I'm concerned that my ex has installed spyware on my htc incredible. Its scrolling screens and lighting up when not in use. I think she may be getting copies of texts, emails etc... any help is appreciated. greg
Hard reset if you cant find the program in the add/remove program menu
thx. trying to avoid that. My concern is that when I reload my email accounts, the program could be reloaded the same way purchased apps are reloaded. I dont know enough about the different ways these programs can be loaded to know I'll be safe after the tedious job of resetting up - loading apps - rooting this phone - etc. .....for as widespread as this problem is getting, I'd think one of you geniouses in the field would be able to seek out these threats. (not a malicious comment, some of the things I've found here are friggin genious)
gginsberg said:
I'm concerned that my ex has installed spyware on my htc incredible. Its scrolling screens and lighting up when not in use. I think she may be getting copies of texts, emails etc... any help is appreciated. greg
Click to expand...
Click to collapse
Install Lookout Security!
Sent from my HERO200 using XDA App
Or don't give your ex your phone, and she wont be able to install anything on it...
I like avg. It found some things lookout didn't. You can get it through the market.
Sent from my SCH-I500 using XDA App
Some people... No one I know would install crap like that on my phone.
If you are tyring to find something to confirm that she has installed, run both Lookout and AVG checks. Those are your only options at this point. I would absolutely hard reset my phone if I had that concern. Last, make sure you lock your phone with a pin number or password pattern. Make sure you uncheck visible pattern so no one will be able to guess your pattern.
lol I assumed the OP was a woman and the "ex" was a man, simply because I wouldn't think a woman would think to install some sort of sniffer application on her bf's phone lol
jconway said:
If you are tyring to find something to confirm that she has installed, run both Lookout and AVG checks. Those are your only options at this point. I would absolutely hard reset my phone if I had that concern. Last, make sure you lock your phone with a pin number or password pattern. Make sure you uncheck visible pattern so no one will be able to guess your pattern.
Click to expand...
Click to collapse
and wipe off your screen often
thx all, I have been trying to factory reset. Goes to black screen. Do I need to unroot it? Also, whoever said "dont know anyone that would do that" , ya never really know em till ya leave em..... Thx for your help.
You can download our F-Secure Mobile Security for free. It does a pretty decent job of finding Android trojans. See http://f-secure.mobi
--
Mikko Hypponen
Chief Research Officer
F-Secure Labs
@mikkohypponen on Twitter
Related
I am new to Android. Just got my Vibrant. I want to protect this phone so that in case it is lost or stolen I can recover it. Could you tell me what are some of the best apps for this?
Here is a list of names I know about for now:
Where's My Droid - This is currently installed, but required me to send a text to my phone to activate the GPS and even then it won't keep the GPS active long enough to get a precise location. Furthermore, it can alert the would be robber.
Glympse - well, this is not for stolen phones
Wavesecure - couldn't find any good threads on this. Seems to have an annual subscription fee of $19. I don't want that. Just want a standalone tracker.
Remote security - Not clear that this is a good app.
TheftAlarm - Again, developed in foreign language and I don't know how good it is
MobileDefense - Maybe this is the best app, but it is still in beta and no more users are accepted. I already filled out a request.
Find My Android - Was suggested in this thread, but it doesn't seem to be different from Where's My Droid, except the notification when SIM is replaced.
Lookout Mobile Security - Doesn't seem bad, but it doesn't lock your phone remotely. Can easily uninstall the program. I also found out that I better use a different email address than the one my phone gets otherwise the phone gets an email with "location" of the phone when you look it up online. This is better than Where's My Droid since you can do it more discreetly online, without sending texts (but have to make sure the email you use is not managed by the phone).
Am I missing something? I really want to protect this phone and it is frustrating that among so many apps, we seem to be missing good anti-theft solutions. Preferably I want something that can lock the phone remotely and allow me to do things without interruptions from the thief or at least discreetly. What would you recommend?
