[Q] I believe I discovered a new spy program. - Security Discussion

I've always known that my girlfriend's ex was stalking her using her phone. The problem was we could never find the physical proof in the phone.
I found some emulated partitions on her grab when I was going through it trying to find out what was using all the storage up. Anyway it looks good like he was able to link an emulated preload partition to the real one, the code says from what I could tell from the manifest.xml, to use the same files as before but adds some new abilities and special parameters.
Anyway the reason I know for sure that it was him, I gave up looking along time ago, is this a#$#@le left a trace by using the URL he has for his very successful 3d animation business as the proxy server to receive collected files.
My knowledge is minimal but I learn quickly. I'm afraid of screwing up any evidence, and I don't think I can trust the local law enforcement to handle this properly. Can anyone help me understand what I am looking at?

Related

Applications to SD - WITHOUT PARTITONING (BETA TEST)

I'm looking for beta testers for a new App2SD implementation that does not require your MicroSD card to be partitioned which is potentially unsafe and can result in a loss of your data. If you'd like to test this new implementation before it's release here on XDA shoot me an email at [email protected] with what firmware and version you're using.
More information will be released after I get a few positive beta tests out of the way.
loopback device, eh?
I tried that a while back but never could get the loopback driver to load early enough in the boot process reliably.
Hope you have better luck than I did.
As [email protected] pointed out to me a while ago, this is not a good idea for security reasons. If your loopback file sits on the FAT partition, it is accessible by all of the apps, it can be read, overwritten and deleted by a rogue app bypassing the entire android security model. If this is what you intend to do, it's probably not "safer".
Hey, shot you an email. Ready to try it out. But only for beta.
Hit me up, I have no apps to lose.
But security? Idk just let me know whats up.
what happens when you mount the SD card to your computer?
I'd like to try it, but i don't yet have a class6 sd card. Is that necessary?
i'd be willing to give this a shot. I have no data to lose as well.
southsko said:
what happens when you mount the SD card to your computer?
Click to expand...
Click to collapse
That's true. Won't all your apps disappear when you mount the SD?
This smells fishy not many app developers with 1 post can this be someone testing their new exploit/virus?No offense to original poster im just sayin....???
Edit:Sorry to OP clearly not a virus,and good luck on getting it stable I will gladly donate to your cause partitioning is a pain!
don't be a jackass, many people have had great ideas and decided to come to XDA to share them. just because you are a complete idiot who can't program does not mean that the OP is too.
@@OP
you are playing with fire my dear friend. i don't think that mounting your apps on the FAT32 partition is a good idea at all. not only because it would allow any program to access and write without asking android permission first, but because it would allow people to mount the SDcard and steal paid apps even easier. i beg of you please rethink your idea
I imagine the phone would be crashing when the phone is mounted to the computer. lol. just kidding. =]
tubaking182 said:
don't be a jackass, many people have had great ideas and decided to come to XDA to share them. just because you are a complete idiot who can't program does not mean that the OP is too.
Click to expand...
Click to collapse
WTF?Just came back to edit my post and put that its for real cause like I should have done first I found this http://noderat.com/loop2sd/.But as for your insults who the hell are you?How the f**k do you know what I can or can not do?I was posting in the first place to start trying be more active in the forums no reason for you to be a **** anyways,I was tryin to help people not get what I thought may have been a virus was that really that bad?
i'm not sure that is 100% true. when i mount my phone(apps2sd) my phone decides to mount the ext2 partion and the FAT32 partition, i am using ubuntu so my computer is able to read the partition, but my phone doesn't crash(i've yet to try running an app while mounted though)
Android can acces the sdcard while mounted.
Try terminal emulator.
crotalusfreak said:
This smells fishy not many app developers with 1 post can this be someone testing their new exploit/virus?No offense to original poster im just sayin....???
Click to expand...
Click to collapse
Well, take it from someone who has many posts and 15 years of unix experience, it is a bad idea.
