Hi,
Sometimes an app (.apk) is either simply not available through Google's store, or it might say "not compatible with your device", etc. There can be various reasons why a person might download a .apk from somewhere other than a "trusted" source.
If this was a file for my PC I could test it in a "sandbox", and I could scan it with both Microsoft Security Essentials and Malware Bytes Antimalware.
On my Android phone(s) I'm not aware of something like the "sandbox" option, and I don't really want to run an "antivirus" program on my phone. Is there an easy way to scan .apk files on the PC to see if they are rogue apps, might send SMS, "phone home", or otherwise mess with other applications or the system software installed on my phone?
Lets give another example: say I thought 15 minutes was not long enough to evaluate a relatively expensive Android game (it certainly isn't!) and I want to test it out first. Let's assume my only option in that case might be an illegally downloaded copy from unknown sources. Of course, we shouldn't do that. But if we did, how could we know if the file is safe and not risk installing some Chinese spyware?
About Android AV programs: anybody know how effective they are? Do some defend against "trojans" - I would think these days trojans are 99% of problems and viruses mostly a relic of the past?
My biggest concern is actually just unwanted crap that runs in the background which eats up battery, makes my phone warm (which I hate), or, perhaps even sends SMS message [this would be even worse because I don't have a text message plan].
EDIT: I see web pages with tiles like "new study finds Android antivirus apps not effective" and articles like this one: http://www.zdnet.com/blog/hardware/...bouncer-does-it-offer-enough-protection/17981
Do we have an easy way to boot Galaxy S3 off of "external" SDCARD instead of internal memory?
Search play store for avast antivirus, completely free, updates daily and works really well (firewall. Anti theft. And many more Features
sony xperia ray ics 4.0.4
stock rom unrooted
I found this website, maybe it can help someone.
h t t p://scan.netqin.com/en/
Maybe someone can post another one...
an easy way to check for safe apk
The easiest way to check for safe apk is to have one gmail account and another "whatever" email account. Then just send the apk from the gmail one to the second account, gmail always find viruses in any apk and stop the process to join the file (virus alert). Bad point is you are limited with the size of the file you wanna send.
Nowadays, even pc antiviruses can detect viruses in apks. I would rather not burden my phone with any android antivirus,since they are literally battery hogs.
sent using my HTC One S
Go here and upload the APK
http://anubis.iseclab.org/
Anubis is a service for analyzing malware.
Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions.
Found a good one too
apkscan.nviso.be - give it a try. Drag and drop - wait for the upload - than click SCAN . Wait for a few minutes. That`s all. Unlike ANUBIS it has a resolution at the end of the analysis . Usually helpful.
You can also email the file to [email protected] and it will email the report back in about ten minutes. Virustotal can display some interesting info, for example it said that Lucky Patcher is a "Potentially Infected Hosts File (v)", as reported by VIPRE and AVware.
Virustotal also has an official android app.
The Netqin scanner is also an android mobile app.
Late answer, sure, but I think ClamAV is what you want. You also want its bytecode signature file, and to speed things up, you only want that single file (speeds up things quite a bit).
It is the only offline apk scanner i know of, and as for its efficiency i cannot say, but it seems like it is what you are asking for.
An alternative would be to install something like BlueStacks and remap your "Windows shared folder" (through registry) to the folder you have your apk files in, and then run BitDefender on it. BD is by far the most pernickety AV app out there for Android.
I'll have to check out bitdefender (it's also included on virustotal.com)
apkscan.nviso.be seems to be pretty good at analyzing files for suspicious activity, and it also uploads the file to virustotal for you. Then you can copy the sha256 hash into the virustotal's search, to get all the gory details.
anubis.iseclab.org limits files to 8 megabytes.
Another way to avoid malware is:
when installing an update to an already-installed version of an application, it will 99% of the time prompt you to update an existing app. There's been rare instances where some apps do use a new digital signature (for example when spotify had a big security hole, and for awhile there were two apps by spotify in the app store).
One other way to tell, as a final check when launching the apk for installation on the phone: the icon will not have the right icon. I've installed apps before that I thought came from a trusted source, but the icon was not right. In fact, I was considering not posting this publically, so the "bad dudes" would not update their methods.
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
nintendo1889 said:
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
Click to expand...
Click to collapse
I just tried out this site. To me, it appears to be the most thorough virus testing site that I have seen. It takes some time for it to complete the scans. mainly because it scans the file with about 7 or 8 different scanning engines. Just just have to keep refreshing the page every few minutes to see if the results have updated.
I will be using this one as my go to site for apk scanning.
Just install it on the default emulator in the Android SDK
You can also install your apps on other emulator live bluestacks(best for games), jar of beans(best for rooted app) and windroy(the lightest)
Hit thanks if this helps
nintendo1889 said:
I'll have to check out bitdefender ...
Click to expand...
