What's with the baidu spyware? - Xperia Z3 Q&A, Help & Troubleshooting

As you may know there is a spyware linked to the my Xperia App that seems to be affected alot of Xperia Z3 users (Maybe all of us). It's creating a baidu folder and it seems that no matter what you do is coming back, worst, it's sending info to a server in China.
There is currently another thread in the Z3 Compact Forum, but I'm posting this here for all of us that never goes over there , http://forum.xda-developers.com/z3-compact/general/spyware-preloaded-z3-phones-baidu-t2921634/post56366715#post56366715.
I've been following the instructions over there but as you will see, it's not working as expected for me, it's even mentioned that it may be linked to ES File Explorer (I do have that installed) but I've also removed ES and still doesn't work.
Please check your Z3s and see if you have the baidu folder, if you do, you're also infected.

erasat said:
As you may know there is a spyware linked to the my Xperia App that seems to be affected alot of Xperia Z3 users (Maybe all of us). It's creating a baidu folder and it seems that no matter what you do is coming back, worst, it's sending info to a server in China.
There is currently another thread in the Z3 Compact Forum, but I'm posting this here for all of us that never goes over there , http://forum.xda-developers.com/z3-compact/general/spyware-preloaded-z3-phones-baidu-t2921634/post56366715#post56366715.
I've been following the instructions over there but as you will see, it's not working as expected for me, it's even mentioned that it may be linked to ES File Explorer (I do have that installed) but I've also removed ES and still doesn't work.
Please check your Z3s and see if you have the baidu folder, if you do, you're also infected.
Click to expand...
Click to collapse
There seems to be very little information about what is responsible for the folder creation, and what, if any, malware is on the phones. All I see is breathless speculation about "infecting" and "sending data to china". If true then Sony has something to answer for, but I've not seen anything approaching a sensible analysis of what data is being sent, what app is producing it etc. But by all means, delete the empty folder if you like!

poldie said:
There seems to be very little information about what is responsible for the folder creation, and what, if any, malware is on the phones. All I see is breathless speculation about "infecting" and "sending data to china". If true then Sony has something to answer for, but I've not seen anything approaching a sensible analysis of what data is being sent, what app is producing it etc. But by all means, delete the empty folder if you like!
Click to expand...
Click to collapse
It's not an empty folder, it has data and when you look at it they are databases, it may look as paranoid but given that the only information we have right now is that it's sending data to China servers, I don't feel too comfortable just working with the phone as I was before knowing that.
Most of us have mostly replaced our Computers and Laptops with our Smartphones, that means that every connection I do to check and do Financial stuff have been done over my smartphone for quite some time now. Even worst, I have lastpass installed with all my personal and office passwords on it (it's encrypted both ways) because as a System manager I need to deal with a couple of dozens Office passwords and information plus my personal ones and at 42, that's not a possible task anymore without any help.

For those of you interested in block this, it seems that the instructions that you can find in the link works, my problem was that I had the my Xperia app activated as a Device Administrator, that was preventing everything from work.

Related

[Q] Android Developers, why are you treating my SD card like a garbage can?