Most of the devs here had this same idea, but as I mention in my previous post, this is opening yourself up to many bad security issues. To all those who answer, "I have no data to lose", that's fine as a beta tester. But what's the point in beta testing something that cannot be safely used by anyone who does have data (or apps) to lose?
I should point out to those who perhaps do not realize some the consequences of my original post, that it is not just a potential data loss problem, but a potential arbitrary code execution vulnerability. If an application manages to replace the loopback file with a new loopback file, it could inject altered common applications. If this succeeds, it means that previously trusted applications which have been granted privileges (or root using the various su apps) at install time, could be replaced with trojan versions which can have complete control over your system... steal your passwords... reflash your bootloader and literally install a permanent trojan... brick your phone... <insert other scary things besides data loss here>.
It's your phone, do what you want. I just figured that I would re-post that this not a new idea, but one that has been rejected by those of us with unix experience who realize the consequences. If you are just messing around, go ahead, it's not likely to hurt your phone. But, as a general method to build upon and be depended on, this should not have a future. If this becomes common practice, it is highly likely that exploits will be written to take advantage of this vulnerability.
So, if you are asking yourself if something is fishy, yes something is: it's a logical idea which seems great on the surface, but it has an unfortunate flaw.
Note: I am not suggesting malicious intent on the OP's part, just that they may not have thought of the consequences of suggesting this as a common method to do apps2sd. And if the OP (or someone else) is able to point out a method to avoid the things I warn against I will happily retract my statements (if I agree that this method would indeed work) since this method has some obvious benefits. However sadly, I think that is highly unlikely.
maxisma said:
Android can acces the sdcard while mounted.
Try terminal emulator.
Click to expand...
Click to collapse
No it can't. It can only access the empty mountpoint.
If you want to do this, there IS a way to make it work SAFELY....
Find the functions that control sdcard mounting and unmounting and FIX it so that it will mount an ext2 first partition. Then forget about the whole loopback thing as thats not going to do anyone any good... If you do it like this, then unionfs it, then unmounting the sdcard should safely vanish the apps that are stored on the card (leaving the internally stored apps), might crash the launcher, but that'll restart immediately and won't even error out.
A second step in the right direction would be to find the place where programs are detected from, which currently looks in /data/app, /data/app-private, /system/app, so it can clearly handle loading software from multiple locations -- add in a new path. Or maybe link app-private to /sdcard... A little more challenging would be to allow it look in multiple locations for thing that are ALL currently in /data/data and /data/dalvik-cache.
And then when its done, submit a patch for the source.
Wow what a response. Here's a few key bulletpoints:
I'm not a forum poster, not the kinda person for it but I have been on XDA Dream since I got my pre-launch G1 as a CSR.
There are potential security flaws with the current ext2 method of a2sd, and bypassing root to mount the ext2 partition is possible.
a2sd is not stable in any format, so it's a use at your own risk until android improves kinda deal.
I'm not cool enough to write a virus, but thank you for the ego boost
Anybody using a third-party firmware is not safe nor secure. If you're reading this forum you're not safe nor secure. The idea of homebrew roms is to add extra features that are not in Android to begin with and with that comes security risks. No ROM is ever perfect but I'd trust a Google or T-Mobile rom with my security before any homebrew-anything.So yes it's use at your own risk
This has the same results for mounting on a PC as MarcusMaximus's a2sd.sh
This doesn't really make it any easier to steal paid apps, it's always been easy and always will be but this doesn't change it.
If you guys have other questions shoot me an email, like I said I don't really do much forum-posting (never had much of anything to say, maybe this'll change all that)
[email protected]
JakeEv said:
I'd like to try it, but i don't yet have a class6 sd card. Is that necessary?
Click to expand...
Click to collapse
The faster the better but I've done it with the stock card that came in the G1 as well as a Class 6.
id try it since i can not get apps2sd to work.
[email protected]
using JF 1.51

