Database Info

[Completed] Identify, locate, eliminate and prevent malware on several devices.

Hey guys!
This is my first post here, and I come with a problem that affects 2/3 android devices and possibly one desktop PC (Windows).
The problem:
I have malware on my devices and said malware redirects my current page to a russian advertising one. Most of the time i'm redirected to one that activates the vibration, knows the device i'm currenty using and says that I should run a virus scan with AVG.
If I hit return, the page just reloads, If I hit it enough times, I lose the page I was visiting as if I hadn't visited it in the first place.
Here
Code:
imgur.com/a/5dvVR
are some of the URLs I'm redirected to and sometimes, I happen to suffer the problem on the last page, where an ad sits in the middle of the page I'm visiting and If I close it, another tab opens and leads me to the addresses above.​
Symptoms:
This problem happens with Google Chrome, Mozilla Firefox and the built-in browser of "Reddit is fun".
This problem happens with and without a WiFi connection. It is more common to happen while on WiFi vs on mobile.
Sites like knowyourmeme.com, foxtrotalfa.jalopnik.com and albums on imgur.com can trigger the malware.​
Devices:
Definitively affected:
Lg G2 D-802 , Android 4.4.2
Galaxy Tab S 10.5" SM-T800, Android 5.0.2
Probably affected but not 100% proven:
Huawei Y600 (another carrier, but the problem happened on my GF's WiFi rarely on mobile), workphone
A desktop PC (the ad blocking the page happened just once)
Networks
This desktop PC is my GF's. It's in her WiFi signal that I usually connect and update the apps on my devices. In my house's WiFi the problem seems to happen as well on my devices but not on my Desktop PC (or perhaps it does, but I have ublock origin on my browsers).
However, I can trigger this problem on my G2's carrier Movistar and not on the Huawei's Carrier Telcel.​
Working on the problem:
Disabling scripts
The very first thing I did was testing disabling scripts (as suggested by one page I found on google), It did work, to some extent. However, I knew that this wasn't a solution but a workaround.​
Suspicious APPs
I know that apps are the main entrance for malware and since the problem DID happened on both devices (G2 and Galaxy Tab) It.HAD to be a common app, so I made a list of common apps and started by the less trustworthy.
I uninstalled and tested Advice animal creator, BS player free, zooper pro, Days counter widget, Disk Usage,electrodroid, ****ing weather, Google tasks organizer lite, GPS test, meme generator, system info for android,reddit is fun , add watermark and Think.
Keep in mind that these apps fill the criteria in which both are present on the phone and tablet and are suspicious to me (a very ambiguous term), however, I'm not stating that any of these have malware on them.
Sadly, after uninstalling and testing on the phone, the problem persisted.​
G2's Factory restoration (Through options menu, not recovery menu)
After going through a factory restoration on the phone, the problem persisted. The only things I had installed were Reddit is fun, facebook and whatsapp.​My request to you guys:
After all ofthis wall of text (in which I show the symptoms, what I've done, etc) , here comes my request.
Can you guys point me to the right direction?
I just don't want to wipe my devices without knowing what is the problem, how to eliminate it and, MOST IMPORTANTLY, how to prevent it.
What I want to discard is if the problem comes from my GF's network (If that is the case, a factory-through-recovery restoration would be useless), an app or just random malvertising.
I would hate to wipe my cellphone and tablet everytime I jump into this problem and that is not practical for me, I prefer a head-on approach.
Thanks in advance guys!​

Hi!
First, here is a little info on avoiding Malware, http://forum.xda-developers.com/general/general/guide-simple-steps-to-avoid-installing-t3000682
And another, http://forum.xda-developers.com/nexus-6/general/guide-little-guide-to-security-privacy-t3042460
As far as Malware you already have....there are malware removal tools on the Play Store...many of them to try.
And if all else fails, here are the device sections or the mobile devices you have.....you could ask for help in the Q&A sections...
http://forum.xda-developers.com/lg-g2
http://forum.xda-developers.com/galaxy-tab-s
Now, if you want to ask about all in one, and the PC....you could try asking or help here...http://forum.xda-developers.com/android/help
Good luck!

Darth said:
Hi!
First, here is a little info on avoiding Malware, http://forum.xda-developers.com/general/general/guide-simple-steps-to-avoid-installing-t3000682
And another, http://forum.xda-developers.com/nexus-6/general/guide-little-guide-to-security-privacy-t3042460
As far as Malware you already have....there are malware removal tools on the Play Store...many of them to try.
And if all else fails, here are the device sections or the mobile devices you have.....you could ask for help in the Q&A sections...
http://forum.xda-developers.com/lg-g2
http://forum.xda-developers.com/galaxy-tab-s
Now, if you want to ask about all in one, and the PC....you could try asking or help here...http://forum.xda-developers.com/android/help
Good luck!
Click to expand...
Click to collapse
Thanks Darth!
But as I said, I tried several apps and didn't find anything wrong.
However, I switched my focus to the possibility of a router infection, and oh surprise it seems to be the rootcause.
Here are some links that report being redirected on several devices to ads pages (I use code since I can't post links in a new account), in this case adsmatte.com:
Code:
http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/how-to-get-rid-of-adsmattecom-adware-opening/06b20667-586a-4ebd-9876-6d28c8528a1f?page=1
https://discussions.apple.com/thread/7052365
http://forums.androidcentral.com/moto-g-2014/528571-adware-redirects-most-websites-how-can-i-get-rid.html
http://www.asus.com/zentalk/forum.php?mod=viewthread&tid=8189&extra=&page=1
Then I tried searching for the page I get redirected to, somethingsomething.epara.ru, so I searched that last common part epara.ru (I thought I had done this before ):
Code:
http://forum.kaspersky.com/index.php?showtopic=334600
https://warosu.org/g/thread/S50749199
http://www.xataka.com/respuestas/malware-adware-en-todos-mis-dispositivos (SPANISH)
What is VERY suspicious is that many of the results, suggest downloading "Spy hunter".
Here are some examples:
Code:
http://solvepcproblem.com/remove-359198-epara-ru/
http://removevirusvideo.com/stop-epara-ru-from-redirecting-epara-ru-removal-tips/
Now, how do you solve it?
Simple:
Disconnect from any WiFi, clear your browser's cache (and even your OS's). CCleaner does a pretty good job for this.
Then go to your suspicious router and factory reset it (or ask your ISP to do that remotely) and update its firmware. After all thosesteps, you can connect again.
What the malware does is change your DNS towards a malicious one.
I haven't done that reset to my GF's router, but that should solve the problem.
Thansk for everything, and I hope this works for somebody else!

