Verizon Remote Diagnostics is running on my phone. Why? - General Questions and Answers

Hello, hoping someone can provide some help. I have been noticing my phone - A Droid Razr - slowing down, acting up, homescreen error requiring restart, etc. I saw a program called "Verizon Remote Diagnostic" but didn't think much of it at first. I did a factory reset and things stayed the same. I looked into this App as it is consistently running in my processes. Apparently, the app is a remote desktop that gives Verizon employees ability to access your phone. The list of permissions includes everything, from reading SMS and media, call logs, GPS, the whole works. However, Verizon has stated that it is not a monitoring tool, requires explicit user permission, etc. Here is a brief rundown from a Verizon spokesperson:
“It is a piece of the new software and cannot be removed, but it does not run in the background. It only runs when a customer calls support and gives permission to use it . . . The tool will not run unless a customer gives explicit permission during a call with customer support. If customer support suggests using the tool as a way to diagnose a problem the customer will see a notification on their device after customer support initiates the Verizon Remote Diagnostics tool. A customer will then see a permission request directly on their device along with “terms and conditions” and an “Accept” or “Reject” button. A customer will need to select “Accept” in order for the tool to run. Customers are free to select “Reject” and the tool will not run.
Customers will also be given a 4-digit PIN by customer support and that PIN must be entered in the device by the customer in order for this to work. . . it does not run in the background. It only runs when a customer gives permission to use it.” - I can't post the link to this as I am a new member, but it is available at the droid-life website
I have never called in, never gone into the store other than to purchase the phone, have never given any permission in any way to any Verizon employee, have never even asked a question to Verizon online, in person, over the phone, etc. I have never had an outside tech look at it or send it off for any repairs. So my question is - Why is this app running on my phone? To be clear, it is not just on my phone, I understand that the App is listed in the all apps list, but why is the app actively running on my phone when it is not supposed to without my permission?
The person who set my phone up about a year ago was very creepy and asked me if I had any nude pictures on my phone, or if I wanted to transfer any nude pictures from my old phone to my new phone. When I told him no, he sad "Damn, that ruins me day!" and the other employees laughed and said "damn," Then he spent about 20 or minutes setting it up and making calls on the phone. My concern is that this sleezy rep gave himself access to my phone, because I most certainly did not.
Curiously, the program stops running shortly after I discover it in the running apps list. However, I will check later and it will be running again. This is very concerning. Is there anyway to get more information on this app and why/how it is running? How about a history showing times it was accessed, by what IP address, etc.? I have searched the forum and the internet extensively, but no one else seems to have the program running on their phone. I have a screenshot available if it would help.
Also, and possibly unrelated, is an running app called "Data Offload." I am not sure what it is doing either. Thanks so much for any helpful answers!

yeah this is on my phone as well. had s3 since day it was released but recently replaced the cracked-screen device through Asurion. about to begin the root process and I had to research what this new APK installed was and found your post first. thanks for all the extra detail!

Related

Seek Droid Reviews?

