Related
Edit: Uploaded new APK which is compatible with devices from Android 2.0 and up.
First of all, let me say this: I love Samsung smartphones, I myself own one, the Samsung Galaxy S, and these are great devices. Me sharing this information is only in the will to do good, so that people know how to protect themselves from this exploit and to pressure Samsung in fixing it on future updates.
What my exploit does it to obtain the user location, without the app needing any android permission AT ALL. Usually you could obtain the user location by using permissions such as ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION or even via Internet. The thing is, by using one of those, the user is alerted that that particular app will have access to those permissions on the device, but with my exploit the app is able to get the same info without issuing any of those. Also, this does not rely on having Root permissions on the device, this exploit works on out-of-the box devices.
The reason why this happens is because a certain widget (accurweather widget that comes with the phone) on some modern Samsung phones places the info about the location readable by every app in System Properties, its hidden from the 'naked eye' if you're just looking at the API, but you just have to know its name to get it. So these next 2 lines of code will get you the information used for the exploit (go ahead and compile your own version if you're afraid of my APK):
String value1 = Settings.System.getString(getContentResolver(), "aw_daemon_service_key_city_name");
String value2 = Settings.System.getString(getContentResolver(), "aw_daemon_service_key_detail_info");
The problem is even more serious than I first though, because you only need to have the widget on the launcher once, and that info will remain in the system informations when you remote it from the launcher, even across reboots or even if you clear the widget's data and cache (pretty scary :S). Sometimes (I don't know why exactly yet) the info goes away for good, but only if you don't have this widget on your launcher!
So, what devices does this affect. From my tests, it affect the Galaxy Note and the Samsung Galaxy S II, but it should affect much more new Samsung devices probably, I just didn't test. I have a SGS but since I run cyanogenMod there was no point running it there either (cyanogenmod ftw! ).
Of course you might be wondering right now, that if you MANUALLY set the place to some strange place on the widget (let's say a remote village in China) what is reported by the exploit will be that place, but it seems to me that most people will be using this on "current location" setting.
So my truly advise is, root the phone and remove the widget for good (needs root because it is a system app). If you don't want to root the phone, then just manually change the place of the widget to something else.
In this thread I leave the simple app that shows you if your device its exploitable, and if so it shows you SOME of the information that could be exploited. As you'll notice during install, no permissions are required, nor the app will at any time ask for root permissions.
Market link to same app: https://market.android.com/details?id=com.pedronveloso.samsunglocationstealing
Indeed, very good sharing...
Keep the good work...
Cheers
Fortunately i don´t use TW....
"Issue parsing the package" error and does not let me download in the market as I'm on an LG Thrill. I would however like to see if the Thrill/O3D's Accuweather widget is also prone to this issue. Thank you.
So would it be enough for Accuweather to be updated (once its patched), or is the problem deeper then that?
Simple solution for me, just removed it.
Will search for an other weather app.
We have a class action lawsuit against HTC/Accuweather going on over on the HTC EVO side, although our accuweather issue is it's transmitting location unencrypted in plain text to advertisers.
Wonder if this could be modified to work with the Sprint/HTC accuweather
Snuble said:
So would it be enough for Accuweather to be updated (once its patched), or is the problem deeper then that?
Click to expand...
Click to collapse
From what I understand, the data is pulled with no permission or anything only because it's a system app. Remove it and be safe.
I knew I froze the app for a reason! Thanks for sharing your discovery.
Snuble said:
So would it be enough for Accuweather to be updated (once its patched), or is the problem deeper then that?
Click to expand...
Click to collapse
I don't know for sure yet, but I'm guessing it probably could. The thing is, I think accurweather its a modified version for the Samsung phones, so only a ROM itself would carry such update, and we know how long those take :\.
bedwa said:
"Issue parsing the package" error and does not let me download in the market as I'm on an LG Thrill. I would however like to see if the Thrill/O3D's Accuweather widget is also prone to this issue. Thank you.
Click to expand...
Click to collapse
Was probably because I made the minimum SDK equals to Android 2.3.3 . I've fixed that now, on the attachment and on the Market, so go ahead and try again please
Could anybody do me a huge favour, all i need is a screenshot of the results this application gets (a real location)
Im doing a dissertation on android gps forensics and it would be useful and as i dont have a samsung myself i cant do it.