Glad you got it sorted. If you want to find further help on anything, use the links I suggested... And if you want to post info to help others, you could post here, http://forum.xda-developers.com/general/general
I'll close this thread now.
:good:

possibly keylogger

Hi.
I am using a.i type keyboard plus on every android device I have. I bough this app something like a year ago cause I like some of its unique futures. There is no illegal software on my phone, most of my apps comes from playstore and those are some of the highest rated apps. Ok, few days ago I installed NoChromo ad-killing browser on my G. note 3. To test it, I visited some of my favourite websites. I wanted to post a comment on one of the forums so I logged into site. When I started typing my comment, after touching first letter on on-screen keyboard- few lines of text appeared in the comment section. That text was basically everything I typed on my phone in last few days. I could clearly see my gmail password there,with google searches and so on, all without spacing obviously. I used few virus scanners, only Stubborn Trojan Killer found and removed some "suspicious file" but didn't give me ANY details. Cm security list all my apps as safe including a.i type keyboard. But it also gives you option to "read detailed behaviour" , where you have to open your browser to check what their "CM behaviour cloud" will tell you about certain app. The result for a.i type from their cloud is Android.MALWARE.at_fakeApp.g. I am not blaming a.i type for anything, as Im using it for few years (including free versions) and never had any problems. I believe there are keyloggers able see everything you typing no matter what keyboard app you using. I've changed most of my important passwords on my linux laptop, and not typing any important information on phones keyboard since then. I'll reinstall system soon. . So please give some comments if you have any conclusions. Thank you,please excuse my English.
Edit, I am attaching screenshot from CM security cloud

http://forum.xda-developers.com/showthread.php?t=1320091
This might be related somehow.

Signal Private Messenger

Hi,
I've discovered the description of "Signal Private Messenger" app, but I don't know what thinking about it.
Its description seem's to indicate that you can communicate voice and text securely end to end with your smartphone, and that it's open source.
What is really securely ? I don't know and "I want to know"
Thanks in advance for your answers.

Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!

equi_design said:
Hi, The short answer is Yes. Signal is by Open Whisper Systems & runs on iOS and Android. You can use it as a regular SMS/MMS app; as well as encrypted SMS/MMS/phone calls. To activate the encryption you need to exchange keys with the person you want to message.
Hope this helps!
Click to expand...
Click to collapse
Hi,
Thanks for your answer.
Your answer is a good summary of the app's features.
But what are you thinking about the word "securely" ?
Is it a dream or a reality ?
The app's editor highlights testimonies from known people who use it. Is it sufficient to trust this app ?
Has someone in this forum examined the code of this app ?

Nothing is completely secure.
In my opinion, & from my use, Signal is more secure than a normal messengering app - but less secure than a talk in real life.
If you are interested in security, please check out this XDA subforum; http://forum.xda-developers.com/general/security
And read up here: www.eff.org

Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.

jonathansmith said:
Hm, nice to see a discussion going on. Have just heard Snowden recommend the app so I thought I'd check it out. BUT, there is a but ... I intentionally blocked the app from any internet usage whatsoever with AFWall+ donate. I've set up my AFW to show a toast whenever it blocks an app trying to use the internet so that I know which apps try to use the net in the background without my permission or intention. To my surprise my AFW blocks Signal all the time when I use Signal. And I mean ALL the time. How does this make sense? Why would a privacy app try to connect to the internet constantly? I've not got WiFi calling and I've not even enabled it in Signal's settings. Am I missing something here or is there sth wrong with the app? It's making me feel that it is constantly trying to leak data and that's why it attempts to use the internet. Good thing I have a robust thing on board such as AFWall... best firewall out there.
Click to expand...
Click to collapse
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself.
If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.

@jonathansmith
Thanks for your detailed feedback.
It will be nice if someone in this forum could analyze the code of this open source app.
As for me, I am unfortunately not competent.
Were you able to identify with AFW the site the app was trying to connect ?