This has been bothering me for quite a while, so I conjured a little story to help sooth my frustration.
Lets say my Android device is the new tenant of a nicely formated loft, this loft being 16gb of square space. To commemorate this new exciting space my device throws a house party. Most of the Apps he invites are pretty well behaved, but some start spilling drinks, then puking on the carpet, then having an orgy, then bukkake-ing the root directory. After discovering such acts, the device politely requests the disruptive guests force quit and leave. "I need more space on my phone." the device replied as each questioned on their way out. To his disbelief, NONE of the Apps cleaned up their mess! Even worse it seems some of the classier Apps, though more organized seem to have been influenced too. Unfortunately the device is forced to live with it, as the police force stopped responding to calls in his neighborhood. One man tries, but it always returns to a mess.
I hope that entertained someone.
i know exactly how you feel... there is at least 7 unused folders just wasting space on my phone. not to mention random mp3's hidden deep within my phone...
PhxkinMassacre said:
i know exactly how you feel... there is at least 7 unused folders just wasting space on my phone. not to mention random mp3's hidden deep within my phone...
Click to expand...
Click to collapse
I hope you understand about the unused folders and NOT the bukkake-ing!!
hello, nice story!
I won't say that I am even close to being a developer but I do develop some apps and the thing that I wan't to point out is that apps do not run when they are installed or uninstalled. It's not each application job to clear up the mess it may have created but package manager's which apparently leaves some files be just in case you would like to reinstall the app later(?)...
I would propose to look for a more efficient package manager or doorman/janitor for your loft
That's why I don't invite the guy whos only existence is to make farting noises!
Very good point. However, one thing I don't know is if uninstalling through the market cleans up the SD card better than using a third party mass uninstall app. Something you may want to experiment with.
Back at it again...
Here I am again, and I still don't flippin get it!
After reading some of your comments I realized my main point kind of got glazed over(no pun intended @Scudderb)
My big issue is that there's no hierarchy in place for this crap. In windows, program files are stored in the 'Program Files' directory. In Android (and I credit google and the developers for this sloppy BS) Apps are just throwing all their **** in with my stuff on the ROOT.
How is this acceptable. Seriously, HOW? And if its all cache files and/or temporary documents than WHY THE **** ISN'T ALL THIS CRAP BEING PUT INTO A TEMP/CACHE FOLDER.
I'm PISSED! Why does every app I install get to put their own folder on the ROOT WITH the FOLDERS and FILES that actually matter to me ex: like my music, pictures, movies, documents (OH and by the way, a lot of apps developers do a REALLY ****ty job with their NAMING CONVENTIONS so the folders being created may or may not even look related to the app that put it there!)
::end rant::
My apologies for the colorful language, folder structure and hierarchy are something I design as a web designer so when I see this crap going on in my phone like the inmates are running the asylum... I get angry.
Today I was cleaning up my SD card for the umteen'th time, and found that Foursquare was dumping its temp files directly onto the root of my directory. I blew my top and had to get it out of my system... so..
A MESSAGE TO ALL THE APPS PULLING THESE SHENANIGANS: GROW UP!
The problem here is that it's hard to do it right
For custom data, files are supposed to be saved into "/data/data/com.appname/blah" (that's from the top of my head, could differ slightly). That's the directory to use for data files, but there's one big issue with it: it's on the internal memory storage. We all know that internal memory on Android (without custom ROMs) is.. limited. That's probably why most devs are using SD for larger files.
There's also the "Android/data/com.package_name.blah/blah" directory on the SD card. This directory should be used by apps to store files into and is automatically deleted when the user removes the associated app (but only when you're running Froyo or greater).
The issue with this approach is that users (and developers too, when testing the app) will lose all their data when removing an old version of a specific app. Let's say there's a bug with the Market again and the app suddenly gets uninstalled. User will have to reinstall, result: data will be all gone. That's only one of the many doom scenarios.