Phil750123 said:
Could anybody do me a huge favour, all i need is a screenshot of the results this application gets (a real location)
Im doing a dissertation on android gps forensics and it would be useful and as i dont have a samsung myself i cant do it.
Click to expand...
Click to collapse
This an earlier screenshot I have, almost the same but field names are in portuguese, however the info extracted is the same and reads in English so you can get the idea.
Thanks a lot just what i needed!
Hi, very good work.
it's possible to know which version of accuweather you refer?
Reports null on my samsung
Sent from my SGH-T679 using XDA App
Edit: Important: The newer V4 version of LeSec may no longer be usable for non-Chinese speakers. See this post #17 here, also to discuss alternatives
For all you Lenovo users out there,
I wanted to (re-)introduce this application. Because I have the impression that many Lenovo phone users rather quicly move on to migrated ROM's from for example APKHOT/Smileyvvv/Etotalk etc, where this app is cooked out.
You may want to reconsider going back to it, if it will still work on your phone with whatever ROM you have. It is really a very useful utility:
Firstly, it is a virusscanner. Not sure how useful a virusscanner is on Android, and as I want to avoid that discussion in this thread, that is the last I say about it.
It is also anti-spam. You can black- or whitelist SMS and Calls. See screenshots for an impression. Very useful.
Anti-theft is there. Send SMS upon SIM change, or remotely instruct the phone to send location or self-destruct. I suspect, but did not try, the SMS instruction is stored in /system, so a data-wipe will not undo this. But a good hacker will fully flash, so it only protects against noob thieves, like all anti-theft apps.
But those are common functions, readily availible in other apps. But now for the interesting feature:
It has a firewall. If that is the correct name. Or an app-wall. An permission-wall? You know those apps that you download that for some reason want permission to send SMS? Why does it need that? Or why does it want to read my contacts?
Well, you can per-app decide to block a permission. This app does not need to read my contacts. That app does not need to send SMS. And it will show you if an app tried to anyway. How cool is that?
Guest- and Childmode. Hide some apps. After all, we do not want junior to see daddies tripple-X rated apps. Or the wife. Which is why you can also hide certain contact's and call-history entries (wink, wink). It may also apply to banking apps and your bookie, though that is a bit more boring. Oh, and in Child mode the radio turns of as we want to protect junior from radiation...
Some of you that use Etotalk or APKHOT ROMS may have noticed the notification area buttons to these last two that were dead because this app was missing.
We could of course worry about whether this app in itself is not a spy, reporting everything you do to the Chinese government. But you may not be aware that this is true for *any* Chinese clone you buy. Typically those clonemakers do not release the kernel or framework source, so such a spy would be in there, not in a de-installable app. And if you are really worried about it, make sure you get a phone where you can install CyanogenMod compiled from source.
Personally, I doubt either Lenovo or China is interested in me, and if they do it means they have a Infinitesimals bigger datastore to clog their machinery before they find something on people like Liu Xiaobo or Tenzin Gyatso, which is actually a good thing. But I suspect the app is simply without such sinister intentions.
Anyway, attached is the version I got from my phone. From a Lenovo A750 ICS 4.0.3 S306. But I suspect it works with any phone that uses the Lenovo Framework, so any Lenovo ICS phone that has a not too heavily modded ROM. It did also work on the ICS 4.0.3 Lenovo P700 ROW S113 (Rest Of World edition) edition.
I provide update.zip installers for MT6575 and MT6577 (because I know their partition table). It probably also works on Lenovo Framework phones based on MT6573/MT7513 or even MSM7227/MSM7527, maybe even GB ones. But then you need to take the two *.apk files from inside the zip file, and copy them manually into /system/app, as the update.zip installer will not work for that.
But do try, and please report back if it does or does not work on your phone/rom. There is also an uninstall package. Oh, and you are messing with /system, so as always, at your own risk, ensure you can always flash back a working ROM or have a Nandroid backup before you experiment.
Your zip didn't work on my A789, which is using the apkhot based rom available on forum.china-iphone.ru. After extracting the apk files, copying to /system/app and manually setting permissions, it's working like a charm.
Thanks, I really missed it. On the most recent cooked roms, I miss many things available on the Lenovo official ones, like the fm transmitter, or the butterfly-like widget on the default home screen. Some cookers tend to leave out any non standard apps without even taking some time to know what they do. Not all Chinese apps are rubbish or impossible to understand, and Lenovo is a serious company.