Anyone use Seek Droid?
http://www.appbrain.com/app/seek-droid/org.gtmedia.seekdroid
How's it compare to lookout or prey?
Seems like it's pretty feature rich for $.99 and reviews are good, but it's always good to hear from real, live users directly.
Lifehacker liked it
http://lifehacker.com/5745207/seek-droid-is-the-simplest-way-to-find-your-lost-android-phone
I think its the best, but I'm one of the developers. PM me if you have any questions.
I'm sure you do, but I was going to get some real user reviews here.
Give it a shot, write a review. If you dont like it, email support and we'll make it right.
I'm not sure if we have many people that are on xda using the app (yet). We are a really small company, and unlike our competition, we dont a marketing department to get our name out. Just a few developers trying to put out a good lightweight product. We love to see reviews and suggestions, so let us know what you think.
I can gave you a brief snapshot [after finishing my write up I realized it wasn't so brief]. Note: I haven't lost my phone yet so I've only been able to test it. Also, I have not tested other Droid locator apps so I have no point of reference. I've tested this on a Droid X.
Setup is a breeze. The user is asked to enter a username and secret code. The app goes through a registration process. The main screen of the app (on the phone) is organized as follows: View Website; Your SeekDroid.com Login; View Help; Current Status [Registered]; Your Secret Code; Options for Enabling remote formmating of the phone and SD card; Option for retrieving call history settings; Terms of Service; and Contact Us.
At the Seek Droid website, you're asked to enter your username and secret code. A top line menu appears, as follows: Locate; Alarm; Calls; Hide; Lock; Wipe; Help; and Log Out. Locate does just what it suggests: the webpage sends out a search command and a Google map displays the location. The Alarm options prompts you to type a message to be sent to the phone. Once the message arrives, the message pops up on the phone's screen and it beeps and will continue to beep until the screen is touched. When the screen is touched, you're taken to the slide-to-unlock screen. If your phone is secured with a password, you'll be directed to the unlock screen (pattern or keypad). Calls displays a recent call list. Hide triggers your device to hide the Seek Droid app from you list of apps (in your app drawer). Reboot is required. With Lock, you're prompted to assign a new digit lock code (digits only, not a new pattern lock). Whether your device already has a lock code or pattern lock, the new code is applied. I, for example, have a pattern lock. I changed the lock code remotely with Seek Droid and it changed it to the new code I sent. With Wipe you are given a prompt to ensure that's what you want to do. I did not test this feature. I might backup my SD card and try the wipe feature for that...I'll report the results later if I do.
I've tested the app indoors and outside, with GPS on and off. It finds it every time, usually within 3 minutes. I keep Use Wireless Networks and Enable Assisted GPS activated in the Settings screen on my device. Also, I have an app protector app that locks apps on my phone (along the lines of App Protector). I have Settings locked (requires a password to access). Seek Droid is able to change the unlock code remotely with Settings protected and unprotected.
Naturally, Seek Droid does not find my phone when it's turned off or in flight mode. Seek Droid does not provide advanced user controls like deleting individual apps, turning off/on GPS, remotely turning on your phone, etc.
Locating my phone worked with Internet Explorer, Firefox and Chrome. Javascript must be enabled.
One final comment: I encountered an issue with one of my computers locating my phone. I contacted Seek Droid support and received a response within 1 hour. Very helpful and responsive...kudos to them. After some troubleshooting, I discovered the problem rested with my computer. Seek Droid worked well from every other computers I have access to (rather than troubleshoot the problem with the one computer, I simply won't use that one to log in to Seek Droid in an emergency). So, my advice is to test the app from various computers so you know which one to use if and when you actually lose your phone.
I recommend the app based on my limited testing. I also recommend that you use this in conjunction with a device password or pattern lock (or an app protector app to prevent removal of Seek Droid). You simply want to set up controls so another person can't easily uninstall the app or deregister the device.
Price has now gone up to $1.99 and a bit peeved as I left it until today to get it, losing out 62p in the process
Anyway, after taking an aggggggge (months on and off) trying to configure Tasker to do this unsuccessfully I've now binned that idea and got this instead; setting it up alongside Tasker to receive a specific SMS to switch all the location finding stuff on (I have mobile and wifi switched off by default).
Just liked to echo the above comment in that it is really easy to use and the location is nailed down much better than all my previous attempts with Tasker.
Well worth it.
Wow, didn't notice that. I still hadn't purchased yet either and was going to. I really don't need it, I just wanted to play around with it. I'll just pass @ $1.99 and use the free version of lookout without wipe functionality and spend the $1.99 on a game I wanted or something.
Oh well.
is there a secret code default because i donwloaded the app to my phone online but never set it up
Kicknik: After installing the app and opening for the first time, you will be prompted to enter a username and a secret code of your choosing. Then, it will go through a process of registering your device (I guess it syncs up with Seek Droid). The username and secret code are then used to login to the Seek Droid website in order to locate and lock your device remotely.
My impressions:
Bought and installed a couple days ago on my Lg Optimus One. I am very satisfied.
The program installs very easily, once installed it asks you to choose a login name and a password and to set a few options: there's a few boxes to check, like the possibility to enable or disable the remote wipe of your smartphone.
Once you are done setting up you can access the seek droid website from your phone or from any device with internet access and once you are logged in you can monitor your device position (you can remotely enable gps if gps is disabled), check the last calls that were made from your device, lock your phone or wipe it to factory settings formatting internal memory and sd (of course it asks you for confirmation on the website if you click on the wipe button).
Another useful feature that can be accessed from seek droid website is the "hide" button. Once you press it the seek droid app on your phone becomes invisible (requires reboot) thus becoming even harder to uninstall (anyway even wehn visible the program requires your password to uninstall).
I tried every feature except for the wipe one and i can say it does what it says. Position through gps is accurate and is shown on a mini google map on the seek droid site. I monitored battery consumption and it seems almost unexistent.
In conclusion i think every smart needs a security program like this, and seek droid does better than other similar apps that i had tried before.
First I was using Lookout, but I rly didn't liked that story with the chinese developer that got misunderstood with his wallpaper app because of what Lookout said. Every website was telling ppl to uninstall his app. Lookout got a lot of attention, everyone installed their app and uninstalled the poor chinese app. That wasn't nice :T
Then I went to WaveSecure, from McAfee. I think it's $20 per year.
Never worked on my phone. Tryed the support, even installed a "debug version", but couldn't make it work properly on my HTC Desire. Gave up.
I was looking for another app to replace it and then I met Seek Droid. Was very cheap, no monthly fees and such, decided to give it a try.
Dude, I'm VERY satisfied. It's easy to install, got it WORKING on 5 minutes. McAfee WaveSecure didn't worked for me, but I had no issue with Seek Droid. If I had met it before, could save the $20 I paid to get WaveSecure (I should have tested it first, but saw "McAfee" on it, guessed it works.)
Didn't noticed any abnormal battery drain, I could retrieve the latest phone calls made and received, I could lock and unlock from the website, located very fast (I was using wifi when I tested).
I think that it could report the number of the SIM card and keep the alarm message on the screen, I mean, If I just lose it, I would like to keep on screen instructions to contact me :S
Currently If you "click" on the message, it will go away.
Anyway, I'm another happy customer.
It's very cheap, everyone should give it a try!
seijimaddog said:
Anyway, I'm another happy customer.
It's very cheap, everyone should give it a try!
Click to expand...
Click to collapse
Glad to hear you like it. Dont forget to review us in the Android Market.
I bought it for me (EVO) and my wife (LG Optimus S). Very reasonable price. Easy install and configuration and website control.
We also were using the new Sprint/Assurian TEP app. That has additional features--which I don't want or need (i.e., contacts backup). And, even though my wife's phone also has TEP, their app now says that the subscription has expired--which it hasn't.
I was about to cancel the TEP for her phone anyhow, and this is a nice reminder of why it's a waste for her cheap phone anyhow.
We're happy with Seekdroid and the $.99 price.
sycko,
I have Seek Droid on my Droid and my wife's Droid 2. Love the application. I was wondering if there was a way to get to get Seek Droid to work on my rooted Nook Color? There can be a general location using the WiFi instead of GPS I believe.
Thank you for your time.
How does one set this up? I bought it a while back and never got around to setting it up until today. I launch it on my EVO and it pops up a screen asking for a name and password, and anything I put in it says it's username or secret code is incorrect (obviously, since I've never set up a seekdroid account). I go to the website and it does the same thing. HOW DO I SET UP AN ACCOUNT IN THE FIRST PLACE?
Thanks.
Nevermind. Got it. (Uninstalled and reinstalled and the create account screen popped up.)
Does this work with Google Voice? I don't have text messaging, so thats the issue I have with location/alarm apps
I want to know, what if my phone got stolen and the guy instantly decides to wipe my device clean of any trackers .. will this device still be able to track after such an activity ?
Also, what if the robber doesn't wipe the device clean, but modifies/disables the internet connection on the device ? Or switches to another SIM which does NOT have internet on it ? Will this program still be helpful in any sense ?
Free today on Amazon. Don't know if this is current version, but thought I would pass that along. Clean interface, but I haven't put it through its paces yet.
Great app
I love the app. Very easy to use. I've used it to locate my phone twice.
I just installed mohan's latest ROM for the skyrocket and I am getting a message that seekdroid is not working. Any tips on how to debug. Is there a log of the failure?
I like the ROM, but consider this a must have app.
need a bit of help
sycko said:
I think its the best, but I'm one of the developers. PM me if you have any questions.
Click to expand...
Click to collapse
If seekdroid or something like that was installed on my phone. By my psycho gf. How would I totally remove it????