HD2 book collection database software sought

I got my new HD2 and was delighted, but then tried to get the software that I have been using previously to work on it.
As I travel around and look in second hand book and record shops, I am never totally sure from memory whether i have a particular book or cd. Publishers keep changing the covers and synopses.
On my Psion, it had as standard a lovely card database / rolodex type of program. It was easy to input, easy to search.
When I moved to the hx4700 on windows 2003SE I lost that. Eventually I found Data On The Run which is fully access compatible. So I've converted all of my lists to access, and was happy enough. It wasn't great as it tries to get too much on, and portrait only.
Now on the HD2, the software does not like fingers, only styluses. Scrolling is virtually impossible, as it won't drag to scroll. The pop out scroll bar helper does not show. The developer is one guy and hasn't time to continue developing.
I've looked at stuff like Bookbag plus and someone mentioned "My Collection" but I cannot find it anywhere on the net. There are serious commercial pieces of software that are in effect full database programs, but that is a sledgehammer to crack a walnut.
I know this may only help in the short term, and doesn't solve the software issue.
Have you changed the original theme on the device? If so the Pop out function on the theme is lost in order to return it without going back to the original theme you could try this. please remember to backup
Hope this helps in the short term.
Try this
Try ListPro.. it's a great application..
Neville.Holland said:
I know this may only help in the short term, and doesn't solve the software issue.
Have you changed the original theme on the device? If so the Pop out function on the theme is lost in order to return it without going back to the original theme you could try this. please remember to backup
Hope this helps in the short term.
Click to expand...
Click to collapse
Thanks for hte idea, but Nope, original theme. Pop out scroll is there for other apps.
Klaus1960 said:
Try ListPro.. it's a great application..
Click to expand...
Click to collapse
THanks. I had seen Collectorz which has templates for this, but had not found listpro. It looks a fairly steep learning curve, and I need to import my existing lists. However, its great advantage is that it is only one program that covers a multitude of lists, so i won;t be paying out twice or three times for basically the same thing.
I've installed and imported my book list, so can now try and get it synchronised. I had to install the cab file separately. I can set up the synchronisation in the Windows MObile Device Centre, but that has to be done through "files" and unless i have missed something that only lets me synchronise to the machine, not the storage card. That is no damn good.

[Q] Going to CES.... What Would You Like?