Ok, here you have the FM radio and transmitter of the A789, but it probably does not work, as it is Odex'ed.
And I uploaded seperate installers for MT6575 and MT6577
Also, on your APKHOT, please confirm it actually blocks permissions and blacklists SMS. I am not sure how much the APKHOT deviates from the Lenovo Framework, so merely being able to install and configure may be too soon to tell.
PS: why not try my factory-cleaned A789 ROM? It comes with all those apps by default, and I now have 3 positive feedback.
Come to think of it, why did I take this security app from A750, when A789 is newer....
Edit: Because they are both the same version. In fact the LeSec has not changed since Dec 2010, according to the internal dex binary.
I have tested call blocking and it works, but it isn't so important, since call blocking is a built in feature of the Mediatek framework. You can block calls from any contact you have on your Google account just out of the box, and it works great. I've tested older phones which used older Mediatek chipsets and that feature has been part of the Mediatek framework since MT6573.
The FM transmitter won't work that way, since it is odexed. But it doesn't work deodexed, either. I've just got a deodexed version of the app, thanks to a friend from another forum, and it doesn't work very well. It works, but I had to stick the phone to the antenna on my radio in order to hear something. People I've talked to say that the transmitter works great on the stock Lenovo roms, so maybe it's just some incompatibility with the apkhot roms.
The only reason I'm not using your rom (which I have downloaded) is that I wanted to setup the phone in Spanish, and the rom I'm currently using is the only one I've found which contains that language. Just a quick question: is there any noticable performance increase on the s227 based roms? If so, I don't care using the phone in English, since I just want the most feature rich rom.
Thinking it twice, I've remembered another reason. One of the things I like most about the apkhot rom I'm using is that the external sdcard is mounted on /sdcard and not /mnt/sdcard2, which avoids problems with many apps. I tried one of the newest apkhot roms, based on s227, and none of the tricks to exchange /sdcard and /mnt/sdcard2 worked with it.
I'll reply to that in the A789 thread, as we seem to deviate from the security app.
cybermaus said:
Edit: Because they are both the same version. In fact the LeSec has not changed since Dec 2010, according to the internal dex binary.
Click to expand...
Click to collapse
I remember there was an update of that app on my A750 with your ROM. Now with apkhot I installed that package posted above and I have the older / original version. But there is no update offered...
That was probably on the S148 Gingerbread ROM. That one has an older version. I know, because I messed up trying to install it, as I had that older GB version and the new ICS one both in my Titanium backup. Also, the Dec 2010 date is probably false, I just got OTA ROW_S114, and it too had all files timestamed to Dec 2010. But I am certain the LeSec from S306 and S227 are the same, the binary compared identical. Official version is V3.5.1.3.5.2.0041 and the update button tells me there is no newer.
Every so often it does update the virus/blacklist signatures, but that is not the app itself. Current virus signature 2012.09.14 Current harasment (blacklist) 2012.07.11
But if you find a newer one, please do let me know.
I've been trying LeSec further and it works, but I found a problem I wasn't able to fix, so, until I found a solution, I've freezed it with Titanium Backup. The problem is that I'm using Go SMS Pro, instead of the default messaging app, since I need to write SMS in Spanish and the default app doesn't support Spanish characters like accents, etc. Go SMS Pro works, but every time I send an SMS, LeSec thinks an unauthorized app is trying to send an SMS in the background, and shows a popup to let you decide whether to allow it or not. I haven't found a way to disable that, and it's a bit annoying having to click two buttons everytime I want to send a message.
Its probably a silly question, but you did go into LeSec->ChargeShield-SMS and ensure that your app was allowed to send SMS in background?
Probably for reasons of 'likely form of attack' the SMS apps are (unlike other permissions) by default in a 'Warning' setting, but if the warning does not come to the foreground on your phone, it may simply not work.
Also, rather than freezing LeSec completely, you could go into ChargeShield, and simply turn of the ChargeShield.
cybermaus said:
That was probably on the S148 Gingerbread ROM. That one has an older version. I know, because I messed up trying to install it, as I had that older GB version and the new ICS one both in my Titanium backup. Also, the Dec 2010 date is probably false, I just got OTA ROW_S114, and it too had all files timestamed to Dec 2010. But I am certain the LeSec from S306 and S227 are the same, the binary compared identical. Official version is V3.5.1.3.5.2.0041 and the update button tells me there is no newer.
Click to expand...