I can't speak for other developers, but that's more or less the reason why I started to use a common directory outside of the preferred ones when I was doing apps. It's not a great situation, I fully agree. But would you rather have your data accidentally deleted?
If anyone knows a good way to get around this issue, I'd love to know more about it...
orly
Thanks for the reply @Stripeymilk
I can think of multiple solutions:
#1 Development community adopts a universal directory for files deemed 'User' or 'Save' data that should be stored for future use. (or Google creates this for developers)
#2 Development community adopts the practice of allowing users to pick the directory users want to store an apps data in. (prompt at app's first start)
#3 Store files/data in the cloud.
#4 Users dump trash in the lobbys/living-rooms of developer's and see how quickly they find a solution.
#5 USE THE "Android/data/com.package_name.blah/" FOLDER WHEN ALL YOU'RE REALLY DOING IS STORING CACHE/TEMP FILES!!!
BOTTOM LINE: Its not hard to do it right, Its just hard to get people to do it.
You make it sound so easy
1) I'm all for it, but Google needs to put its weight behind an approach like that because otherwise people will say "I like /Data better than /data or /Mydata or /MyData". It's a bit like coding conventions: everyone wants to be different.
2) Good for techy people, not so good for "normal" users. Could make it easier with a small "file manager", but that's too much work for indie devs. Could be a nice idea for a new open source project though.
3) Great idea, could actually work if the associated account would be created automatically (like in Cut the Rope for Android with Scoreloop), but:
- The backup functionality in Android for storing data in the cloud is available for API level 8 and greater, making it of not so much use when you're targeting API level 5 or 6 and greater. Could be fixed by using something like Google Storage combined with Jets3t instead, but that would be useless for apps written in C++, like many games are.
- Cloud storage isn't free. Developers can't pay for that as it would be too expensive. If every Android user would've gotten free cloud storage from Google it could be a nice alternative, but (yeah, there's always a but) most current users don't have that.
4) If you're prepared to send your trash by plane to another country, go for it!
5) Agreed. Useful for temp data.
I'm not trying to make it sound easy, believe me I know how it isn't. I'm trying to make it sound simple, because really.. it is...
In response:
1) I agree and this is exactly what I mean by the real hard part is getting people to do it. This requires widespread endorsement by developers big and small - that this is a 'best practice' that should be adhered to. I think the gate swings both ways though.
example: Twitter didn't invent hash tags, their users did, and with its widespread adoption, Twitter adopted/implemented it too.
2) Another good point, though this process can be curated to drive the user in the right direction (holding their hand). The XBOX 360 does this for every game you play, the first thing it does is ask you which storage device you want to use for game saves.
example: in combination with solution # 1, the default folder the app saves to could be '/data/theAppsName' and the prompt could say "This app saves files to your SD CARD in '/data/theAppName'. Would you like to choose a new location?" [Yes] [No] [?]. The [Yes] option brings up a simple file manager, the [No] option uses that location, the [?] option brings up an easy to understand write up on what its asking and why its asking it.
3) We'll get there eventually, my point really was if you've got the resources, why not. Its a solution better than #1 and #2
4) I plan on sending human clones to create trash individually and exponentially
5) AMIRITE~!
In all seriousness though, thank you @Stripeymilk for taking the time to go in depth and have a conversation about this. I seriously think it doesn't take an act of Godogle to solve this (to what I beleive) is a big issue!
I can't agree more with you.
As developer (Windows, iSeries) I try to make my programs as structured and readable as possible. The same goes for the files and folders used used by the programs, but sadly, even with all the available resources, some people (colleagues) make a complete mess of it, cause "that's not/less important", as long as the program does what it's intended to do ...
It's all about the resources and people using them the right way!
Cool, didn't know about the hash tags on Twitter
Well, we're on a great site here with developers on it. If everyone here would adhere to the same standard, it could at least be a nice push to make the Android SD card world a better place.
What's the directory we're going to settle on? Any pros and cons?