CES is upon us (well soon) and I will be attending the conference along with about 300,000 others. However, I doubt there are many others with the intention of coming back with a bit of honey as I am.
Motorola will supposedly have their honeycomb tablet there, among other manufacturers I'm sure. What would be the most surefire way to bring back some bits and pieces of the software for us to tear apart?
My plan upfront was to create a zip file of the entire /system partition and then upload it to a server. Chances are whatever I do, I'll have to do it fast. If I'm crowding a device, it will probably look suspicious. What are the most surefire ways for me to pull system data off of the device, compress it, and upload it in a usable format? Obviously a nandroid backup is out of the equation, as is anything that will take more than 5 minutes to accomplish. I think I could probably upload the file in the background of the device, so the time I have will be for making the copy.
So what do you think? Any software I should look into that will help the cause? Anything else that I might be overlooking? Also, totally into some feedback here if anyone thinks this is just a dumb idea to begin with.
tl;dr: whats the quickest way to archive an entire android system partition and upload it to a server using tools only available on the device?
dude, you GO buddy! just don't get caught huh?
ok, so I looked into what this is going to take and I think i have a game plan. Someone please step up and tell me if this is out of line:
Assuming I can get to actually play with the device: download a terminal emulator. I should have the apk prepared and ready to go on my own personal server along with a few backup versions.
Download a binary from my server that allows zip access. I should be able to use gzip or bzip2, both are in busybox, so that might be another step. Assuming that I get the binaries for those, the next step would be creating a /bin/ file in the /data/ directory. (I am not sure if this will work. I need to do more research, but I think that would be in the path.) I would have to do this all from /data/ because obviously, I wont have root access (I think... this would be so much easier if moto decided to leave su on the phone )
Run gzip or bzip2 on the /system/ partion, saving to /sdcard/. Using the browser on the phone, upload this file to mediafire or similar filesharing service. Or, better yet, bluetooth it to another personal device nearby. My estimations say that would take about 15 minutes though to complete the transfer.
Anyone see any flaws?
Im kinda of a turb0 n00b but I love this idea, hopefully superuser is on the device, the place will be packed, just find a buddy or two to help distract the other demo hosts. Hopefully it will be crowded enough where you can just dissappear if something goes wrong.
I love the idea and I hope it works. Sorry I couldn't offer any technical advice.
if they suspect something just start rebooting the device hopefully to cover it up, maybe load something on your server where you can type a command and hopefully wipe any logs/traces of tampering etc.
man, I hope this works!
Last year, Moto's booth had a good distraction vs employee ratio. They had a stage set up in the middle of the booth with performers doing amazing juggling and stupid human tricks. Distracted almost everyone. Should give me my five minutes.
The only thing I'm worried about is that the tablet will be under glass and not user handleable. We will see what happens.
I'd say try to background everything unobtrusively so you can leave and still have it running, then check mediafire frequently so that Moto doesn't have enough time to find what you've done and issue a takedown notice. It's pretty easy to mount an ftp server in Windows, so once it's done uploading you could whip out a laptop and download it directly to your server. I would also like to offer my services for mirroring. If you need access to my server from CES, PM me and I'll give you an account with r/w access to a separate directory (can't be too careful) so you can upload.
Oh, and if it has GApps, just download Astro and zip /system into /sdcard or wherever, then bluetooth it to yourself.
DesireC said:
Oh, and if it has GApps, just download Astro and zip /system into /sdcard or wherever, then bluetooth it to yourself.
Click to expand...
Click to collapse
Will astro handle a zip operation? And do you think its capable of zipping the entire system partition?
And even if it didnt have gapps, I could grab the astro .apk and have it ready on my server when I get there.
That would be WAY easier than downloading the binaries from busybox and running all of this through CLI (although less fun )
I think I need to find a more graceful way to get the file onto a server once I've dumped it. Know of any ftp applications?
On a semi-related note, there are announcements left and right about honeycomb from other manufacturers besides Moto that will have goods at CES. that means that if the moto tabs are locked down or my process fails there, I can try with other vendors!
If at CES they have a open WiFi network you could use a FTP service on your phone and dump data onto there, so that way you can stay untraceable.
I wish I could help you with ziping the system or whatever but I have no experience with Android....yet .
Good Luck!
If there is such a high level of interest why doesn't moto just make it available?
Sent from my T-Mobile G2 using XDA App
Well, bad news. According to Moto's PR, they wont have the tablet on display at this year's CES. It's just "not ready".
That is not to say, however, that there will not be other Honeycomb tablets available. I still have my tools prepared and I'm ready to get what ever I can. Project Honeypot is still a go!
project honeypot... lol
man I wish you the best!
Well..., anything?
How'd it go dude?

[Q] Android Developers, why are you treating my SD card like a garbage can?