Click to collapse
No, I used the S148 just some days and updated to your S306 V1.2 and simply stayed there, because it works very well. After some time it offered me an update and the user interface changed a bit with that update. The way how you set privacy on app level and so on. The update button itsself never worked for me either.
Sadly, backup never worked on that rom. I found that out as I wanted to try apkhot. To be honest, I didn't try on apkhot, yet.
A few minutes ago, I was offered a 4.1.4 version and installed it. Now it's purely chinese
Maybe I have to reboot the phone for english...
From the design it is a version newer than the version I wrote about...
leFloyd said:
A few minutes ago, I was offered a 4.1.4 version and installed it. Now it's purely chinese
Maybe I have to reboot the phone for english...
From the design it is a version newer than the version I wrote about...
Click to expand...
Click to collapse
Well, before you put the old one back, safe this one for me will ya.
cybermaus said:
Well, before you put the old one back, safe this one for me will ya.
Click to expand...
Click to collapse
I don't want the old one back - I want this one to be english
How do I save it? Any idea where it has downloaded it's update? This was done within the app...
Well, it would have simply replaced the two apk's in the /system/app folder.
So look for:
LenovoSafeCenter.apk
LenovoSageWidget.apk
or something similar, it could have changed its name, or added a 3rd component.
Got the files?
Sent from my Lenovo A750 using xda app-developers app
Well, it seems that Lenove Security (LeSec for short, and LenovoSafeCenter officially) is becoming less usuable. As mentioned above, it is fully Chinese, no Engrish anywere.
I had a look at the new V4 of it, even decompiled it. Not only 100% Chinese, but is hardcoded in the app, there are no resource xml files that we could translate. A big pity.
Also, there is one app (Waze, a social car navigation app) that in the latest version is incompatible with LeSec. Though it is at this moment the only incompatibility I ran into, it is also a pity.
That may mean we need to find an alternative:
For now, these two has shown up:
LBE : Somehow, I think LBE is actually the company that makes Lenovo LeSec. Or at least, there logo is shown in the about menu of LeSec as part of the "in cooperation with" mentions. Maybe the reason why the free LeSec is limiting itself?
Anyway, I am trying out LBE at the moment, to see how it works.
pDroid : pDroid looks promising. Specifically, they are promising ICS support, but right now, only GB, so one to keep an eye on, but not availible to us just yet.
Permissions Denied : A Paid app. But if it works well, it may be worth it. Not looked at it yet.
So, LBE seems to work well. It does not have the hiding of apps for 'child mode' and 'privacy mode'. Nor does it have the 'anti-theft' or 'virus-scan' but it does the permissions thing well.
I tested, it nicely prompted/blocked permissions. And to be honest, using a slight more clear interface. If it is permissions, which was indeed what I was after, LBE seems to do the job. I also like I can block internet use separate for 3G and Wireless. Very useful.
One problem though: Waze is failing in the same way as with LeSec. Even if I make it a 'trusted' app. It seems the latest version of Waze simply does not like to be looked at too closely.
anti theft
I cannot input number In anti theft . for ex if I write +35989xxxxx I need two more digits but it does not allow it. If I write in national format 0899.... I have to write more digits than the phone number has. Any solution?
As mentioned, while I started enthusiastic about LeSec, it is now focussing too much on China alone. Not as good internationally.
Try using one of the other anti-theft solutions.
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Elanguescence said:
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
I heard my company is planning to go with these soon for entry level supervisors such as myself. I'm trying to figure out exactly what it is. All the specs and brochures from Motorola keep calling it a mobile computer in a smartphone "form factor" but never actually call it a phone. I didn't see anything in any of the specs to lead me to believe for sure that it was a phone or if it was just an Android computer in a smartphone form factor.
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Thanks.
- Byron
bfollowell said:
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Click to expand...
Click to collapse
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Elanguescence said:
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Click to expand...
Click to collapse
Thanks for the info but it looks like mine is going to be crippled.
Sort of a let-down really. Yes, it "can" be a phone. Or without a sim card it can be a really powerful Android based mobile computer. That's what it is going to be for most of us. Only a few supervisors with area management approval are going to get units with the phone features working. Still cool. Just not as cool as I'd thought it was going to be.
- Byron
bfollowell said:
Thanks for the info but it looks like mine is going to be crippled.
Click to expand...
Click to collapse
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Elanguescence said:
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Click to expand...