[Q] Just what is wrong and how to fix it. No one tells me if it's software...

I have a few issues with the Captivate, that I just can't get an answer to, except send it in to Samsung, and we'll repair it. AT&T just does a very poor job, of tech support, on my end of things. I spend hours by phone, poor email replies, and going in for a face-to-face yesterday, simply does no good. I bought the Captivate with Android 2.1, and updated to 2.2, from Samsungs site. My issues are:
AT&T will stop BLOCKING apps, that come from other places, besides their Market. Talk of OTA being pushed, and the Captivate being one of the first to get it, led me to learn that OTA, is not a software push, but a set of instructions, to help us manually change a SETTING in the Captivate. This, from three different tech people, all the way up the ladder at AT&T. That said, the head tech, Glen, COULD NOT FIGURE OUT how to tell me to change the Settings. Another issue, is with SMS and MMS messaging. I can send them no trouble, but I don't really know if the ones I'm sending to, have got them. Surprise. I found I could make requests, for a Notice of Delivery. I just have 'to ASK FOR ONE'. Trouble is, no one can help me figure out how to ask. On AT&T site, under my contract, they have Captivate as my phone. They have a tutorial on MMS settings, so I went to it. I followed the steps they give, and at the END, they show 5 options, that are greyed out, that you can activate. They show 5, but my Captivate only shows 3. The two that are missing, DELIVERY REPORT and READ REPORT, are what I'd need, but they aren't there. Yesterday in a face-to-face, the tech I was talking with, played with a Captivate demo, and actually found those two options on it. His reply, the demo is Android 2.1, I upgraded to 2.2. Conclusion, I screwed myself, with the update. He didn't explain, why the Captivate HE OWNS, and is 2.1 itself, DON'T HAVE THE TWO OPTIONS EITHER. The third issue, is EDGE. Where I live, AT&T's tower, are horrible. No one with AT&T, can connect to them. I pay over $70 a month, to use my Captivate, on my WIFI. My use is rare, for phone calls. It's mainly for the Smart Phone part, that I use it. When I bought the phone, EDGE was not active, but some smart guy at a hugher level, had me make a settings change, and it appeared. But it no longer appears, and it seems if you don't ask a 3G question, they ignore you now. So, after countless failures, I left AT&T yesterday, and stopped at Verizon, just down the road, to get info with them.
I contacted Samsung when I got home, telling them the troubles I'm having, and asking if they could help answer my issues? This morning, I got their reply. The answer was an EITHER/OR reply, and that's why I'm asking this here. They say I could either restore my software to brand new, and lose all my phones content, or send it in for repair, which probably would lose the content with as well. Not an indication, if it's a software(Android) problem, or a hardware problem. No indication if AT&T's OTA, is a software PATCH, or if it really is nothing but instructions on what I need to change. AT&T sent me two MMS TEXTS, while I was on the phone with them, that were 4kb in size, and were ONLY GOOD FOR 4 DAYS, by what was said with them. Both opened with the word, DOWNLOADING, following it, but the word DOWNLOADING, is still present, 2 days later. Must mean what they sent, I never had installed. But why install something, if it's NOT A SOFTWARE ISSUE as AT&T claims, and instead send a simple email with instructions, or a web site, I can read the instructions on? But, as of this morning, I really don't know how to handle this. Does anyone, understand what this means, and can explain in basic English, just what is wrong? Thank you.
All of this is software, stock sucks and now you see why the custom rom community is so large.
For edge, go to settings> wireless and network> mobile networks> network mode, change that to gsm only.
The nonmarket ota will have to be
a software patch because it's disabled completely in the settings of the OS. A simple guide on what to turn on in the settings won't do it it's deeper than that.
the sms/mms issue have you tried clearing the cache and or data in"settings>applications> manage applications>all> messing. Or using a different messaging app? I use handcent sms but there are several in the market.
Thanks. I'm starting to understand this rom craze I've been reading about.
On Edge as you suggested, when I get to Mobile Networks, after I click on it, I see NO Network Mode, that I could change to gsm only. I have 4 choices, Use Packet data, which is active, Data roaming, which is not active, Access point names, which shows ATT WAP, avtive, and Network operators, which shows a blacked out Default Setup. It's listed under Available Networks, but I can't even activate the Default setup. What's missing here?
As for the OTA, I'm glad to know it's as I thought, not as AT&T lied to me about. The two seperate AT&T messages they sent me, a little over two hours apart, are listed as such: <Subject: AT&T
test MMS> Downloading
Message size: 4KB
Expires: 5:57 pm, mAY 23
and when you long press it, a menu appears, that allows you to View message details. Click on that, you get
> Message details
Type: Multimedia message
notification
From: 28838270
Expires: 5:57 PM, May 23
Subject: AT&T test MMS
Message class: Informational
Message aize: 4KB
That is what they tried to push me, as the OTA, and as I said, Glen, an upper level tech, tried walking me through the settings, to physically make the change, but failed to do so. Do you understand what type of crap they were really pushing me?
I do have Handcent sms, but I never used it. I suppose I need to stop thinking everything is alike. I opened it up, and the options, are over whelming, so I chose those I thought were right. I'll read up on it later, to try and understand it better. It showed my text messages I already had, including the two test from AT&T, which actually allowed me to DOWNLOAD. Dowload what? Good question. But clicking it, showed it downloaded, SOMETHING. After that, I tried to install the Amazon appstore app, which AT&T kept blocking, and no surprises, it was blocked again just now. So, maybe AT&T knows what type of crap they sent me, but it damn sure didn't fix the BLOCK.
Guess you see I'm frustrated, but thanks for your reply. If this note helps you try something else, please let me know. Thanks.
MarketEnabler to get past the AT& T blocking (requires root)
IMHO, Custom ROMs is the only way to get the best out of your device.
Sent from my Captivate. Andromeda 3, Onix 2.0.5 @ 1.2Ghz
Downloading?
I've had messages get stuck in downloading when someone sends me a MMS with a picture or a web link that needs to use the data connection to download the message and I have the Data network mode shut off. May want to check you're Data Network setting to see if its on or off. Something to check.
With 2.2 you can turn on or off Data network mode by holding the power button to bringing up the menu.
It seems if I want to stop being frustrated over AT&T and their not helping fix the issues, is to start thinking like a lot of you do. I have seem a lot about ROM, but in truth, don't know much about it. I'll try and read up to learn, just what I'm looking for, like what would best fit my issues. Thinking back on my face to face with Tech support, Friday, when I acted so frustrated, that even they couldn't fix my AT&T BLOCKING of apps NOT FROM THE MARKET, I had two different AT&T TECHS ask me, "WHY DO YOU WANT TO LOAD APPS, THAT ARE NOT FROM THE MARKET"? Why? How about I simply want to? Does that mean that AT&T has the mentality, that since they charge to provide service, that it allows them to DICTATE how we use the equipment we buy? What ever happened to the concept of TRUTH, in business these days? Anyway, I'll start trying to gain ideas from going with a custom rom, and see what woud best meet my needs, with one. Thanks.
You know what's funny?
All of the roms have what you're looking for
That's the entire spirit of roms, I bought this awesome peice if hardware but the software it came with is locked down, freedom robbing, laggy, ugly garbage. The phone belongs to us it's ours to do with what we please.
But before you take the rom leap, try super one click to root and it also unblocks non market apps