Also, I have a rooted (stock) Vibrant.
Thanks.
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
khaytsus said:
Where's My Droid isn't exactly very subtle about sending out replies, the author basically said there's nothing he can do.
Most of the other options include AntiVirus and other nonsense, and are expensive or questionable.
Tasker can automatically upload GPS, respond to an email or SMS to do so.. If you send it the right command it could take pictures periodically, make an outgoing call, whatever... It's extremely flexible in what it can do.
Click to expand...
Click to collapse
WOW! Ok, but the question is - 1.can it lock the phone remotely? 2.What happens if the thief uninstalls Tracker or changes the SIM (can you password protect it)? Finally, 3.can it take picture AND email them remotely? Otherwise, I don't see much use to this feature if the phone is gone.
Lookout seems rather good, but I have not tested it personally. I'd add a link, but I'm a new user. Should be easy to find with a Google/Market search, though.
Well that (un installing tasker)may be the case with any tech anti theft, if the thief is smart and careful they will wipe/reset/format whatever they took, rendering a soft lo jack useless
I would just get tasker and lookup findmyandroid on lifehacker, its the best current option
Captiv
Yeah, I found out about LookOut on Android forums. I have installed it. It doesn't allow you to lock the phone remotely and can easily be uninstalled.
As for Find My Android, I don't see how is it different from Where's My Droid., maybe except the part where you're notified if the SIM card is replaced.
I updated the original post.
Find my android isn't the name of the app, its what the lifehacker post is tagged as (#findmyandroid)
The program is tasker, and its more customizable and it can turn on gps
Captiv
Sure, Lookout can be uninstalled, as can any other app. But really, you should have some sort of password on your device. With pattern unlock, there's really no reason not to do so.
According to one of the devs on their forums, remote locking as well as "other features" will be coming to Lookout "very soon".
https://lookout.zendesk.com/entries/24881-remote-lock
In the meanwhile, I use WaveSecure for locking my phone and Lookout for tracking, as its mechanism seems much better.
If you want to prevent Lookout from being uninstalled, just move the apk to /system/app (assuming your phone is rooted).
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
GPS Tracker by Instamapper is the one I use most. With a text message, it will return its location via Google maps. It will continually do so for as long as you have it set up for. Every 10 Seconds, Every 2 minutes, Every half hour, etc. I used it to track my stolen phone with the laptop in the car. This app saved me from buying a new phone.
stickerbob said:
I have had Wave Secure since the Beta (it is free to beta testers) and love it. I can understand not wanting to pay, but it really is a great app. They have a zip file that you can flash in recovery if you are rooted. That will prevent the app from being erased if the phone is factory reset. I have also been using an app lately called "Tasker". It can track your phone, although I have not used it for this. Here is a link to the Wiki.
http://tasker.wikidot.com/locatephone
Click to expand...
Click to collapse
Same here. Glad I got it while it was still a beta!
Recently I received a notice from Google saying that my account was accessed from Russia. I also recently installed a custom Android ROM onto my T-Mobile HTC HD2. I was thinking, pretty much anyone can take the Android OS, make a custom version, and release it for download, right?
If so, is it possible that the person who created the custom Android ROM also modified it so they could steal my personal information? I really do like the ROM I am currently using and would not like to switch if I don't have to, but this whole Google thing has me paranoid now.
I have had my facebook lock down a few times from that kind of thing. But never out of the country. Did you check if mock locations is enabled? Settings - Applications -Development. Not sure id that could be the issue, but it is possible it was your phone reporting as another location.
Sent by Supersonic!
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me. I tried changing that Mock Locations setting, but it was already disabled. Just to be sure I haven't entered any of my new passwords into my phone yet since this last incident and I'm going to see if I still have problems.
johnny1178 said:
Now Google has sent me a second notice, AFTER changing my password, so this is really starting to bother me.
Click to expand...