Click to collapse
I don't think they're doing anything all that special to cripple it. They just won't all have sim cards or a cell plan. Pretty much as simple as that.
I won't be doing anything to circumvent that though or rooting it or anything like that. It's not like it's a gift and it belongs to me or anything. After almost 22 years, I've kind of grown to like my job and getting a paycheck every two weeks.I'd kind of like to keep it for another 15 or 20 years. Who knows, maybe my manager will decide that I need cell service with mine.
I work for a large automaker in the U.S. We have over 2.8 million square feet under roof. Personally, I can be anywhere on in the plant, on the roof, in pits & sub-basements underneath or anywhere on or near the 50 acre plant site at any given time. A lot of what I need to do on a daily basis is through our intranet portal. They're putting in something like 500 new wi-fi repeaters/extenders all around the plant as well. They're purchasing these for over 300 first line supervisors at my site alone. I'm pretty sure they're doing this corporate-wide so I hate to think what they're spending on these things as a corporation. I'm sure it would bankrupt many small nations! In addition to giving us portal access away from the desk, these are meant to replace our aging industrial radio system. As expensive as these are, they're still much cheaper than $1.5 to $2k per person for a radio that has no other built-in functionality and these do seem pretty ruggedized.
Still a shame about the phone functionality though.
- Byron
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
FYI, in case anyone's wondering, there is a version with Google apps on the way (if it isn't already orderable).
Sent from my Moto X
tfnico said:
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
Click to expand...
Click to collapse
Browser is a standard one, which comes with other devices. Name is Browser.apk and version is 1.0.9
It's possible to install unsigned APK's without rooting.
google account
Hi,
I got stucked with trying to get google calendars from my google account to TC55.
I found one solution to setup google account as a corporate one, but it's not available anymore due to change in google policy.
I can setup google mail via email account, but that doesn't bring me my calendars to the device.
I tried to install gapps but without success.
Is there any other way?
Thanks.
Motorola work on google apps for TC55.There is in beta.
Elanguescence said:
... here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
Obviously u rooted, can u install gapps in it?
RjCode said:
Obviously u rooted, can u install gapps in it?
Click to expand...
Click to collapse
No idea, I haven't tried. As far as I understand gapps are usually installed via flashing a zip from recovery, and the stock recovery of the TC55 does not have that option, it only allows reflashing a whole image, if I understand it correctly. Either way, I have come to appreciate the open source alternatives and do not want to get Google on my phone, so I will not try, sorry.
However, going by this thread over at the Motorola support forum, it seems it won't take long until there is official gapps support:
https://developer.motorolasolutions.com/thread/4989
Motorola has now released a TC55-firmware with Google apps. Here are the release notes:
https://atgsupportcentral.motorolasolutions.com/content/emb/docs/ReleaseNotes/Release%20Notes%20-%20%20TC55_RevAPlus_GMS_01%2074G_v10.htm
According to the support email they sent me, to get the actual release you need to perform the following arcane ritual:
Resolution Type is : Software Download
Resolution Id is : 95562
Resolution Title is : TC55 Update Image v1.74 with GMS (Google Mobile Service) Release Note & Factory Reset & Enterprise Enabler package
restrictedSW :
T55N0JGMVRUEN17400.zip 321 MB TC55 OS Recovery Update package
T55N0JGMVAUEN17400.apf 321 MB TC55 OS update package file for deployment using MSP
If you require access to OS files for TC55 1.74 GMS then call the local Support Desk and provide following information:
a. Site ID
b. Serial #(s)
c. Phone #
d. Customer name (First and Last)
e. E-mail address
Click to expand...
Click to collapse
Don't ask me what the local support desk number is, or the site ID, or why they have to make this so complicated.
Hi Elanguescence,
I think I screwed up my tc55 by enabling the multiuser function without first creating the white list. Now all the users (with admin rights) does not have access to all the programs, including Applock Administrator and Multiuser administrator.
To cut things short, do you know of a way to reset the device? I don't mind setting it to factory default and start over. I've googled it and some said to launch Rapid Deployment and scan a barcode from there... but my Rapid Deployment just says "Service Not Ready, Please Wait" and get stuck there.
Any help appreciated. Thank you.
Any TC55 users here? Should be getting my unit w/ GMS soon... How do you guys like it?
Is the bootloader locked?
Sent from my Moto X
Hey!
I want to Buy one TC55 for me. Normally i hate Android and the Google stuff on the Phone but some Motorola Salesman told me there is a version with out.