This has been bothering me for quite a while, so I conjured a little story to help sooth my frustration.
Lets say my Android device is the new tenant of a nicely formated loft, this loft being 16gb of square space. To commemorate this new exciting space my device throws a house party. Most of the Apps he invites are pretty well behaved, but some start spilling drinks, then puking on the carpet, then having an orgy, then bukkake-ing the root directory. After discovering such acts, the device politely requests the disruptive guests force quit and leave. "I need more space on my phone." the device replied as each questioned on their way out. To his disbelief, NONE of the Apps cleaned up their mess! Even worse it seems some of the classier Apps, though more organized seem to have been influenced too. Unfortunately the device is forced to live with it, as the police force stopped responding to calls in his neighborhood. One man tries, but it always returns to a mess.
I hope that entertained someone.
i know exactly how you feel... there is at least 7 unused folders just wasting space on my phone. not to mention random mp3's hidden deep within my phone...
PhxkinMassacre said:
i know exactly how you feel... there is at least 7 unused folders just wasting space on my phone. not to mention random mp3's hidden deep within my phone...
Click to expand...
Click to collapse
I hope you understand about the unused folders and NOT the bukkake-ing!!
hello, nice story!
I won't say that I am even close to being a developer but I do develop some apps and the thing that I wan't to point out is that apps do not run when they are installed or uninstalled. It's not each application job to clear up the mess it may have created but package manager's which apparently leaves some files be just in case you would like to reinstall the app later(?)...
I would propose to look for a more efficient package manager or doorman/janitor for your loft
That's why I don't invite the guy whos only existence is to make farting noises!
Very good point. However, one thing I don't know is if uninstalling through the market cleans up the SD card better than using a third party mass uninstall app. Something you may want to experiment with.
Back at it again...
Here I am again, and I still don't flippin get it!
After reading some of your comments I realized my main point kind of got glazed over(no pun intended @Scudderb)
My big issue is that there's no hierarchy in place for this crap. In windows, program files are stored in the 'Program Files' directory. In Android (and I credit google and the developers for this sloppy BS) Apps are just throwing all their **** in with my stuff on the ROOT.
How is this acceptable. Seriously, HOW? And if its all cache files and/or temporary documents than WHY THE **** ISN'T ALL THIS CRAP BEING PUT INTO A TEMP/CACHE FOLDER.
I'm PISSED! Why does every app I install get to put their own folder on the ROOT WITH the FOLDERS and FILES that actually matter to me ex: like my music, pictures, movies, documents (OH and by the way, a lot of apps developers do a REALLY ****ty job with their NAMING CONVENTIONS so the folders being created may or may not even look related to the app that put it there!)
::end rant::
My apologies for the colorful language, folder structure and hierarchy are something I design as a web designer so when I see this crap going on in my phone like the inmates are running the asylum... I get angry.
Today I was cleaning up my SD card for the umteen'th time, and found that Foursquare was dumping its temp files directly onto the root of my directory. I blew my top and had to get it out of my system... so..
A MESSAGE TO ALL THE APPS PULLING THESE SHENANIGANS: GROW UP!
The problem here is that it's hard to do it right
For custom data, files are supposed to be saved into "/data/data/com.appname/blah" (that's from the top of my head, could differ slightly). That's the directory to use for data files, but there's one big issue with it: it's on the internal memory storage. We all know that internal memory on Android (without custom ROMs) is.. limited. That's probably why most devs are using SD for larger files.
There's also the "Android/data/com.package_name.blah/blah" directory on the SD card. This directory should be used by apps to store files into and is automatically deleted when the user removes the associated app (but only when you're running Froyo or greater).
The issue with this approach is that users (and developers too, when testing the app) will lose all their data when removing an old version of a specific app. Let's say there's a bug with the Market again and the app suddenly gets uninstalled. User will have to reinstall, result: data will be all gone. That's only one of the many doom scenarios.
I can't speak for other developers, but that's more or less the reason why I started to use a common directory outside of the preferred ones when I was doing apps. It's not a great situation, I fully agree. But would you rather have your data accidentally deleted?
If anyone knows a good way to get around this issue, I'd love to know more about it...
orly
Thanks for the reply @Stripeymilk
I can think of multiple solutions:
#1 Development community adopts a universal directory for files deemed 'User' or 'Save' data that should be stored for future use. (or Google creates this for developers)