dtective said:
It's encrypted, end to end. It's not leaking anything. The code is opensource, you can go and review the code and build it yourself. If you're blocking it from accessing the internet, then it's going to try again, probably because it can see that there is a network connection live.
Click to expand...
Click to collapse
Thank you, that's exactly what I don't get. Why would it attempt to establish a connection. Ofc I'm blocking it. I'm blocking tons of others apps as well, but unlike Signal (and a few other suspicious apps) the other apps do not try to establish a connection.
As I said, when you block an app from accessing the net with AFWall you can tell AFWall to give you a toast showing you when every signle time when AFWall blocks a certain app trying to access the net. So, with 99% of my AFWall-blocked apps I don't get this toast, meaning that those apps don't even attempt to access the net (but better stay safe and have em blocked.) With some tricky apps though, AFwall shows that toast msg indicating that it successfully blocks a certain app from accessing the net. That's what I don't get - why would Signal be set up in a way that it would attempt to access the net. Prolly WiFi calling or sth but I'd rather use it for now only as a default SMS client.
Yes, you are right. Signal can see that there is a network connection live and that's why it constantly tries to connect to it. Just wish Signal would get it once and for all that it is blocked for good and stop trying to access the net.
If anyone knows which Services, Broadcast Receivers, or Activities from Signal should be disabled (using MyAndroidTools for example) please do share which ones they are so I can disable them and thus prevent Signal from constantly trying to establish a connection. The toast msg from AFW does become annoying when it is every second second
---------- Post added at 11:39 AM ---------- Previous post was at 11:33 AM ----------
iwanttoknow said:
Were you able to identify with AFW the site the app was trying to connect ?
Click to expand...
Click to collapse
Maybe gotta look into the log of AFW. The toast msg only shows the ip address which Signal ties to connect but AFwall prevents it form doing. But that's not the prob for me. Doesn't matter too much what it tries to access cos I know AFWall is good enough at preventing that. Just want to stop Signal from trying to access whatever it is trying to access! Will let you know if I figure it out!
---------- Post added at 12:00 PM ---------- Previous post was at 11:39 AM ----------
equi_design said:
Nothing is completely secure.
And read up here: www.eff.org
Click to expand...
Click to collapse
I second that. Nothing is, indeed! And thanks for reminding me about eff ... here's a good one - https://www.eff.org/https-everywhere @iwanttoknow check it out!

And here's a bit of a follow-up. Managed to catch the toast. Not sure if it is always the same ip that AFW blocks, but will try to pay attention. A reverse search reveals that the geo location of the ip is some place in Washington, US.
https://imgur.com/a/5fhIf

As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?

nutpants said:
As I understood it
(And I could be wrong I left signal years ago when it was text secure)
Signal does NOT use sms to send messages
That functionality of the app was dropped a while back
It uses internet only to transmit encrypted messages
And it uses its own message server to host your messages.
It seems like decent software
I abandoned it because it uses your personal phone number as your identifier..
And it will not work with out a phone number..
Which for me is just crazy as every government in the world and most phone companies are selling /tracking your "meta" data based on your smart phone and it's phone number.
Think of it as any other encrypted internet message system
But it uses your phone number as an identifier...
Everyone gets my pubic email address now for communication.
Cops, government, hospital, work, stores,etc
It's the 21st century. Why use a phone number for anything anymore?
Click to expand...
Click to collapse
You have to go back in time when the app was called Textsecure and it provided end to end encryption for SMS. The app was available on F-Droid until someone discovered that plain text sms were saved unencrypted on device. After that, the dev temporarily closed the source and also demanded that the app be removed from F-Droid, because in his view distribution on F-droid was "insecure." Well, that hole was fixed and the following versions worked pretty well. About the same, time, the dev started to be bothered by TSA every time he travelled by air. Then, within a few subsequent releases, google binaries and internet permission were included. Then, the app started to crash if internet service was restricted. In addition, you could only get the app from Googleplay, which means, you must have Gapps and Google Services Framework, which has total control over the phone and regularly "phones" home (obviously not your home). GSF can get your outgoing text before encryption and incoming text after.. Despite all of the above, one could still compile the app and use it without GSF. Then suddenly, the dev announced that he would no longer support encrypted SMS. About that time, he started receiving literally millions of $ from a US government's backed foundation. In addition, he was offered a lucrative contract to do encryption for What's UP, which later became Facebook. Quite a change after being harassed in airports So, encrypted sms were dropped and the app turned into an internet messenger. You must register with your phone number; your data goes through Google servers and Whisper System's servers. And by the way, neither the Signal servers nor Redphone servers are open source. You can't use the app unless you have Gapps and GSF and if you use the app, you are known to Whisper Systems, Google and all 3-letter agencies...
This is not the first time I am posting on Textsecure/Signal, just do a search on XDA and F-Droid forums and you will find more info with links. I would stay away from anything coming out of Whisper Systems. Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
And by the way, never use an app where everything: encryption, encryption method, registration, servers are in the hands of one entity, which won't allow you to use other servers...

nutpants said:
As I understood it ...
Click to expand...
Click to collapse
You might be right but for normal unencrypted messages Signal uses simple SMS. Have tried it and without any WiFi or data it simply sends a msg as an SMS. So far so good but u might have a point. I'm yet to test with someone who also has the app installed and see how encrypted msgs are transferred. I'd imagine it NOT to be over the internet, but then again you might have a point? Why? Because as I said I've blocked Signal with AFWall and I get a toast showing that Signal CONSTANTLY tries to connect to the internet when there is currently a live connection to the internet, be it Data or Wifi. So yeah, you might be right, but I need to test it out. In the meantime someone who has already done this would do us a favour by telling us how it works.
Using my personal phone number as identifier does not sound cool indeed. If you are right about this: 'It uses internet only to transmit encrypted messages. And it uses its own message server to host your message' then I guess I'm ok with using the net for transmitting encr. msg since they are encrypted with E2EE. As to where the msgs are hosted. I guess I'm better off having them stored at Signal's server than at Verizon's cos from Verizon they end up DIRECTLY to the government. I guess with nuff persuasion and money though they'd also end up there from Signal. It's the way of the world, isn't it? Also, as I mentioned in my last post, the IP which Signal constantly tries to connect to is in Washington. That's already fishy enough .... very fishy!

optimumpro said:
Use Silence, which is a fork of Textsecure with encrypted SMS. For over-the-internet services, use Conversations.
Click to expand...
Click to collapse
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.

unknown404 said:
How about apps like 'Wire' and 'Wickr - Top Secret Messenger'? Are they any good? Will give Silence and Conversations a try! 10x for bringing them up.
Click to expand...
Click to collapse
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...

optimumpro said:
Wickr is not open source. So, for me it is out of the question. Wire sounds good, although they say they can terminate your account at any time. Also, they say the company is based in Switzerland, but the location for dispute resolution is San Francisco. They also say they can require you to download/upgrade the app, which means that if you want to stay on older version, they won't let you...
Again, I am against models where everything is concentrated in the same hands...
Click to expand...
Click to collapse
I guess I'm ok with Wickr's being closed source (but then again what do I know ... the discussion about open vs closed source goes both ways so more opinions are welcome). Just don't get why I made an account there and now trying to log back in I'm told the credential are wrong. Weird!

Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?

iwanttoknow said:
Hi,
In my first post, I was asking your opinions about "Signal Private Messenger" app.
Thanks all for your answers.
In your answers, I have discovered the names of Silence and Conversations apps.
Which level of confidence for them and why ?
Click to expand...
Click to collapse
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.

unknown404 said:
I'll be happy to hear more opinions as well but as optimumpro said, Silence really seems solid and offers E2EE, which is what I need. Have tested it with other users and seems good so far. Can't say anything about Conversations cos I've not used it yet. I read good stuff about Wickr as well, but yeah ... closed source deters many.
Click to expand...
Click to collapse
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.

optimumpro said:
Both Conversations and Silence are open source, unlike Signal, which contains prebuilt binaries and jar files. Also, neither Conversations nor Silence forces you to register or use their servers, which Signal does.
Click to expand...
Click to collapse
That I do second and that I do like!

Hi,
After reading some articles, I discovered that it was "easy" to assure End-to-end encryption (E2EE) for our communications. I share my understanding here, knowing that it's well known by experts in the domain. So thank you for being kind to me.
In fact, there is a difficulty for communicating parties who wanted to communicate without anyone spying their voice or written messages. They have to use cryptographic protocols relying on a shared secret. But how to share a secret on unsecure communication channels ?
It's "easy", due to the Diffie-Hellman cryptographic protocol which permits to do that. There are a lot of explanations about it on the Net. But it could be defeated by the man-in-the-middle attack (MITM). To counter this attack, you have "simply" to sign the shared secret with asymetric keys (with your secret key to sign the shared secret, and with your public key permitting to the other part verify it). If you are interested, see more explanations on the Net about asymetric cryptographic protocols.
I sincerely hope that I didn't say too much nonsense.
Silence app is based on Diffie-Hellman protocol, like other apps in the domain.
In summary, after reading your answers to my initial post :
- Silence app permits to exchange SMS/MMS, using E2EE.
- Conversations app is an instant messaging (IM) client for Android, using E2EE.
Signal Private Menssenger is an E2EE IM and voice calling app.
I have noted what has been written about Signal Private Menssenger in this thread, so is there a "less intrusive" E2EE voice calling app, in the same way as Silence ?
Thanks for your participation.

Huawei community forums...how to file bugs on Huawei phones?

I've been trying to log into Huawei's community forums for a while, but no matter what I try, it results in an error page. It's the most extraordinarily frustrating experience. I wonder if anyone else has any tips to getting logged in.
My main reason for wanting to log in, apart from having a general look for tips, etc, is to find out how to inform them of a bug in their OS. Does anyone have any recommendations for how best to do that?

In fact, I often log in the community forum as my mobile phone is a Huawei device. I would like to help you report the bug.
You may post your bug description here. You can write in English or in Chinese.
If it is in English, I will translate it by myself before submit to the forum .

James_Watson said:
In fact, I often log in the community forum as my mobile phone is a Huawei device. I would like to help you report the bug.
You may post your bug description here. You can write in English or in Chinese.
If it is in English, I will translate it by myself before submit to the forum .
Click to expand...
Click to collapse
Well, that's very civilised of you. I'll write in English, since that's the only language I know
Actually, I have three bugs - well, I think they're bugs, except, perhaps, for the first one.
1. This one isn't really a bug, but I bet the people on the Huawei forums can help.
FYI, I use a sim card from CMLink - SIM #1 [1], which piggy back off EE in the UK, and CMCC in China, and provide useful roaming plans for use between the two countries. They only provide data plans limited by the month, and I have signed up for their 22GB plan. To track usage, I have a P10 and have been trying to set it up to automatically calibrate the data usage measure on a daily basis. I think it does this by sending an SMS containing simply 'Check' to CMCC's service number '10086', and extracts the data from the response (not 100% sure about that, but hey). There seems to be a 'calibrate' button in the settings to do this manually (under the usage graph), but when I try I get the message 'Incorrect network provider. Reselect and try again.' I'd really like to get this going.
2. Related to above, I've set the setting to show the usage under the notifications when you drag down from the top of the screen. I've configured my plan information - ie 22GB per month, and starts on the 17th of each month. However, while the 'Today' seems to increase appropriately, the 'Left' is stuck at the maximum. I imagine the 'Total' is supposed to stay at 22GB. I expect the 'Left' to go down as I use it throughout the month.
3. This one is unrelated to above. If I open a browser and go to my web mail site, there is an option on the menu to 'Add to Home screen'. As expected, when I select that option, it does add an icon to the homescreen. Since it is something I want on every page of the homescreen, I drag that icon onto the row on the bottom of the screen that is shown on every page. I do that for a couple of web pages - my email and my calendar. At this point, it all works swimmingly. However, if I reboot the phone, then those icons seem to be moved back onto the homescreen, and also are 'greyed out' and placed under the clocks (the clock widget) I have placed there. So, that's not 'expected'.
What do you think?
Max.
Device info:
Model: VTR-AL00
Build number: 9.1.0.201 (C00E75R1P12patch02) GPU Turbo
EMUI version: 9.1.0
Android version: 9
Android security patch: 1 August 2019
Kernel version: 4.9.148
Network (I selected things that might be helpful):
SIM 1 (my UK CMLink SIM): China Mobile, LTE, SMS centre number - a UK number
SIM 2 (my Chinese CMCC SIM): China Mobile, EDGE, SMS centre number - a China number
[1] ...and also a 2nd one, SIM 2, which is a local SIM