Now i use an Sybian Device. That mean i am "offline" the hole time and when i need Internet the Phone connect the the Internet.
So how about that phone can i work "offline" to?
I will also use an VPN Tunnel to block on my backend all Connnection i dont want. Does all Data trough this VPN Tunnel ?
How about the Barcode Scanning does it work good?
I know for 2D i need to use the Cam but how works it when i am in some other Application?
Nobody?
Ok. I just bought a TC55 from a Friend and I was wondering if someone would post the update to get GSM and the Factory Reset packages. I went to the page and it requires all the information posted above before. Mine is rooted, but i am trying to install GAPS but the recovery is the basic and cannot. I manually installed Google Play and the Google Play Services but Google Play services keep crashing and the Play Store will not connect, any ideas ?
the are 2 versions one with google s... service and the other without.
So i belive you have the first?
(Can i ask you some question about that phone?)
Yesterday after updating The Guardian (beta) app, I got a message that the app contains a virus and it should be removed immediately - so I did.
Today, I tried to figure out why, as I don't install anything outside playstore; what I found out was that, despite thinking that I have disabled it, Avast (which lives somewhere inside phone manager) checks every app upon installation. Running a scan showed, to my surprise, that I have another 4 apps with different virii!
Long story sort, by updating virus definitions from about one month ago to the most recent version, it doesn't detect any virus anymore.
Having said that, how can I permanently disable it? It is ridiculous and probably a security fail that a system app that is not controlled by Huawei or Google can download and run code on the phone.
Anyone else experienced the same?
supersakis said:
Yesterday after updating The Guardian (beta) app, I got a message that the app contains a virus and it should be removed immediately - so I did.
Today, I tried to figure out why, as I don't install anything outside playstore; what I found out was that, despite thinking that I have disabled it, Avast (which lives somewhere inside phone manager) checks every app upon installation. Running a scan showed, to my surprise, that I have another 4 apps with different virii!
Long story sort, by updating virus definitions from about one month ago to the most recent version, it doesn't detect any virus anymore.
Having said that, how can I permanently disable it? It is ridiculous and probably a security fail that a system app that is not controlled by Huawei or Google can download and run code on the phone.
Anyone else experienced the same?
Click to expand...
Click to collapse
as for my knowledge, android phones wont get affected by any kinda viruses bro
Rommco05 said:
I'm not sure about that. For example Malware and u still sending email, files... so u can send anything with this files (ransomware, malware...) maybe I'm wrong...
Click to expand...
Click to collapse
any kind of virus, even ransomeware, wont affect android smartphones!
always remember, linux machines and android machines never get any virus..
so, i recomend not to use any antivirus and bull**** apps which claim to free up ram for you!
i never used any antivirus apps from my first phone till now, and im now using my 11th phone
Rommco05 said:
Ok, so u received some infected file, in android nothing can do, but u can resend his to some pc, no?
Click to expand...
Click to collapse
that might cause problem to the pc you are sending the infected file to!
Rommco05 said:
...and if u have antivirus in phone, u know about that and can do something...
Click to expand...
Click to collapse
and antivirus apps of Android are not much effective scanners when compared to internet antivirus PC software, so, you will be having a very low chance of knowing any presence of a serious virus like ransomware
and if you could find out that the file is infectious, off course, you can delete the file or can do something about it so that it won't affect any PC, if you accidentally forward it to someone
Well , u will also see poor results if the last antivirus definitions updated are too old.
Hello,
Did anyone read the post? I am talking about the embedded antivirus that exists in this particular phone's firmware, which is powered by Avast. I didn't install it myself.
As for viruses: a lot of inaccuracies in the posts as well. Linux can get "viruses" - a better term would be malware. Android, especially the rooted ones, can also get malware that can persist reboots and in some cases even flashes. However, the kind of malware this particular antivirus catches is mostly in terms of spyware - the use of a toolkit that might try to steal sensitive data from your phone.
In any case, I was talking about a malfunction of this antivirus - which I cannot remove or disable - and I was wondering if anyone else witnessed anything similar. Now, if you don't even know that you have a version of Avast on your phone.. well.. that's a different story.
Dear friends,
i am struggling with a strange APP named "Chromes". It seems to be undocumented (i googled a lot).
The only thing i know is that IT INSTALLS ALONE without any visibile message. After a Factory reset i found it (AGAIN) in the phone.