#2 Development community adopts the practice of allowing users to pick the directory users want to store an apps data in. (prompt at app's first start)
#3 Store files/data in the cloud.
#4 Users dump trash in the lobbys/living-rooms of developer's and see how quickly they find a solution.
#5 USE THE "Android/data/com.package_name.blah/" FOLDER WHEN ALL YOU'RE REALLY DOING IS STORING CACHE/TEMP FILES!!!
BOTTOM LINE: Its not hard to do it right, Its just hard to get people to do it.
You make it sound so easy
1) I'm all for it, but Google needs to put its weight behind an approach like that because otherwise people will say "I like /Data better than /data or /Mydata or /MyData". It's a bit like coding conventions: everyone wants to be different.
2) Good for techy people, not so good for "normal" users. Could make it easier with a small "file manager", but that's too much work for indie devs. Could be a nice idea for a new open source project though.
3) Great idea, could actually work if the associated account would be created automatically (like in Cut the Rope for Android with Scoreloop), but:
- The backup functionality in Android for storing data in the cloud is available for API level 8 and greater, making it of not so much use when you're targeting API level 5 or 6 and greater. Could be fixed by using something like Google Storage combined with Jets3t instead, but that would be useless for apps written in C++, like many games are.
- Cloud storage isn't free. Developers can't pay for that as it would be too expensive. If every Android user would've gotten free cloud storage from Google it could be a nice alternative, but (yeah, there's always a but) most current users don't have that.
4) If you're prepared to send your trash by plane to another country, go for it!
5) Agreed. Useful for temp data.
I'm not trying to make it sound easy, believe me I know how it isn't. I'm trying to make it sound simple, because really.. it is...
In response:
1) I agree and this is exactly what I mean by the real hard part is getting people to do it. This requires widespread endorsement by developers big and small - that this is a 'best practice' that should be adhered to. I think the gate swings both ways though.
example: Twitter didn't invent hash tags, their users did, and with its widespread adoption, Twitter adopted/implemented it too.
2) Another good point, though this process can be curated to drive the user in the right direction (holding their hand). The XBOX 360 does this for every game you play, the first thing it does is ask you which storage device you want to use for game saves.
example: in combination with solution # 1, the default folder the app saves to could be '/data/theAppsName' and the prompt could say "This app saves files to your SD CARD in '/data/theAppName'. Would you like to choose a new location?" [Yes] [No] [?]. The [Yes] option brings up a simple file manager, the [No] option uses that location, the [?] option brings up an easy to understand write up on what its asking and why its asking it.
3) We'll get there eventually, my point really was if you've got the resources, why not. Its a solution better than #1 and #2
4) I plan on sending human clones to create trash individually and exponentially
5) AMIRITE~!
In all seriousness though, thank you @Stripeymilk for taking the time to go in depth and have a conversation about this. I seriously think it doesn't take an act of Godogle to solve this (to what I beleive) is a big issue!
I can't agree more with you.
As developer (Windows, iSeries) I try to make my programs as structured and readable as possible. The same goes for the files and folders used used by the programs, but sadly, even with all the available resources, some people (colleagues) make a complete mess of it, cause "that's not/less important", as long as the program does what it's intended to do ...
It's all about the resources and people using them the right way!
Cool, didn't know about the hash tags on Twitter
Well, we're on a great site here with developers on it. If everyone here would adhere to the same standard, it could at least be a nice push to make the Android SD card world a better place.
What's the directory we're going to settle on? Any pros and cons?

TouchStudio

Has anyone had a look at touchstudio? You can program some codes using it that access a lot of the phone's stuff.
Any developer/hacker wanna take a look at it and maybe see what dll allows access and stuff?
I've seen it. But I've seen nothing that has access to something cool. What are you referring to?
I don't think that TouchStudio has more access to the whole system than other apps. Because anything that you program in the app gets just displayed on the "wall" (or whatever that thing is called )...
And if there are interesting parts in this app MS has locked down these parts for sure...
I just downloaded this as it looks interesting and I'm hoping to learn a bit more about coding. Has anyone used it much? Is there any way to actually effectively use the codes that you create? It doesn't appear like theres a way to export the actions to your homescreen or anything to make them useable, aside from going into the touchscreen app and then running it. Is this just because its the beta version, or is it really just supposed to be for fun/learning?

Categories

Resources