James_Watson said:
In fact, I often log in the community forum as my mobile phone is a Huawei device. I would like to help you report the bug.
You may post your bug description here. You can write in English or in Chinese.
If it is in English, I will translate it by myself before submit to the forum .
Click to expand...
Click to collapse
You could also, if you would be so kind, help me fix my problems logging into the Huawei community forums...

davidmaxwaterman said:
You could also, if you would be so kind, help me fix my problems logging into the Huawei community forums...
Click to expand...
Click to collapse
What's your question about logging into that forum?
But as I found, it seems a community forum in Chinese. Almost all posts there are in Chinese. So, will you get any effective response even if you can log in it?
Maybe it's better to contact a local Huawei customer service center in order to get some helps. Do you think so?
---------- Post added at 04:55 AM ---------- Previous post was at 04:34 AM ----------
davidmaxwaterman said:
Well, that's very civilised of you. I'll write in English, since that's the only language I know
Actually, I have three bugs - well, I think they're bugs, except, perhaps, for the first one.
1. This one isn't really a bug, but I bet the people on the Huawei forums can help.
FYI, I use a sim card from CMLink - SIM #1 [1], which piggy back off EE in the UK, and CMCC in China, and provide useful roaming plans for use between the two countries. They only provide data plans limited by the month, and I have signed up for their 22GB plan. To track usage, I have a P10 and have been trying to set it up to automatically calibrate the data usage measure on a daily basis. I think it does this by sending an SMS containing simply 'Check' to CMCC's service number '10086', and extracts the data from the response (not 100% sure about that, but hey). There seems to be a 'calibrate' button in the settings to do this manually (under the usage graph), but when I try I get the message 'Incorrect network provider. Reselect and try again.' I'd really like to get this going.
2. Related to above, I've set the setting to show the usage under the notifications when you drag down from the top of the screen. I've configured my plan information - ie 22GB per month, and starts on the 17th of each month. However, while the 'Today' seems to increase appropriately, the 'Left' is stuck at the maximum. I imagine the 'Total' is supposed to stay at 22GB. I expect the 'Left' to go down as I use it throughout the month.
3. This one is unrelated to above. If I open a browser and go to my web mail site, there is an option on the menu to 'Add to Home screen'. As expected, when I select that option, it does add an icon to the homescreen. Since it is something I want on every page of the homescreen, I drag that icon onto the row on the bottom of the screen that is shown on every page. I do that for a couple of web pages - my email and my calendar. At this point, it all works swimmingly. However, if I reboot the phone, then those icons seem to be moved back onto the homescreen, and also are 'greyed out' and placed under the clocks (the clock widget) I have placed there. So, that's not 'expected'.
What do you think?
Max.
Device info:
Model: VTR-AL00
Build number: 9.1.0.201 (C00E75R1P12patch02) GPU Turbo
EMUI version: 9.1.0
Android version: 9
Android security patch: 1 August 2019
Kernel version: 4.9.148
Network (I selected things that might be helpful):
SIM 1 (my UK CMLink SIM): China Mobile, LTE, SMS centre number - a UK number
SIM 2 (my Chinese CMCC SIM): China Mobile, EDGE, SMS centre number - a China number
[1] ...and also a 2nd one, SIM 2, which is a local SIM
Click to expand...
Click to collapse
Your three question are really confused and difficult to understand for me as I never used a CMLink sim card.
But I will try my best to get to know your situations and help you as more as I can.
First, let's clarify your 3rd question.
On my Huawei phone, there are at most 5 icons on the row on the bottom of the screen that is shown on every page. Every icon here for apps on my device works fine even if I reboot my device. So, is it a defect of the couple of web pages - email and calendar?
Try to drag an icon of another app or widget there. Check if it will work well, please.

> I never used a CMLink sim card
I don't think there's anything special about the CMLink, except that it works in either country pretty much the same as the other. It is the same as any other SIM card with a monthly limited data plan. So, you could consider that it is the same as a Chinese SIM card, I suppose.
> So, is it a defect of the couple of web pages - email and calendar?
Well, I guess I don't know exactly what the problem is, of course. My impression is that they hadn't considered this use-case much at all - I notice the Huawei browser doesn't have this 'add to homescreen' functionality at all.
However, you prompted me to experiment a bit more, and it doesn't happen with all web pages. Previously, I had my email and calendar on there, and they both were moved back onto the homescreen underneath other icons/widgets and greyed out (and didn't actually work to launch the web pages). However, now, the calendar page does seem to stay on there, and works when I click it. I also have tried both Chrome and Brave, and they both seem to show the same problem. I can't really see how it could be a web page problem, since nothing is being launched. I suppose it could be a web *manifest* problem, since that is where the icons usually come from...though looking in chrome devtools, I see that it has no manifest, and so the icons must be taken from the <meta> in <head>. The calendar, which does seem to be staying on the quick launch bar, also doesn't have a manifest file - so not that then.
It's pretty easy to reproduce though:
1. open your browser (chrome, probably) on https://www.fastmail.fm/
2. click on the menu and select 'Add to homescreen'
3. 'Add' on the dialog
4. 'ADD on the next dialog
5. go to the homescreen and locate the shortcut
6. drag and drop it onto the quick launch bar.
7. restart
Well, that's frustrating - I was writing those down as I did them, and when I restarted, it looked fine :/ I wonder if it makes any difference which position the icons are in on...ah, yeah, it looks like it is more reproducible if the shortcut is the left-most. Arghh. This time I lost a *native* app I had on there too - WeChat of all things - you'd imagine they'd make sure that works fine. Actually, it wasn't the WeChat app I had on there, but a shortcut to one of the contacts - you can add a wechat contact from the menu on their item in the wechat contacts list - 'Add to Desktop' it is in English. Hrm I notice that, while the web page shortcuts get moved back onto the homescreen, the WeChat contact shortcut is just gone....and I can't even add it again from WeChat - it says it is, but nothing appears :/
Gosh, it's really a bit of a mess. Perhaps it's too broken and inconsistent to even bother filing any bug. I'm tempted to apply for a job there to try and help, but in any case, I can't see too many Westerners being happy with such issues I suppose Chinese people just don't do this sort of thing.