[GUIDE]How to find your Android Device AFTER it has been stolen

Well lets assume your android device has been stolen! Good lord !! . Not to worry, this guide should hopefully help you recover it. Even if its a thief.
PS: This contents of this read may bear resemblance to the reddit thread i created
A about two weeks ago (17th April to be exact) one of my friend lost his Samsung GT-I9003 from his dorm room at 0200hrs. Today when i was scanning my latitude, i saw him position a few hundred meters from me. Problem is, we are on a university campus. 500+ students, staff, kitchen, cleaning - basically lot of people. I suggested we check Google Latitiude's location history and sure enough for the past 15 days, the phone's location is spread all over the campus.
Premise of the crime
The phone is ON and is connecting to the Wi-Fi.
The phone is still tied to the primary gmail account and is thus reporting location.
The SIM has been removed or changed since the original number is now switched off
The person does not have good knowledge of using a smart phone (maybe helping staff)
Steps we have taken
Since we assume it is in the possession of either a student or helping staff we don't want to startle him.
Tried Plan-B on my phone. However the location it was reporting was the same as Google Latitude.
The phone does have Where is my Droid installed but the web interface says invalid email ID. So that option is ruled out unless you have pre configured Where is my Droid previously.
How we found the phone
After Where is my Droid failed us, we started looking for other applications. We found this application called Android Lost. Unfortunately we hit a dead end when we realised that it needs to be activated by sending an SMS. Since we dont know the phone number, or that there is even any SIM card in the phone, that application also seemed useless.But turns out the developer of Android Lost has also made a nifty app called AndroidLost Jumpstart which is can trigger Android Lost without the need of an SMS.
According to the description
This app will wake up the registration process on the androidlost app when ever a phone call is made, an SMS received, battery is low, a package is added, removed or changed.
Click to expand...
Click to collapse
So we got android lost installed. Trust me, its a life saver. We got calls logs, sms, pictures, voice recordings. We tracked the person with the help of this.
Hope this helps anyone in the future!
maverick340 said:
Well lets assume your android device has been stolen! Good lord !! . Not to worry, this guide should hopefully help you recover it. Even if its a thief.
PS: This contents of this read may bear resemblance to the reddit thread i created
A about two weeks ago (17th April to be exact) one of my friend lost his Samsung GT-I9003 from his dorm room at 0200hrs. Today when i was scanning my latitude, i saw him position a few hundred meters from me. Problem is, we are on a university campus. 500+ students, staff, kitchen, cleaning - basically lot of people. I suggested we check Google Latitiude's location history and sure enough for the past 15 days, the phone's location is spread all over the campus.
Premise of the crime
The phone is ON and is connecting to the Wi-Fi.
The phone is still tied to the primary gmail account and is thus reporting location.
The SIM has been removed or changed since the original number is now switched off
The person does not have good knowledge of using a smart phone (maybe helping staff)
Steps we have taken
Since we assume it is in the possession of either a student or helping staff we don't want to startle him.
Tried Plan-B on my phone. However the location it was reporting was the same as Google Latitude.
The phone does have Where is my Droid installed but the web interface says invalid email ID. So that option is ruled out unless you have pre configured Where is my Droid previously.
How we found the phone
After Where is my Droid failed us, we started looking for other applications. We found this application called Android Lost. Unfortunately we hit a dead end when we realised that it needs to be activated by sending an SMS. Since we dont know the phone number, or that there is even any SIM card in the phone, that application also seemed useless.But turns out the developer of Android Lost has also made a nifty app called AndroidLost Jumpstart which is can trigger Android Lost without the need of an SMS.
According to the description
So we got android lost installed. Trust me, its a life saver. We got calls logs, sms, pictures, voice recordings. We tracked the person with the help of this.
Hope this helps anyone in the future!
Click to expand...
Click to collapse
Or install Avast anti theft before your phone gets stolen ;D never the less, very useful, thank you.
Sent from my GT-I9100 using XDA
okmijnlp said:
Or install Avast anti theft before your phone gets stolen ;D never the less, very useful, thank you.
Sent from my GT-I9100 using XDA
Click to expand...
Click to collapse
yep always good to be safe before hand. After this incident lot of my friends have installed or gotten some security app.
Although, aren't security suite like Avast, McAfee and overkill for finding lost phones?
And who was the thief?
Sent from my LG Optimus 2x with xda premium app
another possibility is to instal Cerberus App
Hi everyone. I have recently been the victim of theft for my nexus 7. I had the device locked with the pattern so there is no way that the thief could get into it unless they do a software reset from the recovery mode. The thing is, either way there is no way i would be able to recover it because if in fact they do a factory reset my lookout security would be uninstalled and my nexus would be lost forever, also if they can't get through the pattern and find a way to connect to Wi-Fi, it will still be lost forever. I have read about installing lookout in the system/app folder of a rooted device so its not easily uninstalled by normal means or factory reset. But do you think it is possible to have android lost and lookout pre-configured and installed in the system/app folder so that even if the device is factory reset, the credentials will remain?
is it factory-reset proof?
Just a quick little question: How did you get the phone to register on Android Lost? I can't get a friend's phone to be recognized in the web app, after installing the Jumpstart and another app...
Thank you
Very good contribution, gratz! i will follow your steps in case my android get stolen!
How did it fail?
You say that "after Where's my Droid failed us"...what do you mean by that...how did it "fail"? I would like to know before installing it. What exactly happened that it "failed" you?
Thanks
Losing a phone is irritating
I lost my phone sometime back. I didn't have the time to do research and maybe these apps weren't available at the time of theft. I got the SIM de-activated and tried to track my phone via IMEI number.
So, a few questions
1. Have they changed its IMEI number ?
2. Have they removed my Google account ?
This pretty much messes it up. If you can't track it via IMEI nor can you use any network then its as good as history. These were the only remaining identification tags that could have got your phone back and the thief would know of it. The moment I called on my own number he switched it off. He logged into my account and posted crap(not that I knew any of it had it not been for my friend who reported some strange FB and Twitter status) as if it wasn't enough that he had my phone.
One of the most disturbing things that they can do is play with the IMEI. Older phones were more susceptible to that kind of thing but a Nexus ? P990 ? GT19100? I thought they were much harder to hack. Not only can you NOT track your phone but also lose all other alternatives because the phone is now linked to another google account. I was searching for a post that would walk me through a process of changing the google account currently associated with the phone. In an attempt to understand if this indeed was the case. I wanted to try this app so badly but now I blew it off, my only chance.
Hardware based identification is the only way to go about fixing this issue. Any low level process that runs off some hard coded tag independent of software control known only to the owner of the phone. I just don't know what other options are left with person who lost it. I think there is no other way.
Time for a new phone, I guess
Edit: I guess I was right about that. They had done a hard reset but the IMEI associated with my account is intact. So there are two ways of messing it up. One, you change the IMEI(which sounds ridiculously dumb). Second, you change the primary account(more believable). How stupid of me to think of the first one
i think if a android phone is lost and a guy with a bit knowledge of flashin roms gets it then we might have to forget our phone.. if the phone has screen lock the guy can reset the phone through stock recovery and all security apps like where's my droid,avast etc get wiped off.. i personally don't install any anti-theft apps. i beleive in being EXTRA CAREFUL than installing any anti theft apps
And you are damn right bro, its good to be careful than putting all your believe in one anti-THEFT software which can easily get wiped off.
Sent from my GT-I9300 using xda premium
That's useful, thanks !
How did you get the Logs.
Hi Maverik,
My phone was robbed yesterday & the SIM card was removed,
I wanted to know how were you able to get the call logs, pics etc of your lost phone to ........
Very useful! Thanks!
we have Find My Phone
you can have a try
Find My Phone - find your misplaced phone/stolen phone/lost phone easily
https://play.google.com/store/apps/details?id=com.phonefindandlock
Thanks for share your experience with AndroidLost.
Inviato dal mio K00E utilizzando Tapatalk
AndroFind is the best
i highly recommend AndroFind to find stolen phone.
you can find it in android market :good:
Hi, but It's possible to find any kind of phone also with older Android version?
Thanks!