Click to collapse
That's not good. Stay away from those warez & p0rn sites that end in ".ru"
Sent from my ADR6400L using XDA App
Watch out.
Are you sure google is sending these messages?
And does the mail contain a link for you to click on sayiong to change your password?
Alot of times the mail themselves are the scams. And are in most cases sent using the google account but from another server.
Could you copy paste the headers...leaving out your personal mail. In Outlook you can view this by opening the mail File->Info -> properties.
You should see internetheaders there.
Copy paste them. Dunno how to find them in Gmail havn't checked yet gonna see later how to view them in Gmail
Anything is possible, someone making a ROM could put whatever they wanted in there.
It's probably not the most likely way your account would end up compromised though, it could be anything from random hacking to malware on your PC.
Well, that's a good question. It's something that I wonder myself and that sometimes concerns me.
I have ESET antivirus installed and regularly do quick scans on my PC, but I suppose that wouldn't catch everything.
As far as the Google notice, it is not an email message. The notice appears in a red box with bold text at the top of my inbox when I sign into gmail, and I also checked the URL to make sure I was actually on Google.com.
I remember when I looking for ROMS to download, this particular build (can't remember the name) had the most thread views out of all of them at the time, so hopefully someone else would have noticed this issue by now if it was part of the build...
Anyways, thanks for your help. I'll try running an in-depth ESET scan to see if anything comes up.
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
I always thought about that. Just me being cynical I suppose. Some of these deevs just do it for the love
I never thought of that before, maybe I should be more careful in the future..
Thank you gr8 idea...
lude219 said:
I took it a step further and don't use any google account on my custom ROM at all. the less I rely on apps and cache data the better.
Click to expand...
Click to collapse
What are you doing where you'd really need to worry about that? Just seems like using an android phone without a google account would be a pain.
Hi all ,
I really hope I'm not duplicating here, but I've had a look and it seems like no-one has had this exact problem. Please accept my apologies if there is someone with an absolutely identical problem and I've just not seen it. I have looked on various different forums however, and to no avail.
Background - I got my shiny new HTC Sensation at the end of Oct. Fell in love with it, and Android, quite quickly, as it gave me the customising ability that I could never get from my iPhone.
Issue - Every 6 days since I got it (a pattern I've only just noticed) the lock screen freezes. The ring and shortcuts are there, but no background - just black. No touch input works, but if I call it, it rings and the status bar responds, I just can't get into it. The only way to get to it, is to take the battery out and do a factory reset. This is obviously incredibly annoying as, even tho I have a good backup system, I still need to do all my widgets and shortcuts and blah blah blah. The reason I've only just worked out that it seems to be a 6-daily cycle, is that my provider have already replaced the handset once, and it still does it even on the new one. The latest episode was on Friday night just gone.
Current situation - On the advice of my provider, I am now using my phone without the SD card in it, and without any apps apart from the the stock ones. Then, if it's still running after a week, they told me to put the SD back in, and then get my apps back on in batches of 2 or 3. This is going to be a very lengthy process, and will therefore be a massive inconvenience.
Question - Does anyone have any idea what might be causing this? I'm a total droid noob, but I've read lots of stuff and spoken to a few people and I've come up with the conclusion that it might be an auto task killer that is messing with a process, or it could be something that tries to update every 6 days, but causes a massive conflict somewhere in doing so. I'm really just guessing there, which is why I have come to what seems to be the best source of info on smartphones, to see if any of you guys and gals might have any ideas on this issue.
Thanks so much in advance for any help anyone may be able to throw in my direction.
Mike
a reset wont work? are you ROOTED? or Stock? if anwsered these im sorry its like 48 hour day for me right now and reading and even typing is putting me to sleep,
but back to your problem it could be something updating and causing the issue, if it happens every 6 days, on the 5th day go into phone and turn off background data, this will stop anything that wants to update in background, and see if that stop the problem, then you know it is something that is running that causing the issue
or possible as stated a auto task killer,
what apps do you usually have normally, a list of what you install on your phone can do eliminate of process
Hi ilostchild,
Thanks so much for your response.