Safe List

Hi guys,
I noticed theres a few safe lists popping about but none of them are very concise. I was thinking we should compile a safe list of apps to remove and apps to move to sd.
For example, if we force it using TitaniumBackup, will it stop functioning? I will be performing a full root in the next few days and I will produce a list based. I also suggest we recommend a full Link2SD explanation as that is very important with this phone having such crap internal storage.
This thread should suffice. http://forum.xda-developers.com/showthread.php?t=1382321
The title says it all: Deletable Stock-Applications.
That list contains things that have been tested by freezing/removing, in other words, other people managed to rip apart their ROMs (and soft-brick them) so that you can have a list of safe to remove stock applications and widgets.
Creating 5 threads of safe lists of random apps that are not part of the stock ROM should not be part of the XDA forum (in my opinion); the stock ROM on the other hand is something which we all have/had/will have at some point and we have backups of it in various places, therefore backups can be shared. As per other market applications, there is no warranty for that and each user has the ability to create his own backups when and how he wants. I presume that the warning Titanium Backup pops when trying to freeze/delete an application is enough.
If you require more info about how to create backups using Titanium or CWM, please consult the search function or Google.
Alex C. said:
This thread should suffice. http://forum.xda-developers.com/showthread.php?t=1382321
The title says it all: Deletable Stock-Applications.
That list contains things that have been tested by freezing/removing, in other words, other people managed to rip apart their ROMs (and soft-brick them) so that you can have a list of safe to remove stock applications and widgets.
Creating 5 threads of safe lists of random apps that are not part of the stock ROM should not be part of the XDA forum (in my opinion); the stock ROM on the other hand is something which we all have/had/will have at some point and we have backups of it in various places, therefore backups can be shared. As per other market applications, there is no warranty for that and each user has the ability to create his own backups when and how he wants. I presume that the warning Titanium Backup pops when trying to freeze/delete an application is enough.
If you require more info about how to create backups using Titanium or CWM, please consult the search function or Google.
Click to expand...
Click to collapse
Wow, you couldn't have been any more condescending if you'd tried. Regardless, I never mentioned anything about Market apps. TitaniumBackup (and other apps) have the ability to force System apps onto the SD card (by converting them to a user app) with mixed results. Freezing a system app, fine. Deleting a system app, fine. You know the end result, however forcing a system app to SD isn't deterministic.
That said, the link you provided is very clear and appears to be very useful.
Oh and by the way, telling someone to consult the search function or Google is a pretty stupid thing to say (despite the fact I regularly see arsey users say it on here). You cannot consult an inanimate object or service. You can refer to it, use it, operate it, reference it, try it... you can't consult it, as that implies that it's a consultant and as such inhabits properties shared by living organisms. Don't try and act like a clever **** when you don't understand the words you're typing.
skezza said:
Oh and by the way, telling someone to consult the search function or Google is a pretty stupid thing to say (despite the fact I regularly see arsey users say it on here). You cannot consult an inanimate object or service. You can refer to it, use it, operate it, reference it, try it... you can't consult it, as that implies that it's a consultant and as such inhabits properties shared by living organisms. Don't try and act like a clever **** when you don't understand the words you're typing.
Click to expand...
Click to collapse
Oh, I'm really sorry as I am not a native English speaker, but I used this as a reference and I thought to myself that it's correct. I'll email the guys and tell them the proper definition:
http://dictionary.reference.com/browse/consult
con·sult   [v. kuhn-suhlt; n. kon-suhlt, kuhn-suhlt] Show IPA
verb (used with object)
2.
to refer to for information: Consult your dictionary for the spelling of the word.
So the dictionary is not an inanimate object. I see..
But these guys are rookies at dictionaries..
Let me search the Cambridge page, oh yes, it's here:
http://dictionary.cambridge.org/dictionary/british/consult?q=consult
consult
verb /kənˈsʌlt/
Definition
• [T] to get information or advice from a person, book, etc. with special knowledge on a particular subject
If the symptoms get worse, consult your doctor.
I'm not quite sure how to get there - I'd better consult a map.
Point taken. You're absolutely right. The map isn't an inanimate object. But first thing's first:
1. I did not insult you in any matter using offensive words or name calling, as you did above.
2. I pointed out a thread where you could openly speak about "moving internal stock applications to sd card" and the results of this.
3. If I did not make myself clear or my post seemed a bit out of tune, I don't care.
Dont be offended if Alex says something like go look for yourself, he's said it to me at least once! I didn't take it personally- what I did do was think, hmmm fair point I'll go look! (And now my cwm is up to date, thanks!!)
sent usin' tapatalk innit.
First things first, you still don't get it Alex but I'm not going to get into a grammar argument with you. I'll let bygones be bygones.
It's just unnecessary. If every douchebag turned round and said "use google", "the search engine is your friend", you'd never have any activity on this forum. You're not only being unnecessarily rude, you're slowing down the progress of those who want to gain information.

[SOLVED] "Photo Settings" app by infinity8 trapped my photos, any way to save them?