I couldn't SEEK what / when / Who installs it in my phone.
It gains telephone and archive rights without any ask to me.
I also know that my doogee phone suffers of a vulnerability (never closed) by DOOGEE and i don't know if it'd be related with it.
No clue.
Does anyone have had the same experience? Does anyone have EVER seen it?
Let me know please.
Best Regards.
EDIT: ****warning: I remember to everyone that ROOTING/HACKING/INSTALLING a different ROM in your phone may void the warranty AND can potentially BRICK your phone . Do it ONLY IF YOU KNOW WHAT YOU ARE DOING . I warned you.*****
edit 13/11/2017 *LIST OF REPORTED DEVICE AFFECTED WITH CHROMES (Malware) app *:
----------------------------------------------
Doogee Shoot 1
Gretel A9
UHANS A101
NOMU S10
Leagoo M8
leagoo M8 pro
----------------------------------------------
Report if you have it. Thank you.
i just found it on my phone too and started googling it.. and yours seem to be the only instance ive found so far.. i dont know what it does or where it comes from.. i can close it from the task manager but itll start itself again 3 processes that itself have about 2-3 services.. mostly ChromesService DaemonService and ChromesService2 the main proces seems to be signed from com.appclone.lyhj the second one doesnt have the daemonService and is signed from com.android.qnsettings and the third one had com.yunshi.market listed. again i dont know there they come from or whats their purpose.. and if they have anything to do with the ad popups i get since a few days now that dont seem to be app related since its the same popups for most apps .. apps that dont have those popups natively like whatsapp or facebook. i have since uninstalled pretty much anything and tried some antivirus but i guess its gonna be rooted and gets a custom rom. it is also a china cell called nomu s20 . after googling a bit it seems there are a lot security problems with my device.
edit: ive found something on this link i cant post because i am not a trusted user yet
also after running kaspersky antivirus it did indeed find something (as opposed to the comodo antivirus that kept silent)
it found Trojan.androidOS.Boogr.gsh as the chromesBase.apk and another one i just deleted without writing the name. it seems though this might be related to the Triada-Virus/trojan .. soo.. yeah it might be a good idea to save your stuff and not only try with a factory reset but completely reinstall the whole rom.
edit2: just deinstalling them hasnt solved anything .. the problem sits way deeper meaning it is definitely related to the triada virus. it just reinstalls the software again without anything showing.
edit3: found it.. it is indeed the triada virus on my phone ..
I have been dealing with that damned "Chromes" app for two or three weeks now (BTW, they appear two of them with the same icon and logo.)
MalwareBytes detects it as malware (Avast sometimes does, sometimes does'nt)
I have trie , for sure , uninstalling (completely unuseful) stopping all the apps I can (seems to have an effect in the reinstalling time ), and also keeping them installed but removing the Phone, Storage and SMS permissions, which, surprisingly, remain removed (until you uninstall the app)
I dealed in the past with the virus app on the Shoot 1 firmware, which turnaround solution (disabling the fake app) worked OK for me. But recently there have not been any fw update, so this time is not the firmware the responsible.
Any hint or help will be greatly appreciated.
¡Cheers!
Hi guys!
I'm having the same problem as you two. I can't believe that Doogee has screwed up on this again... (I also have the shoot 1 [nice screen ]) I'm surprised that, as you said, I've not found anything on the internet about this*. In addition, the application consumes a large amount of mobile data!
I hope there is an update soon, and that the problem is solved
Thank you all for your comments! Greetings from Spain!!
*Well, here they have the same problem
https ://android.stackexchange.com/questions/185520/how-to-get-rid-of-a-malware-app-chromes
Don't wait too much from Doogee. In fact don't wait nothing at all. They didn't solved yet the firmware virus that came with the first OTA update. We're alone...
And your GPS signal how is it going? In my case it does not get fixed to any satellite. Has someone managed to root it successfully? The truth is that I do not understand much about this, that's why I'm a bit afraid to do it.
I found this in a spanish forum, look at the last post (#19). (I think you have to translate it )
http: //ww w.htcmania. com/showthread.php?t=1291106
Summing up a bit, he says that Doogee sells mobiles with malware in the system. The fact is that they do it conscientiously. And then put a "solution", which is to install a firewall, so that you can control the internet connection of the applications.
Thanks again!
