxious just knowing how things would go.
blackhawk said:
and teach her new tricks.
Click to expand...
Click to collapse
My wife's habits are firmly planted. Mine are probably just a tiny bit less than hers, but obviously, I can't be objective.
EtherealRemnant said:
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC.
Click to expand...
Click to collapse
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
EtherealRemnant said:
I don't run more than Windows Defender these days and I continue to just use common sense on the internet.
Click to expand...
Click to collapse
Same here.
EtherealRemnant said:
Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
Click to expand...
Click to collapse
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
roirraW edor ehT said:
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
Click to expand...
Click to collapse
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
roirraW edor ehT said:
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
Click to expand...
Click to collapse
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
But my stupid self has definitely done the "let's get drunk and mess with Linux" thing... Which has absolutely resulted in some loss lol, especially back in the LILO days when the installers could easily wipe out your Windows partition when they bugged out and also sometimes when I just messed up the partitioning myself.
Fortunately, there's not much that I absolutely have to have, so even if I lost absolutely everything, the biggest headache would be recovering my bank/credit union accounts (of which I have like 23 credit cards alone right now) and online accounts like XDA and reddit. Social media I could just start over. Or not start back up at all for that matter.
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
EtherealRemnant said:
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
Click to expand...
Click to collapse
I forgot - I guess I don't count my pre-XP days as far as viruses and trojans. Definitely had some on probably almost every Apple/Amiga/Windows OS I ever ran before XP. Security? What security!?
EtherealRemnant said:
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
Click to expand...
Click to collapse
That is lucky. I'm not on the opposite spectrum of hard drive experience, but I definitely have run the wheels off of many hard drives.
EtherealRemnant said:
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
Click to expand...
Click to collapse
A few months ago I largely switched back to Firefox, but I still use Chrome for certain things, and I do use Brave for a very few things. A couple of years ago, I was liking Microsoft's Chromium-based Edge just fine, but then they changed just one little thing - which made it many more clicks than in Chrome or other browsers if you wanted to potentially change your download save location for each and every download.
There were a ton of complaints to Microsoft but they wouldn't reinstate the original way. I'd have no problem if they at least let users opt to use the way they used to, but fell on deaf ears. I switched back to Chrome after that - Edge was just too much of a pain for micro-managed downloads.
EtherealRemnant said:
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
Click to expand...
Click to collapse
I'm still running W7. It's kept off the internet always. Android is a lot easier to keep secure.
Updates sound good in theory just like the Covid vaccine did. In actual practice they cause trouble and aren't needed. It's an ongoing experiment at this point and it's simply running too good to mess with the firmware. I refuse to.
Pie is pretty secure in real time with a few modifications. I keep wifi disabled as well. At this point I'm curious to see if anything can nail it. Lol, I test it everyday. A reload isn't very painful for me and everything is redundantly backed up.
App updates have caused me a lot of time and trouble particularly with Samsung. Got a pair of Buds+ that the last firmware update degraded the sound badly, need to get Samsung to reflash to its original firmware. My new Buds+ sound great with much better range; that firmware will never be upgraded. Upgrades and updates tend to break Samsung's... best to leave it be if it's fast, stable and fulfilling its mission. That strategy may sound counterproductive but it works well for me in real time.
That's all that counts.
Pcap droid app from the Google app store or download the apk from f-droid: it's a superb app.Here are some sample screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
xxTECRAxx said:
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
Click to expand...
Click to collapse
Thanks, but I was trying to indicate that root isn't an option I'm interested in for her phone. That is, she's not interested, and it would be especially disruptive to her now that we've had our factory unlocked Pixel 7 Pros for over six months, plus it's just less work for me to not bother rooting her phone and keeping it up to date manually.
In addition, with her phone not rooted, and the bootloader still locked, I feel better about her running whatever random games she plays.
I haven't had any notifications about that site being blocked in a while. The most recent email I found about it was from December, although I don't know if I might've deleted emails that came after that, but I think I purposefully kept only the most recent example.
I'll keep your information in mind if I ever experience anything like that coming from my devices (I always root them).

Categories

Resources