Unknown activity HTC ONE M9

I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
--
squidstings said:
I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Click to expand...
Click to collapse
Interesting issue. I am not sure about the rooting. You are probably going to need to ask experts around here. Hopefully, they can help you with that. As for security, you could try checking if you have any suspicious apps running in the background or installed (You might be using same GPS or another app for example). It could be that one of the malicious apps had access to your calls which lead to them outputting calls to somewhere. You could try disconnecting your internet for a day and see if the calls persist (That is probably not an option for you, but it is an idea). Additionally, you could try a factory reset on one of the phones and see if the problem is still there.
squidstings said:
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
Click to expand...
Click to collapse
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
What to do? As Ross says disconnecting is probably not practicable. If you have malicious activity they probably are using data as well as calls. So I would install a firewall to block most apps and log attempted connections (normally have to pay for this) then check IP addresses tell see if they are legit. However this may not show anything as data may go via root. So setting up a proxy to route traffic to your PC and use a sniffing program to see traffic or at least I P addresses.
You can download root checking apps from play store. Also check your security settings any app with admin rights? Also use a good antivirus you might get lucky, but even if negative you may still be infected.
Only way to really clean your system is to reinstall your OS, though a factory reset will fix often. But first you need to know how you were all compromised and fix that else it will just return, I would think it's most likely your local work network, (but could be your provider R or even something else you connect to in sore way eg Bluetooth, or an app you all have (you can boot into safe mode to disable 3rd party apps, but with HTC system apps possibly containing apps that use the Baidu apk etc that still has a possible backdoor unpatched (as far as I know) safe mode will not help white those!)
You might have to look into freezing/uninstalling all HTC installed apps.
IronRoo said:
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
You might have to look into freezing/uninstalling all HTC installed apps.
Click to expand...
Click to collapse
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
so here's the kicker. I'm literally nobody! On disability, no exciting employment history and those In my family who have, aren't in contact, nor do I have contact info. And it was my wife and daughter who had the other phones, but mine was central i think. daughters phone was locked. So nothing so exciting. Which is why I even bothered asking lol
squidstings said:
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
Click to expand...
Click to collapse
Ah! Rogers Canada should be a well controlled and trustworthy provider, so probably not them, though a rogue employee or having their network compromised can't be ruled out.
Also if official Gmail app it should be safe though it does have some quite intrusive permissions like full network access, view confidential info etc, but all are legit if you want the full functionality of Gmail. But it shouldn't have access to place phone calls, so should not be able to create the behaviour you describe.
That leaves a rouge app, but you would all need to have it I suppose, HTC app (or system behavior) or local hack ie via your router or via your PC. A good anti virus should find rogue app on phone and similarly on PC. HTC system apps hard to spot without doing the firewall etc etc. So I would also be double checking your local router for firmware update and resetting it with a new strong password, to prevent possible return, so to any Bluetooth devices.
Hope it doesn't return! All the best
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
squidstings said:
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
Click to expand...
Click to collapse
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Applied Protocol said:
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Click to expand...
Click to collapse
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
It didn't show root. 2 of 3 m9s were mysteriously unlocked. the 3rd did prompt for a code, but did also show those "unknown #" calls. However, I'm still stuck on the code. I can't even enter a ",". Didn't check the other units for it, but it's still the only unanswered issue that could explain the unlock (aside from your suggestion). No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
It's dead now anyways. Battery won't charge unless powered off and went from 24+hours regular standby to about 3 hours with extreme powersave on, overnight and doesn't extend with usb power. usb data comm isn't even recognized. All 3 have failed actually (different ways) so I'm going back to my m7 which still works great. Except, it says s-on but works with different carriers and I can't even enter the code I paid for (no prompt. is there another way?)
So, here's the tinfoil hat part. Although I'm nobody, This all started around the time of the '16 election. when I was arguing with a youtube account named (not looking to attract attention so no name, but you know it) for the person who came 2nd.
Thank you for your help. It's a shame it's pooched before solving the issue. But hopefully, the code will be solved.
But any help entering my sim unlock code a different way would be appreciated. But if other carrier sims work, should root be doable while showing s-on?
Thanks a TON!!
squidstings said:
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
Click to expand...
Click to collapse
It would seem in your case that it is a setting change that was made and not comparable to other phones. Probably what we are talking about is a connection to a command server. S-on is a protection so that one cannot change the state of certain partitions namely the recovery boot and system however their are ways to get around this. You would need to get a root app to do that.
As a general rule you need to prove something is going on and funny numbers are a indication but nobody in the security community would touch it because it is very open. What you need to do however is
Get a copy of the calls use pcap and
check your firmware with the standard HTC firmware
this will show you what the phone call is doing and will help the android community overall (improved security)
Also programmers do not try to add backdoors they try to have a good product it is the hacking/security teams of _________ that do that. This being a programmer myself.