> What's your question about logging into that forum?
>
> But as I found, it seems a community forum in Chinese. Almost all posts there are in Chinese. So, will you get any effective response even if you can log in it?
> Maybe it's better to contact a local Huawei customer service center in order to get some helps. Do you think so?
Well, the question is where I can get help with logging in - but, if it is all in Chinese, I would modify my question to be: where can I find forums that are in English, and corresponding community support? Since there is a huge market for English speakers, I imagine they have somewhere for us to learn how to use it, and ask questions and report problems, etc?

davidmaxwaterman said:
> What's your question about logging into that forum?
>
> But as I found, it seems a community forum in Chinese. Almost all posts there are in Chinese. So, will you get any effective response even if you can log in it?
> Maybe it's better to contact a local Huawei customer service center in order to get some helps. Do you think so?
Well, the question is where I can get help with logging in - but, if it is all in Chinese, I would modify my question to be: where can I find forums that are in English, and corresponding community support? Since there is a huge market for English speakers, I imagine they have somewhere for us to learn how to use it, and ask questions and report problems, etc?
Click to expand...
Click to collapse
Yes, your requirement is very reasonable.
When I posted some questions about mobile phone usage here, there would be someone would replied to my thread and tried to get more detailed info to help me. They said they were the Huawei official staff.
I will post a thread about "where for you to ask questions and report problems in English" for you soon.
On the other hand, you can access the forum either via web application (mobile web as well as computer web) or via an official app. You can also try the app. If you need it and can not find the apk, I will show you the link.

James_Watson said:
Yes, your requirement is very reasonable.
When I posted some questions about mobile phone usage here, there would be someone would replied to my thread and tried to get more detailed info to help me. They said they were the Huawei official staff.
I will post a thread about "where for you to ask questions and report problems in English" for you soon.
On the other hand, you can access the forum either via web application (mobile web as well as computer web) or via an official app. You can also try the app. If you need it and can not find the apk, I will show you the link.
Click to expand...
Click to collapse
Thanks. I look forward to finding out if there is a forum for English language users somewhere. I do kind of feel like they could spend more attention to this requirement, unless, of course, I'm just not looking hard enough. I remember when I was using a ZTE phone - they were very popular due to having front-facing speakers, and so had a pretty good US based forum and it was very useful. [Side note - I wish Huawei would produce a phone with front-facing speakers].
I don't think an app will get me very far...I probably have it on my phone already - I see one called 'HiCare', for example, and there's the top line on the settings. It's all very unfamiliar and things so often don't seem to quite work as expected. I kind of wish the Huawei stores had 'help' sessions like they do (or did anyway) in Apple stores.

davidmaxwaterman said:
> I never used a CMLink sim card
I don't think there's anything special about the CMLink, except that it works in either country pretty much the same as the other. It is the same as any other SIM card with a monthly limited data plan. So, you could consider that it is the same as a Chinese SIM card, I suppose.
> So, is it a defect of the couple of web pages - email and calendar?
Well, I guess I don't know exactly what the problem is, of course. My impression is that they hadn't considered this use-case much at all - I notice the Huawei browser doesn't have this 'add to homescreen' functionality at all.
However, you prompted me to experiment a bit more, and it doesn't happen with all web pages. Previously, I had my email and calendar on there, and they both were moved back onto the homescreen underneath other icons/widgets and greyed out (and didn't actually work to launch the web pages). However, now, the calendar page does seem to stay on there, and works when I click it. I also have tried both Chrome and Brave, and they both seem to show the same problem. I can't really see how it could be a web page problem, since nothing is being launched. I suppose it could be a web *manifest* problem, since that is where the icons usually come from...though looking in chrome devtools, I see that it has no manifest, and so the icons must be taken from the <meta> in <head>. The calendar, which does seem to be staying on the quick launch bar, also doesn't have a manifest file - so not that then.
It's pretty easy to reproduce though:
1. open your browser (chrome, probably) on https://www.fastmail.fm/
2. click on the menu and select 'Add to homescreen'
3. 'Add' on the dialog
4. 'ADD on the next dialog
5. go to the homescreen and locate the shortcut
6. drag and drop it onto the quick launch bar.
7. restart
Well, that's frustrating - I was writing those down as I did them, and when I restarted, it looked fine :/ I wonder if it makes any difference which position the icons are in on...ah, yeah, it looks like it is more reproducible if the shortcut is the left-most. Arghh. This time I lost a *native* app I had on there too - WeChat of all things - you'd imagine they'd make sure that works fine. Actually, it wasn't the WeChat app I had on there, but a shortcut to one of the contacts - you can add a wechat contact from the menu on their item in the wechat contacts list - 'Add to Desktop' it is in English. Hrm I notice that, while the web page shortcuts get moved back onto the homescreen, the WeChat contact shortcut is just gone....and I can't even add it again from WeChat - it says it is, but nothing appears :/
Gosh, it's really a bit of a mess. Perhaps it's too broken and inconsistent to even bother filing any bug. I'm tempted to apply for a job there to try and help, but in any case, I can't see too many Westerners being happy with such issues I suppose Chinese people just don't do this sort of thing.
Click to expand...
Click to collapse
1. About CMLink, okay, I just posted a thread for you to Huawei community about how to report issue about Huawei phone usage for those speak English. Wait for their response, please.
2. Now I have gotten to know the feature 'Add to Home Screen'. In my Firefox Focus browser, I found it. I will have a try soon.