Click to collapse
Your signature photo ... awesome ... Bad Dudes
By using GDATA security , When you want to install an app the GDATA will scan it befor installing
Sent from my LG-D855 using Tapatalk
Use google scanning service VirusTotal to scan any app, secondly always use secure source. There are many well reputed apk sites but I personally use apklink.com , on this site required apk file is just a click away and its quite easy as well...
be safe & secure
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
denise1952 said:
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
Click to expand...
Click to collapse
Malwarebytes can detect malware.
Sent from my LGL84VL using Tapatalk
I tried this site and I like it because it goes into a lot of detail after analyzing and sends me a report in email. It was mentioned, and it is still available to use: https://apkscan.nviso.be/
Thank you for the heads up on MB, I use that on my PC and works great
You can use virustotal.
Related
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
This is on a generic a23 q8h tablet, I was also getting popups in the form of fake facebook alerts about some stupid drone company.I deleted 2 apps/plugins/whatever they were and the popups went away but my homepage changes between smartdrone.com, vandroidnews.com and kszz.com.I want to put a boot up someones ass for installing this garbage on these tablets and selling them.
What browser do you use ?
Check the browser settings it may have option to set the desired homepage.
Stock browser, there was also baidu browser installed but i uninstalled with titanium backup.I changed the setting but it gets replaced with one of those three pages.
Tried clearing data of the browser?
I just got a Q88 A33 "generic" tablet and I too get the "default" page and the "home page" in the browser changed to "smartdrone.com". This was/is the behavior on delivery so it is probably part of their installed firmware.
If you have made any progress on how to fix this then please let me know, I will be reading up on Android and how to take a look at the files in the ROM and see if I can find a solution but I am not very familiar with Android so some pointers would be great. For example, would this be the result of some .apk that can simply be removed or is it some shell script or file somewhere in the actual ROM files?
It's because theres a factory installed trojan, yes its baked right into the factory firmware and if you remove it with say an anti-virus program the word DEMO in big red letters will be superimposed on the screen making the tablet useless.I've seen manufacturers offering an apk to 'fix' it but that just re-installs the trojan.Here is a fix that I got from another website and uploaded to my Box account.
Instructions from another forum:
A backup will be made before actual modification are made. To restore the backup, rename SystemUI-backup.apk to SystemUI-A20/A23.apk and restart the corresponding function.
HowTo use:
1. Scan for Device: searches and verifies a connected android device.
2. Scan for Trojan: checks if the trojan responsible for the demo lock is active.
3. If 2. is positive, check the Build.prop to see if you have a A20 or A23 model.
4. A20 FIX or A23 FIX, depending on the results from 3., you choose one of these.
5. The script will reboot the device to recovery mode, manually perform a factory reset.
Definition for Cloudservice / DEMO Trojan:
For clarification let me state that Android by "default" or "origin" is not susceptible to virus' and being built on Linux platform it is "open source" so that is where you get some LAME people and large corporations making these virus' encoded into the devices original configuration [ROM] and NOT NATIVE TO ANDROID.
Perfect example for how we the users can infect our own devices would be the small flashlight apps we all use daily and available for free on Google Play Store... these can factually be classified as "Intrusive Adware" that we install for quick access to our devices camera flash for use as a flashlight and yet we tolerate the pop-ups generated by the app.
Again not NATIVE to Android... this is something we the USERS have put on our devices. Harmless but annoying and same principle.
What is the Cloudservice / DEMO Trojan?
My definition based on learned knowledge as no "official" definition is or most likely will ever be available.
Firstly, in some devices it seems to be in a "sleep" mode until one day it simply "shows up" according to some reports. Our new Tool at TechKnow seeks and destroys the hidden files and configs totally eliminating all traces of the Trojan.
[SPECULATION: it could possibly be incorporated into some downloadable apps in the future. The same basic principle as adware is incorporated into the flashlight apps would suffice. However, it being included in downloadable apps is NOT confirmed and if/when it is the confirmed apps will immediately be reported to their distributor whether Google Play or Amazon App Store etc... by your friends at TechKnow]
It is a truly deceptive application that is hardcoded into the must have system dependent "framework-res.apk" on some of the newer Android devices ROM from the factory. The Trojan can track your app content such as Browser and can lock your device into a "demo" mode which will display large red DEMO text in caps across all your screens. The app is also linked to Baidu.
Baidu, Inc., incorporated on January 18, 2000, a Chinese web services company headquartered in the Baidu Campus in Haidian District in Beijing.
ok.... so you are being tracked and monitored by the Chinese?
but that's not all...
The secondary part to the Virus/Trojan is more of a pain in the :wub: imho than tracking and reporting my web history to an unknown Chinese web service company [for who knows what they seek to learn or truly have access to with this Trojan on your device]...
Click to expand...
Click to collapse
Allwinner Demo Fix: https://app.box.com/s/wpbl5nfrxtjdbgvgrwp2tbgvzlt31oqk
I can't remove Trojan virus from my tablet azpen. A739 ?