Question Am I hacked?

I have just received a brand newT mobile SM-A326U, Samsung galaxy A32 5G USA variant today from the mobiles website. I immediately updated to the newest security and software patch as I have been having issues with security lately imsci catcher, remote code injection, forwarding calls and texts to media servers, mItM etc.
Right away I used "Samsung My files" and enabled hidden file access within Samsung my files. I have always been aware of the need to index thumbs and thumbnail files, databases, etc in the digital camera media images or DCIM folder. Checking /storage/emulated/0 shows three NEW locations. 3 new folders titled Music, Pictures, and video. Within each of these three new folders there is a hidden ".nomedia" file and a hidden file titled "database_uuid". Attempting to delete the Music, Video,, and pictures folders from storage/emulated/0 results in them returning after a reboot. Same files within them. Performing a factory reset and flashing new factory rom and firmware provides the same result. There are those same three folders and those same files. Performing the old create a new file entitled .thumbnails as a dummy file trick didn't resolve this issue either.
I have not used the camera. I have not done anything but open a factory stock browser utilizing the providers data connection.
This has persisted through 3 new devices. A Samsung galaxy A71 5g, a Motorola G power 2021 and now this phone.
Am I being overly paranoid? Is this just a new function of the file system I am unaware of? Is the hidden "database_uuid" supposed to be there? Or have I reason to suspect the worst?
Fixes tried include
>a factory data reset or two, dalvik cache wipe included.
>Calling the provider's tech support line.
>Calling the manufacturer.
>ODIN flash of stock factory ROM and firmware.
These are fixes performed on both the Samsung Galaxy A71 5G, and the Motorola G Power 2021. This phone (Samsung galaxy A32 5G) has a locked bootloader thus far and I haven't tried a flash yet, however I have tried the aforementioned fixes.
>Creating a dummy file entitled .thumbnails.
>deleting the folders entitled Video, Music, and Picture in storage/emulated/0 followed by a reboot.
What have you done to make yourself paranoid? Those are normal hidden files.
target_relative said:
What have you done to make yourself paranoid? Those are normal hidden files.
Click to expand...
Click to collapse
Haha, I can totally see why one would assume I've done something to reach such levels of paranoia but I assure u it is because I am on my journey through the web security exams. I have had enough field experience in the security audit role to notice odd behavior and activity, but not enough experience to prevent or patch it However, I have some data siphoning neighbors so my first assumption was someone was pilfering my incoming and outgoing data during contractual gigs. Considering the data that is sometimes transmitted, one can totally assume the worst. That's how zero days occur. Anyway, thank you so much for the assurance, one thing I need to really brush up on is the android OS file system.
Wondering if a senior member would be so kind as to weigh in on this one. It's not that I don't believe the answer provided, it's that clarity can be had by the collective opinion. If others where to say the same, I'd be inclined to say, yep, those are certainly normal hidden files. However, I never noticed either folder or the database_uuid file recently until after an attack on the local network. Hence my suspicion and thought process around the data siphoning neighbors.
Factory reset. Cured... whatever it was.
Now ^that's^ being paranoid
blackhawk said:
Factory reset. Cured... whatever it was.
Now ^that's^ being paranoid
Click to expand...
Click to collapse
Not as much as you'd think. Prior to all this I had my tenth PC custom built rig go down due to persistent malware that found its way into the bios and reflashed the bios and then further flashed itself into a level between bios and boot. Still hopping from device to device. PTA or persistent threat actors aren't nearly as hard to come by in the wild when u study cyber security enough. Finding yourself in an officially sanctioned red team/ blue team op and performing well whilst also blazingly bragging about your leet skills on social media will quickly garner a few PTAs.
It's not hard to assume someone in the area could monitor the device for restarts and or factory reset on a root level and then push an injection into either the zygote or an OTA update as the device begins setup. Or even easier remote code execution targeting the "Sign in with Google account" portion of device setup.
DrRoxxo said:
Wondering if a senior member would be so kind as to weigh in on this one. It's not that I don't believe the answer provided, it's that clarity can be had by the collective opinion. If others where to say the same, I'd be inclined to say, yep, those are certainly normal hidden files. However, I never noticed either folder or the database_uuid file recently until after an attack on the local network. Hence my suspicion and thought process around the data siphoning neighbors.
Click to expand...
Click to collapse
This should help answer your question:
https://en.wikipedia.org/wiki/Hidden_file_and_hidden_directory#Android
tavella said:
This should help answer your question:
https://en.wikipedia.org/wiki/Hidden_file_and_hidden_directory#Android
Click to expand...
Click to collapse
This explains how the .nomedia file works. Which I assumed was natural after a bit of research, what concerns me is within each new folder titled Movies, Music, and video, there is a .nomedia folder. Not a big deal, but then there is a "Database_uuid" file within each of those .thumbnails folders. Which I do not currently understand the purpose or concept of. Prior, I understood the .nomedia file and the need for .thumbnails and .thumbs etc, but I had never once noticed the database_uuid file within those folders on my boredom inspired file dives.
Thank you to all the new and Senior members who helped me to understand this issue.
I truly appreciate the reassurance and responses.
I don't know if there is a way to do so as I am quite new to XDA myself, but I'd like to mark this issue as resolved.
resolution: Stop being so paranoid
tavella said:
This should help answer your question:
https://en.wikipedia.org/wiki/Hidden_file_and_hidden_directory#Android
Click to expand...
Click to collapse
Samsung file explorer can see .nomedia files if that option is enabled in its settings.
Protected backup files are sometimes "hidden" like this... so it's useful to have that option enabled especially when making backup copies.
They appear greyed out indicating they are hidden.
Hey all, Update.
I just got off the phone with a Cisco certified level 2 tech from my provider, T-mobile. They verified what was going on was indeed a sophisticated attack. The database_uuid files point to not just stealing data, but logging all activities. They are attempting a honeypot on the back end to attempt to catch the individual. They have begun monitoring the network for suspicious activity (for whatever it's worth). The technician verified that this sounds like a remote code execution taking place at the text entry field of "setup a new account" after factory reset.