Some updates...
let me give you some updates :
1) the Shoot 1 phone is not easy to root with standard tools (kingroot & others: i tried a lot of them);
1) i successfully installed twrp with the FLASHTOOL and a specific recovery image TWRP + SU (if needed i can help about it);
2) I backupped everything (included malware of course) just to be sure i could go back in case of brick;
*** 3) I downloaded and installed the FANTASTIC lineage OS without any STUPID bloatware. ***
My phone is secure and fast NOW.
i warmly RECOMMEND all of you to root and update to lineage OS 7.1.2 (ver 14). Thankx to the lineage team! **they deserve a donation!!****
* about Shoot1 GPS *
i still didn't test it with the new LINEAGE and i will update you
Before i discovered the malware inside the GPS was not fixing correctly and in general not working like my previous LG or HTC
I was using an external BLUETOOTH antenna by using a middleware driver named Bluetooth GPS. Once you configured the driveer it works like a charm with tomtom and all GPS software ( i tested a lot). The external GPS solution lets the phone cold and free to charge during long gps travel session.
I will test anyway with the internal GPS again with the new LINEAGE ROM.
For any test or info write here and send me a PV message.
UPDATE: the lineage team is releasing the version 15 (development) with OREO. Anyway i will not install it soon. I am SOOOO SOLID now!
jmam said:
Any hint or help will be greatly appreciated.
¡Cheers!
Click to expand...
Click to collapse
Unfortunately you can't get rid of it. No one knows if there is another fake app or background service that loads it again. It seems to appear (after a factory reset) some days later (i.e. just the time to download from whoknowswhere).
The fact is that I CAN'T TRUST ANYMORE the Doogee and the entire ROM so i warmly suggest you to ROOT (via TWRP + SU) , backup all, and install a LINEAGE fresh n° 14 release for shoot 1.
i did it and it worked like a charm.
Chromes
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Have got the same "Chromes" problem on Gretel A9 mobile. Not rooted, only used Google Playstore for few apps. So frustrated and so little information on how to solve it for a non techie like me. Tried to contact Gretel who never reply. Still under an AliExpress warranty but not sure if malware stuff is covered. Needrom have the official stock rom for the A9. Do I have to root the phone to reinstall a clean stock rom? Can anyone point me to instructions on how to replace the stock rom? Thanks for any help.
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Deki-bg said:
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Click to expand...
Click to collapse
I struggled a lot to remove it with normal antivirus and antimalware.
It seems to BE NOT POSSIBLE without a rooted phone.
In my phone there were 2 problems:
1) the malware CHROMES
2) the injected system library (dunno what it does).
So , once i removed the CHROMES %$£"%$£% app....i could not know if it was related (or somehow connected) with the malware injected system library. So i couldn't trust anymore that factory o.s. and i replaced it with LINEAGE (atm something not working 100% like GPS) but at least it's clean and works.
I hope LINEAGE could support more chinaphones to get rid of the buggy malwared firmware from Doogee, Gretel and others Chinamakers
UHANS A101 affected as well!
CHROMES and
fake FACEBOOK app
garibald75 said:
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Click to expand...
Click to collapse
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
owlsman said:
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
Click to expand...
Click to collapse
If you can't ROOT it, try to open RMA or open a ticket, try (at least). I hope we can MOUNT CASE and create a bit of hype around this CRAZY THINGS .
In my case it doesn worth. The DOOGEE has a really poor website and we yellew there a lot about this malware.
No way to return. IT doesn't worth.
However tell them and try to have it swapped.
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
jimmy1235 said:
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
Click to expand...
Click to collapse
WARNING for all the users: THIS APK IS FOR DEVELOPERS. This apk CONTAINS a malware. it's *ONLY* FOR RESEARCH purposes. so Don't try to install it!!
the really interesting THING would be to know if it RECALLS some system service or other RESIDENT modules to complete the cleaning and to allow US to use the original firmware again.
Let's see if anyone can help us.
Well... This is getting REALLY deeply...
https://www.kaspersky.com/blog/triada-trojan/11481/
i tested KAV and other antivirus and malware removal tools.
KAV was not able to remove and to detect it.
the 1st (maybe not the only one) that warned me has been DR WEB ANTIVIRUS and it (also) couldn't remove it without rooting.
It's impossibile, though, to know WHAT / WHICH process is linked in memory or injected in the original ROM since the Chinese CRAPPYPHONES are full of bloatware and "weirdware" .
The trust is ZERO for them ATM.