In answer to your questions:
Not rooted. I really want to, but because of this issue, have not done so yet. So it's got HTC Sense 3.0, and lots of apps that I have never used and will never use from my provider, Orange.
Here's a list of downloaded apps:
Apps:
Dropbox
Tappin
Evernote
Es File Explorer, Task Manager & Security Manager
AVG antivirus (free)
Viber
Bump
IMDb
Ultimate Guitar tabs (Purchased)
Backup Everything
Dolphin Browser
Tune in Radio (Purchased)
Perfect Keyboard (Purchased)
PowerAMP full (Purchased)
Soundcloud
Zedge (I have "auto change wallpaper" option on)
ebay + paypal
MX Video player
Kindle
Skitch
uTorrent Remote
App2SD
Applist Backup
Various google apps (goggles, night sky, g+ etc)
Games:
Contract Killer
Drag Racing
Non market games:
Gameloft - Asphalt 6 Adrenaline; N.O.V.A. 2; Eternal Legacy
I think that's everything.
So, at the moment I am using my phone without the SD card, on the advice of my provider, to see if it is the SD card that is causing the issue. Could it be the SD card that is causing the problem? It doesn't make much sense to me as I can't see how a corrupt or problematic card would be causing such a time-related issue. However, as I said in my first post, I am an Android noob, so I'm not basing that assumption on anything apart from what I know about PCs.
One thought I did have, was that it may be my Zedge app. I had it installed on both the original handset and the recent replacement one. Plus, I had it set to an hourly wallpaper auto-change, and when the phone freezes, there is no wallpaper visible on the lock screen. Again, that is purely guesswork.
I hope that info is useful for you. And thanks again for taking the time to answer my post.
If you need any other info I will be more than happy to provide it.
It could possibly be that app zedge, ans no can't be sdcard if it was it would fail on the spot , also could be avg virus scanner , I suggest clearing phone and just installing zedge and see by sixth day, if it doesn't try avg, I only can see those 2 causing the problem
Thanks again for your help.
I'll try your suggestions. It's good to know it's not the SD card. I can start taking pictures again!
I wouldn't say it was avg I got it on my senny and its ok try the other app 1st how often does it change ur wallpaper and how many are there
Sent from my HTC Sensation Z710e with beats mod using XDA App
boroboy69r said:
I wouldn't say it was avg I got it on my senny and its ok try the other app 1st how often does it change ur wallpaper and how many are there
Sent from my HTC Sensation Z710e with beats mod using XDA App
Click to expand...
Click to collapse
Evenin' squire,
Thanks for your input.
I have it set to one hour intervals (I bore easily!) and there are probably about 20 wallpapers that it cycles through. I'll give a go for a while without that app - although I've had a look for any known issues with it and I can't find any that are similar to my issue. I guess it could be a conflict with something else and I'm just unlucky enough to have the exact config of apps that creates that particular problem!
Thanks again mate.
Im not a dev, but i thought of this, what you could do is when it freezes up you can plug it in computer and get a logcat, maybe someone who can read it will know what happen
ilostchild said:
Im not a dev, but i thought of this, what you could do is when it freezes up you can plug it in computer and get a logcat, maybe someone who can read it will know what happen
Click to expand...
Click to collapse
That sounds like a really good plan, only problem is, I have no idea how to do it.
What do i do after plugging it in? Do i need any software on my PC?
Sent from my HTC Sensation Z710e using xda premium
adb/fastboot/sdk installed, and when it happens just plug phone to computer,
go to adb directory(unless you have it set in windows enviroment)
and do adb logcat and it will output bunch of stuff and copy and paste it here
Thanks man.
Well, I'm on day 8 now with no issues (really hopeni haven't jinxed it now!).