Edit one of the fixes provided was a full Reroute. Data now comes as if I'm in a different location. I don't know how much of a difference it'll make but to note some of the oddities I've faced:
When browsing a random word, results display fine. When browsing search terms related to my issues, I get a "malicious traffic has been detected on this network" error from Chrome, brave, and Firefox. Clearing data on those browsers sometimes works to resolve it, other times it persists.
When attempting to stream a searched title in any streaming service, the title fails to play, yet when choosing a random stream it plays fine.
When attempting to play any chosen online game, I get internet errors; the hotspot shows internet but no connectivity. When choosing a random game, it plays fine.
When signing up for Facebook, even with a newly created email for this purpose, I get a text verification code immediately from what seems to be official FB shortcode but appended at the bottom of the text is a signature: Laz.nx.carlw
Searching this signature shows hundreds of other users whose accounts where pwnd by the same method.
Since the issue seems to be at the account creation screen after a factory reset, I've tried creating new Google accounts to setup the device with, however almost immediately, passwords are changed.
APN settings where grayed out and as a T-MOBILE customer using a strictly tmobile device purchased and provided by the provider, there is yet, a com.vzw.apnlib package or service, running in the background. Attempting to locate this service or package in every manner fails.
Banking apps have had passwords changed and purchases have been "denied by card", an error of which I've never seen before.
Amazon orders have been "canceled by the buyer" with no input or action on my end relentlessly.
While on VPN, windscribe and Lion vpn, the same happens. It rarely happens without vpn on, but does still occur. I would assume this is to encourage unencrypted traffic that has already been had due to the exploite.
I am aware that windscribe was recently exploited and pwnd. However, it doesn't seem to make a difference because the activity I'm witnessing seems to be that of a dirt box.
Could anybody weigh in on a potential fix or solution?
New update all.
So after calling again to the provider I was told that there was no way for them to monitor everything on the backend and potentially catch them. The rep I spoke to this time assured me he'd been working tech support for the provider 12 years and they've never been capable of doing so.
He also informed me that as far as getting support from the provider, the best they are going to be able to do even in level 2 tech support is verify whether the device is receiving a proper connection from the tower, and if it is and the issue still persists basic troubleshooting (which I've already done ten fold) would be the next course of action. He informed me that had those troubleshooting options not worked the next usual step taken would be to advise to speak with the manufacturer as they would have the ability to remote in and or replace the device in the event of a failure to fix the issue. However, as explained to the rep at the provider, I've already had replacements sent to me. This issue has persisted through 3 provider changes, 4 new cell phones, and multiple network changes in new Sim, new number, data rerouting etc.
My last call with the manufacture resulted in a Cisco certified level 2 remoting into the device with smart tutor and his entire fix applied was a mere opening of my Eset security app and a scan initialized. And suggesting I purchase premium eset.
That was the course of the whole fix provided by the manufacturer prior to a replacement being provided.
DrRoxxo said:
Hey all, Update.
I just got off the phone with a Cisco certified level 2 tech from my provider, T-mobile. They verified what was going on was indeed a sophisticated attack. The database_uuid files point to not just stealing data, but logging all activities. They are attempting a honeypot on the back end to attempt to catch the individual. They have begun monitoring the network for suspicious activity (for whatever it's worth). The technician verified that this sounds like a remote code execution taking place at the text entry field of "setup a new account" after factory reset.
Edit one of the fixes provided was a full Reroute. Data now comes as if I'm in a different location. I don't know how much of a difference it'll make but to note some of the oddities I've faced:
When browsing a random word, results display fine. When browsing search terms related to my issues, I get a "malicious traffic has been detected on this network" error from Chrome, brave, and Firefox. Clearing data on those browsers sometimes works to resolve it, other times it persists.
When attempting to stream a searched title in any streaming service, the title fails to play, yet when choosing a random stream it plays fine.
When attempting to play any chosen online game, I get internet errors; the hotspot shows internet but no connectivity. When choosing a random game, it plays fine.
When signing up for Facebook, even with a newly created email for this purpose, I get a text verification code immediately from what seems to be official FB shortcode but appended at the bottom of the text is a signature: Laz.nx.carlw
Searching this signature shows hundreds of other users whose accounts where pwnd by the same method.
Since the issue seems to be at the account creation screen after a factory reset, I've tried creating new Google accounts to setup the device with, however almost immediately, passwords are changed.
APN settings where grayed out and as a T-MOBILE customer using a strictly tmobile device purchased and provided by the provider, there is yet, a com.vzw.apnlib package or service, running in the background. Attempting to locate this service or package in every manner fails.
Banking apps have had passwords changed and purchases have been "denied by card", an error of which I've never seen before.
Amazon orders have been "canceled by the buyer" with no input or action on my end relentlessly.
While on VPN, windscribe and Lion vpn, the same happens. It rarely happens without vpn on, but does still occur. I would assume this is to encourage unencrypted traffic that has already been had due to the exploite.
I am aware that windscribe was recently exploited and pwnd. However, it doesn't seem to make a difference because the activity I'm witnessing seems to be that of a dirt box.
Could anybody weigh in on a potential fix or solution?
Click to expand...
Click to collapse
Sounds like a StingRay IMSI
DrRoxxo said:
Hey all, Update.