James_Watson said:
1. About CMLink, okay, I just posted a thread for you to Huawei community about how to report issue about Huawei phone usage for those speak English. Wait for their response, please.
2. Now I have gotten to know the feature 'Add to Home Screen'. In my Firefox Focus browser, I found it. I will have a try soon.
Click to expand...
Click to collapse
Awesome. That's very cool of you, thanks Maybe I'll try Firefox too...
Max.

davidmaxwaterman said:
Awesome. That's very cool of you, thanks Maybe I'll try Firefox too...
Max.
Click to expand...
Click to collapse
I tried Firefox Focus just now.
When I opened a simple web page, then selected 'Add to Home screen' from the menu, entered some words for the icon title, tap 'Add' at last.
But it was so strange that then I couldn't find this icon on the home screen at all. It must be a bug of Huawei EMUI system. The QC engineers should ignore this use case.
Btw, it's time to home for me. I will try to help you tomorrow. Would you like to support my apps available on Google Play? Thanks in advance.

James_Watson said:
I tried Firefox Focus just now.
When I opened a simple web page, then select 'Add to Home screen' from the menu, entered some words for the icon title, tap 'Add' at last.
But it was so strange that then I couldn't find this icon on the home screen at all. It must be a bug of Huawei EMUI system. The QC engineers should ignore this use case.
Click to expand...
Click to collapse
Ah, I hit this too. I suspect it is simply that you need to grant the app permissions to add to homescreen in the phone's settings in the Apps->permissions...or somewhere like that.
It's a bit odd that they don't get this automatically...I never had this issue with Google Android phones.

James_Watson said:
I tried Firefox Focus just now.
When I opened a simple web page, then selected 'Add to Home screen' from the menu, entered some words for the icon title, tap 'Add' at last.
But it was so strange that then I couldn't find this icon on the home screen at all. It must be a bug of Huawei EMUI system. The QC engineers should ignore this use case.
Btw, it's time to home for me. I will try to help you tomorrow. Would you like to support my apps available on Google Play? Thanks in advance.
Click to expand...
Click to collapse
You are right. I granted the app permission 'add to homescreen' to Firefox Focus, and then tried the feature again.
The function works well. Even after rebooting, the icon is still there on the row on the bottom of the screen that is shown on every page. So, I misunderstood that feature.

James_Watson said:
You are right. I granted the app permission 'add to homescreen' to Firefox Focus, and then tried the feature again.
The function works well. Even after rebooting, the icon is still there on the row on the bottom of the screen that is shown on every page. So, I misunderstood that feature.
Click to expand...
Click to collapse
Cool. It seems like it might be working better for you than for me. I've not tried firefox yet, but chrome and brave both seem to lose any shortcuts on the quick launch bar, but not always. It is also quite curious what has happened to the shortcut from wechat...since that's a native android app :/
Perhaps you're on a more recent Android/EMUI version? What kind of phone are you using?
TBH, I'm seriously considering the P30 Pro 5G when I get back to the UK, and this is sort of a test run with a hand-me-down phone which I presume is very similar in UI/UX, so it is all 'influencing' my decision.

davidmaxwaterman said:
Cool. It seems like it might be working better for you than for me. I've not tried firefox yet, but chrome and brave both seem to lose any shortcuts on the quick launch bar, but not always. It is also quite curious what has happened to the shortcut from wechat...since that's a native android app :/
Perhaps you're on a more recent Android/EMUI version? What kind of phone are you using?
TBH, I'm seriously considering the P30 Pro 5G when I get back to the UK, and this is sort of a test run with a hand-me-down phone which I presume is very similar in UI/UX, so it is all 'influencing' my decision.
Click to expand...
Click to collapse
In fact, my phone is an old model, Mate 8 with EMUI/Android 8.0. I also have a wechat installed on my device.
Btw, would you like to leave a 5-star for my app which is available on Google Play? Thanks.

James_Watson said:
In fact, my phone is an old model, Mate 8 with EMUI/Android 8.0. I also have a wechat installed on my device.
Btw, would you like to leave a 5-star for my app which is available on Google Play? Thanks.
Click to expand...
Click to collapse
LOL, well I would be happy to, except I don't have Google Play on my phone...or Google anything, I think....except Chrome, of course. I'm a web app developer, so I prefer to use web apps than native android apps.

davidmaxwaterman said:
LOL, well I would be happy to, except I don't have Google Play on my phone...or Google anything, I think....except Chrome, of course. I'm a web app developer, so I prefer to use web apps than native android apps.
Click to expand...
Click to collapse
I posted a thread in that forum for you yesterday. https://club.huawei.com/thread-21560821-1-1.html
But till now, I have not gotten any response. So, I sent a PM to the ADMIN just now.
You may try to log in the web app or the native app for the community forum. There you might post a thread in English as your device language is English. Have a try, please. Good luck to you.

Yesterday, I managed to contact the CEO of Huawei Consumer Business Group, Richard Yu, through his social network account. But till now I have not gotten his reply to my PM.
I suggest you post your issues on the Reddit: https://www.reddit.com/r/Huawei/ . Good luck to you.

My Huawei P30 has been hacked with a RAT! can I still save my accounts?