I haven't re-installed Zedge or the avg antivirus and I've kept auto-sync off.
I will come back if it happens again, but in the meantime, thanks so much for your help with this. It's so good to know that there are actually people out there who don't mind helping out a fellow human.
Sent from my HTC Sensation Z710e using xda premium
Np, man glad to see it working, i suggest try it with auto-sync now without the app
see what happens, but glad its working good for you
Hi ppl in the xda hood
I just write to let you know that ChompSMS has now been flagged as malware, both on 2 phone here locally with Avast as scanner, and subsequently by upload to Virustotal, and flagged by some of the major names too.
This concerns both the 5.30 and the update from tonight to v5.31
As Im new, I cannot post urls, but you can dump the apk from both versions, upload for a scan, and have a look at the report yourself from virustotal dot com
XDA must decide if its worth it alarming the community, but better safe than sorry, right?
I guess it could be a false positive, and I do know things should not be rushed about accusations of malware developing, but seeing that several of the major scanners is flagging it both before and after the update, certainly raises my concerns.
I hope those of you who knows your way around decompiling and analyzing code will look into this, so that we can get more eyes on it than "just" the AV companies reports.
Sincerely, Omnius
After a bit of micro-investigating I have so far found these domains in the code, so if you do HAVE to use ChompSMS, (I do) you can ad them to your HOST file, just for the sake of it.
I dont know when or why they will be used but as they are in the code, there is a potential connection lurking in it. Decide for yourself, untill further ppl have a close look than mine.
Im not a dev of any sort, but I do know how to poke around to learn. Therfore please do not just take my words for granted until more competent ppl here have their say.
I do know that a few of these is for "normal" android app ads, and analytics and so on, but these are my finding so far, so filter our what you like it to connect to yourself. If you dont mind ads connections in-app, serve your wish, so to speak.
millennialmedia.com
gateway.textfreek.com
report.bitesms.com
nexage.com
inapp.chompsms.com
adserver.com
greystripe.com
smsgateway.chompsms.com
m.advc.us
cvt.mydas.mobi
rest.starttalking.com
mobileads.google.com
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
All of them appear to be valid to the program. Half are ad for ads, the other half are for functionality in ChompSMS.
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
zelendel said:
I would be careful on using go SMS as well.
Antivirus apps will pick up any app that by passes any normal OS use. This always has been and always will be the case.
Anything with ads will always be flagged as it connects to an unknown server.
Click to expand...
Click to collapse
chomp was never flagged before the 5.30 update a few days ago...
really bothers me, i love chomp. i donated to remove the ads. i'm hoping they fixed it with 5.31 and the virus scanners are just still reporting it as a false positive. until it's sorted out though, i uninstalled...
Update : avg doesn't detect anything wrong with the newest version, 5.31.
Lemme tell you...
I noticed the new permissions requested in 5.30 (special access to browser history/bookmarks), and kinda shrugged it off. Dumb move on my part. Immediately upon launching 5.30, I get a notification from ADWLauncher that it cannot fit a new shortcut on my desktop (because the main page was full). So I'm naturally all like WTF... so I flip through my desktop pages to notice that ChompSMS had made itself a shortcut to searchmobileonline.com.
I also heard that it replaces your default browser home page and search method with the same. I use xScope exclusively, so I haven't been able to check that yet.
Delicious, Inc. has really crossed the line with this latest stunt. What were they thinking!? ChompSMS was the best Android messaging app IMHO. Why jeopardize such a great reputation? If it's money they were after, I'd imagine they could've raked in a nice bundle of cash for selling the product to another company.
Does anyone have a copy of this apk that I could take a look at?
kyokeun1234 said:
I used to love chompsms... now i guess I'm using GoSMS...
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
GoSMS is a security risk
Sent from Narnia
xHausx said:
Does anyone have a copy of this apk that I could take a look at?
Click to expand...
Click to collapse
I know this is a old thread but better than starting a new one.