I just got off the phone with a Cisco certified level 2 tech from my provider, T-mobile. They verified what was going on was indeed a sophisticated attack. The database_uuid files point to not just stealing data, but logging all activities. They are attempting a honeypot on the back end to attempt to catch the individual. They have begun monitoring the network for suspicious activity (for whatever it's worth). The technician verified that this sounds like a remote code execution taking place at the text entry field of "setup a new account" after factory reset.
Edit one of the fixes provided was a full Reroute. Data now comes as if I'm in a different location. I don't know how much of a difference it'll make but to note some of the oddities I've faced:
When browsing a random word, results display fine. When browsing search terms related to my issues, I get a "malicious traffic has been detected on this network" error from Chrome, brave, and Firefox. Clearing data on those browsers sometimes works to resolve it, other times it persists.
When attempting to stream a searched title in any streaming service, the title fails to play, yet when choosing a random stream it plays fine.
When attempting to play any chosen online game, I get internet errors; the hotspot shows internet but no connectivity. When choosing a random game, it plays fine.
When signing up for Facebook, even with a newly created email for this purpose, I get a text verification code immediately from what seems to be official FB shortcode but appended at the bottom of the text is a signature: Laz.nx.carlw
Searching this signature shows hundreds of other users whose accounts where pwnd by the same method.
Since the issue seems to be at the account creation screen after a factory reset, I've tried creating new Google accounts to setup the device with, however almost immediately, passwords are changed.
APN settings where grayed out and as a T-MOBILE customer using a strictly tmobile device purchased and provided by the provider, there is yet, a com.vzw.apnlib package or service, running in the background. Attempting to locate this service or package in every manner fails.
Banking apps have had passwords changed and purchases have been "denied by card", an error of which I've never seen before.
Amazon orders have been "canceled by the buyer" with no input or action on my end relentlessly.
While on VPN, windscribe and Lion vpn, the same happens. It rarely happens without vpn on, but does still occur. I would assume this is to encourage unencrypted traffic that has already been had due to the exploite.
I am aware that windscribe was recently exploited and pwnd. However, it doesn't seem to make a difference because the activity I'm witnessing seems to be that of a dirt box.
Could anybody weigh in on a potential fix or solution?
Click to expand...
Click to collapse
APN settings where grayed out and as a T-MOBILE customer using a strictly tmobile device purchased and provided by the provider, there is yet, a com.vzw.apnlib package or service, running in the background.
This is normal.
Banking apps have had passwords changed and purchases have been "denied by card", an error of which I've never seen before.
Amazon orders have been "canceled by the buyer" with no input or action on my end relentlessly.
Probably because orders where placed whilst running ****ty VPN.
have you flashed Stock firmware tru Odin ?
DrRoxxo said:
I have just received a brand newT mobile SM-A326U, Samsung galaxy A32 5G USA variant today from the mobiles website. I immediately updated to the newest security and software patch as I have been having issues with security lately imsci catcher, remote code injection, forwarding calls and texts to media servers, mItM etc.
Right away I used "Samsung My files" and enabled hidden file access within Samsung my files. I have always been aware of the need to index thumbs and thumbnail files, databases, etc in the digital camera media images or DCIM folder. Checking /storage/emulated/0 shows three NEW locations. 3 new folders titled Music, Pictures, and video. Within each of these three new folders there is a hidden ".nomedia" file and a hidden file titled "database_uuid". Attempting to delete the Music, Video,, and pictures folders from storage/emulated/0 results in them returning after a reboot. Same files within them. Performing a factory reset and flashing new factory rom and firmware provides the same result. There are those same three folders and those same files. Performing the old create a new file entitled .thumbnails as a dummy file trick didn't resolve this issue either.
I have not used the camera. I have not done anything but open a factory stock browser utilizing the providers data connection.
This has persisted through 3 new devices. A Samsung galaxy A71 5g, a Motorola G power 2021 and now this phone.
Am I being overly paranoid? Is this just a new function of the file system I am unaware of? Is the hidden "database_uuid" supposed to be there? Or have I reason to suspect the worst?
Click to expand...
Click to collapse
Is the hidden "database_uuid" supposed to be there?
Yes its part of android system.
? Is this just a new function of the file system I am unaware of?
Probably, Android 11 has big changes and so will Android 12
financeledger said:
APN settings where grayed out and as a T-MOBILE customer using a strictly tmobile device purchased and provided by the provider, there is yet, a com.vzw.apnlib package or service, running in the background.
This is normal.
Banking apps have had passwords changed and purchases have been "denied by card", an error of which I've never seen before.
Amazon orders have been "canceled by the buyer" with no input or action on my end relentlessly.
Probably because orders where placed whilst running ****ty VPN.
have you flashed Stock firmware tru Odin ?
Click to expand...
Click to collapse
I did try flashing through odin luckily all went well, however the flaw and some of the suspicious activity continued. I managed to flash stock on 3 of the 4 phones affected and it persisted sadly. However, u are correct about the VPN, turns out, windscribe had recently been exploited.
financeledger said:
Is the hidden "database_uuid" supposed to be there?
Yes its part of android system.
? Is this just a new function of the file system I am unaware of?
Probably, Android 11 has big changes and so will Android 12
Click to expand...
Click to collapse
I am certainly not trying to be argumentative but I did want to note for the sake of those that may have the same concern, my provider and a few level 2 tech support individuals where able to confirm the database_uuid files are not supposed to be there and are evidence of logging activity.
financeledger said:
Sounds like a StingRay IMSI
Click to expand...
Click to collapse
I would have to agree. However a stingray would only route traffic through their IMSI catcher. Like a false tower. It's surely a possibility, but it wouldn't account for the suspicious behavior consistent with that of pta malware. This truly seems like a custom exploit someone created. It certainly isn't a Metasploit module.

Categories

Resources