I have a Huawei p30 phone with last security patch received in august 2020, not rooted and never been in strangers hands.
This crazy psycopath woman has been stalking me badly for a year, but then in september 2020 she shared a weird (fake) video with the image of a pixeled pony on my Facebook page. I clicked on it but strangely it won't open. Few hours later this crazy woman deleted the fake video and begun to write me about things I said privately to a friend via Whatsapp! and in the following months she started insulting me with fake Instagram profiles every time I chatted privately with other girls, making fun of the things I wrote to them. She seems to see everything on every social network! And even when I took a picture with a girl that I never shared but only had privately in my gallery, she reacted to it by insulting me!
I don't know what kind of trojan or RAT is this but I would like so much to get rid of it!
1) Can you guys tell me how can I get rid of this RAT? I've already searched with Kaspersky, Malawarebytes, Avast for Android but they can't see a damn thing.
2) Can I put my sim card with my whole whatsapp (and related backup messages and contacts) on a new device or I am going to risk?
3) Can I keep my Gmail and Instagram accounts by disconnecting them from the hacked device and changing passwords from a new device?
THANKS

Personally don't think your phone got infected by a RAT and/or Trojan: this type of malicious software requires root-access get granted to it.
IMO your issue is related to the social media you make use of, the method you login there, the passwords you use with this accounts.
You know that FB, WA and Instagram basically are ONE company, that your related account details get shared between them?

jwoegerbauer said:
Personally don't think your phone got infected by a RAT and/or Trojan: this type of malicious software requires root-access get granted to it.
IMO your issue is related to the social media you make use of, the method you login there, the passwords you use with this accounts.
You know that FB, WA and Instagram basically are ONE company, that your related account details get shared between them?
Click to expand...
Click to collapse
If you look around over the Internet there is PLENTY of new generation RAT trojans that take root permissions of Android phones with just one click. Some of them are called drive-by download, they use a buffer overflow mechanism. Off course you need security holes for this to happen, and Huawei is very very exposed to this, they never release security patches! Even the police officer I talked to when I filled the complaint told me that they see many cases like these. It's absolutely possible.

Columbus93 said:
If you look around over the Internet there is PLENTY of new generation RAT trojans that take root permissions of Android phones with just one click. Some of them are called drive-by download, they use a buffer overflow mechanism. Off course you need security holes for this to happen, and Huawei is very very exposed to this, they never release security patches! Even the police officer I talked to when I filled the complaint told me that they see many cases like these. It's absolutely possible.
Click to expand...
Click to collapse
I want to say one thing to the one guy laughing underneath my post. ALL of my accounts were protected with double step autentication (2FA) and just yesterday, my phone received a series of notification about a Google chromecast device that was connected to my Huawei p30. I even got the last notification saying "you succeded connected google chromecast to your device". Now tell me how this is even possible, because I never had a google chromecast device and I was at work the whole time! Looks like there's a clone of my p30 smatphone out there. Do not aswer if you have no clue about new hacking programs.

1. Make sure that you have finished a full data backup.
2. Do a factory reset + wipe cache.
3. Change your passwords ASAP.
Just for your reference.

A side remark dedicated to visitors here who don't know what a RAT is:
A RAT ( read: Remote Administration Tool ) is an Android app that always runs as an Android service, what gets started at Android's boot. It has initially been developed as an university project. A RAT consits of a client module ( the mentioned Android service ) and a server module located somewhere outside of Android device, reachable via Android's network connection.
A RAT's client module only can get installed on Android devices with unlocked bootloader, AVB disabled and rooted Android. It's the user - and ONLY he /she - who allows a RAT service to get installed on Android
​These are a RAT's functionalities typically available
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call

James_Watson said:
1. Make sure that you have finished a full data backup.
2. Do a factory reset + wipe cache.
3. Change your passwords ASAP.
Just for your reference.
Click to expand...
Click to collapse
About the backup: can I just connect the hacked phone (offline) to a clean PC to transfer my files? I am afraid I'll transfer also the rat this way!

jwoegerbauer said:
A side remark dedicated to visitors here who don't know what a RAT is:
A RAT ( read: Remote Administration Tool ) is an Android app that always runs as an Android service, what gets started at Android's boot. It has initially been developed as an university project. A RAT consits of a client module ( the mentioned Android service ) and a server module located somewhere outside of Android device, reachable via Android's network connection.
A RAT's client module only can get installed on Android devices with unlocked bootloader, AVB disabled and rooted Android. It's the user - and ONLY he /she - who allows a RAT service to get installed on Android
​These are a RAT's functionalities typically available
Get contacts (and all theirs informations)
Get call logs
Get all messages
Location by GPS/Network
Monitoring received messages in live
Monitoring phone state in live (call received, call sent, call missed..)
Take a picture from the camera
Stream sound from microphone (or other sources..)
Streaming video (for activity based client only)
Do a toast
Send a text message
Give call
Click to expand...
Click to collapse
So you are basically telling everyone that when FBI is live monitoring your smartphone, that's because you CHOOSE to ALLOW a RAT service to get installed into your smartphone? I never ever allowed this thing to install inside my phone, all I did was to click on that fake video! and things like this, to mutuate the words of the police officer I talked to, do happen all the time!

My last 2 cents here:
If someone ( like FBI employee, spouse, life companion, etc.pp ) wants to monitor everything on your Android phone not having your phone in hands, wants to access your phone's data not having your phone in hands, he / she must install a monitoring app or RAT software ( e.g. AndroRAT ) on your Android phone. Point.
Have a nice day.

jwoegerbauer said:
My last 2 cents here:
If someone ( like FBI employee, spouse, life companion, etc.pp ) wants to monitor everything on your Android phone not having your phone in hands, wants to access your phone's data not having your phone in hands, he / she must install a monitoring app or RAT software ( e.g. AndroRAT ) on your Android phone. Point.
Have a nice day.
Click to expand...
Click to collapse
I'm positive with what you say, but I'm also saying that this monitoring app CAN be disguised as fake video or image, thus by clicking on it you will inadvertitely launch a series of payloads that will root and then hack your phone. This is a fact. It happened to me and if you give a look online you'll see how this works and how many apps are doing this (obviously you need HUGE security holes in your device to do that, and older Huawei devices, which are rarely updated, do have them).