I would like to ask if there is any news on this. I love chomp SMS, imo the best messanger for my taste. I have bought the pro version, to stay away from ads and unnecessary internet data. I have chomp on a brand new phone, no sim card, no messages, just activated chomp and my firewall instantly found chomp active on internet. I watched this for some time and really chomp was trying to do something even I did nothing with it.
important note: there is no data mining in any of their terms. Or at least I did not find anything.
So I contacted chomp about the behavior and they said that "they never seen this before" and suggested reinstall. I did, didn't help.
On the second try, they told me that it is connecting because of ads, but I had the pro version (and they knew it). So no luck.
After the third attempt, they said that chomp is sending once a day info that it is installed so they know how many installs they have.
This sucks a lot. Security concerns appears instantly.
I think it would be worthy to literally sniff a bit around this, since so many people is using chomp.
I have a general question for all droid phones.
To make a long story short I have a crazy ex-wife that constantly hacks into my phone. When I get a new phone she tells me the model.
She reads thru my text messages and at times has even sent texts to my contacts.
At times when I open my phone she displays her facebook picture on the phone.
Does anyone know how to stop this???
I heard that droid phones are easy to hack by using something with the email system. If this is true is there any way to stop this?
This constant hacking is driving me crazy. My service provoder will not help no matter who I talk to.
Any advice would be greatly appreciated.
Jerry
Yeah get a restraining order... The perfect way to deal with a crazy X. Been there.
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
raydowe said:
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
Click to expand...
Click to collapse
Minus, or so I am guessing, she isn't any where near him when she does it...
In other words, the phone could be in his pocket, and she would still be able to hack it...
I've never heard of anything like this being done without physical access or even knowing what model phone the person has, have you? I guess if someone had access to your google account they could remotely install apps through the marketplace.
It looks like she has access to your google account sync to your droid and installed any "spy" app. Try changing your account's password, do a factory reset and don't allow any backup.
raydowe said:
they could remotely install apps through the marketplace.
Click to expand...
Click to collapse
If she has his email and password, I can see it possible. But either way if the phone company wont do anything. Then the easiest way is to serve her with a restraining order. My ex was this way and I had to freaking move states in order to get the hell away from her.
Even so she still followed and harassed me in the state I am in. Not in person. Electronically. I just ignored her, and the problems went away eventually.... His ex sound pretty persistent. That gets annoying QUICK! like you start having evil thoughts annoying.
Therefore I say get a restraining order. You may even be able to get a fee wavier if you qualify for it.
Change your google passwords, phone co. account password (if you pay online) lock you phone and any other accounts associated with your phone. Do get a restraining order!
Sent from my Radar 4G using XDA Windows Phone 7 App
Wow I feel sorry for you man it sounds crazy... Hope you can life through it and fix everything.
raydowe said:
You should lock your phone. iPhone, Android, Blackberry, and WP7 all allow you to use a 4 digit code or something else (pattern, password) to lock your phone. Don't tell her what it is, and she won't be able to unlock your phone. I would be surprised if she has the ability to "hack" past that.
Click to expand...
Click to collapse
You're missing the point, this crazy woman is his ex wife so there's no way she's putting her hands on his phone but she hacks him anyway from remote !
Your wife is really crazy to do such things! Get a restraining order. Change every account associated with the device. Create new ones. Hope things would definitely change!
extrem0 said:
It looks like she has access to your google account sync to your droid and installed any "spy" app. Try changing your account's password, do a factory reset and don't allow any backup.
Click to expand...
Click to collapse
sorry but why do not allow any backup? what's the problem with the backup? I was hacked in a similar way and the only thing I did was clicking on a fake video I was tagged on Facebook, which installed a remote access tool. And similarly to the author of this thread, the hacker can now read my whatsapp, facebook, instagram and gallery pictures no matter how many password I change or 2FA. I would like so much to get rid of it.