Sent from my A739 using XDA Free mobile app
Allwinner Demo Fix
This is how I removed the trojan without getting the red "Demo" letters on the screen http://forum.xda-developers.com/android/help/chinese-tablet-demo-mode-t2853062#post64002423
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
The Answer Has been moved to a thread dedicated to security question and other advices to modify safely our Android Devices
Here is the post
Raiz said:
It absolutely doesn't, please don't download them, those are mostly commercial sh*t apps full of ads that plays with the fears of users.
Android Security advice :
• Just don't install apps that you don't trust (apk files and weird looking Google play apps)
• Never share your passwords with somebody not trusted, use a different one for each of you accounts.
Find more here :
https://forum.xda-developers.com/general/security
General security and privacy:
• a VPN isn't a magic app that allows you to go completely invisible, even I can find who you are simply by using your latest Instagram post, the government doesn't have money to spend spying on you anyway
• Public WiFi internet browsing is like taking a bath naked around other people, everybody can see what you're doing and can interact with your browsing by sending you pop up messages on your browser. In that case the VPN is useful. But please don't use anything other than your WiFi network to pay online.
• Change password at least once a year
• For God sake be careful on what you share on social medias !
• If someone blackmails you, just ignore him even if he show you he has your real password/footage of you doing nasty things, most of the time they haven't and tries to scare you. But take action on your account, just don't answer them.
• Not having any of your IRL infos online is a good idea, but it tends to be more and more difficult because of Google assistant, and other Google services that are super intrusive (I mean even with your YouTube Google know your tastes better than your buds). But don't panic, if you're not a terrorist or a criminal you're not risking your life.
Keep in mind that your security is fine most of the time if you have solid password, and you don't give them away, but your privacy is not if you have a social media account of any type. If you post something on the internet, remember it'll stay forever out there, whatever you do !
App that I use to keep my Android phone in good health (install them sometimes to clean up/check on my phone's state then I uninstall them):
Google File Go (cleans files)
AccuBattery (check the battery health)
CPU-Z(has everything you want to know about your device)
When I need to backup an app's data or the entire app:
Titanium Backup
Here you go, I gave you very few the security advises, there are plenty more, don't hesitate to check the internet out for more !
Have a nice day
Click to expand...
Click to collapse
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Sent from my OnePlus7Pro using XDA Labs
spart0n said:
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Click to expand...
Click to collapse
I'll update my first post continuously with every recommendation that'll follow on this thread to create the sort of "Index of Android Security". I created a new thread for security questions
Didn't knew about swift backup, what a great app!
patricia123 said:
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
Click to expand...
Click to collapse
Viruses don't really exist in android. You can be targeted with malicious code but that is only if you open, tap on or accept something without knowing what it is.
For instance, someone could send you a link or a photo that has malicious code embedded in it, when you open it or accept it, then the malicious code has access to your device and your data.
As long as you know that you are dealing with a trusted source, you should be fine. But, if you are the kind of user that goes all over the internet opening things without knowing what it is, you will quickly find yourself targeted by malicious code.
Become a responsible, informed user that is aware of the dangers and what kinds of things can be a problem and you should be fine.
Sent from my SM-S767VL using Tapatalk
I recently found a really interesting and useful website called hybrid analysis that is a sandbox scanner for files and programs of all kinds. And recently I've taken it up on myself to upload a few random small game apks that I don't have any permissions given and that I have gotten from the playstore. And all of them come back with disturbing results that they have access to files, contacts, emails and to send and receive them, to record audio from multiple inputs, and track my internet usage. How is this possible? Is there anyway I could get this kind of software scanner on android to check all my apps? Also the website is limited to apps that smaller than 100mbs so even if I wanted to just upload every APK I have on my device that wouldn't be possible. I also checked these apks on virustotal and they didn't find anything wrong with them, like really no red flags at all on them on virustotal. Or at the end of this am I just being too paranoid?
don't think it's necessary to additionally run apps downloaded / installed from Google Play Store through a malware scanner: Google does that by themselves.
spart0n said:
access to files, contacts, emails and to send and receive them, to record audio from multiple inputs, and track my internet usage. How is this possible?
Click to expand...
Click to collapse
Two words: Android, Google
Can you name a few apps with "disturbing results"?
Not sure but I get the impression that
https://www.hybrid-analysis.com/
is just another FUD to sell their "services" and it's growing nicely... but don't get me wrong such scanners are not useless per se. And the more, the merrier
https://f-droid.org/packages/org.adaway/
results in 35/100 threat score and is labeled as gray. Looking forward to feed their machine with some real bad apples...
Looking up the company leads to a German GmbH (aka Ltd) and further to CrowdStrike in the US.
https://en.wikipedia.org/wiki/CrowdStrike
xXx yYy said:
malware scanner: Google does that by itself
Click to expand...
Click to collapse
And here is how much I trust Google:
<>
Yes, it's an empty list