[SOLVED] "Photo Settings" app by infinity8 trapped my photos, any way to save them?
I have this app called "Photo Settings" store some of my photos. All of them are 8MP photos 3264x2448.
http://www.windowsphone.com/en-US/apps/e88ce04d-ff1e-490c-86b8-66beab519c46
Viewing the thumbnails of the photos in the album work fine. But when clicking it to view the whole picture, and more importantly, giving me access to the export button, crashes the app.
It does not crash when the photo is smaller in size.
Is there any way to get my photos back other than waiting for an update of the app?
My device is an HTC Titan which cannot be interop unlocked right now to get filesystem access, and from what I know, even if interop unlocked, the isolated storage of the app is encrypted, right?
Are the photos not syncing with Zune?
Ah apologies, the images are stored in the app's file storage not in your media library. Then no. The app's file storage is isolated. So you'll have to wait for the dev to update the app.
Casey
Yes, you can do it easy. You will need any ISF access desktop app (search forum). Or you may use standard MS app called ISETool.exe (located at %ProgramFiles\Microsoft SDKs\Windows Phone\v7.1\Tools\IsolatedStorageExplorerTool), it came with WP7 SDK.
Command line should be: ISETool.exe ts de e88ce04d-ff1e-490c-86b8-66beab519c46 [C:\Users\YourName\Pictures]
ts = take snapshot (i.e. download all ISF content for the app to desktop)
de = device
e88ce04d-ff1e-490c-86b8-66beab519c46 = "Photo Settings" app GUID
[C:\Users\YourName\Pictures] = you should specify snapshot location here
@sensboston: ISEtool and its ilk can only be used on sideloaded apps. Given that the OP gave a link to the marketplace, I'm guessing he didn't sideload this app.
@OP: Isolated storage is not automatically encrypted (though the app developer can choose to encrypt files before putting them there, which this dev *might* have chosen to do). However, accessing the filesystem does typically require interop-unlock, so that's probably not going to help in your case.
It's a pity, I didn't know that BTW, on interop-unlocked Focus I still can access any ISF using WP7 Root Tools.
P.S. @GoodDayToDie, what if I sideload any dummy app with the same guid? Have you tried that trick?
UPDATE: tried, doesn't work (as an update; reinstall is working but deletes old ISF)
Agh... yeah, I should have mentioned, do *not* try that! If you do so, the default beahvior is re-install (wipes the IsoStore). If you try to force an update instead of a reinstall, the phone won't permit it (if you're replacing a Marketplace app with a sideloaded one). Somebody at MS already thought of that trick. :-/
Don't worry, I've experimented with useless app, of course
Summarizing: he-he, here is another reason to sideload apps instead using marketplace
P.S. It's definitely app author's fault. WP7 data API's are such limited but Pictures is the one of most opened and well known. Nothing prevented the author to save captured images in the MediaLibrary...
sensboston said:
Don't worry, I've experimented with useless app, of course
Summarizing: he-he, here is another reason to sideload apps instead using marketplace
P.S. It's definitely app author's fault. WP7 data API's are such limited but Pictures is the one of most opened and well known. Nothing prevented the author to save captured images in the MediaLibrary...
Click to expand...
Click to collapse
Well, the point of the app is to hide pictures from the Pictures library...
I should have tested it more thoroughly before putting secret yet important photos inside
Have you tried to contact the author? Most smart app authors include contact info somewhere in the app, usually in an "About" section. Lacking that, you can always use the review as a place to leave feedback, though it's hard for the dev to respond.
GoodDayToDie said:
Have you tried to contact the author?
Click to expand...
Click to collapse
It seems like a best advise in this topic. Contact author and ask about adding option to save pictures to SkyDrive or media library.
GoodDayToDie said:
Have you tried to contact the author? Most smart app authors include contact info somewhere in the app, usually in an "About" section. Lacking that, you can always use the review as a place to leave feedback, though it's hard for the dev to respond.
Click to expand...
Click to collapse
Yes there's an email to author link in the app, I emailed the author a few days ago, but got no reply.
I found what seems to be the author's personal email address by checking the author's domain information and emailed there too, still got no reply.
Does WP7 itself encrypt the NAND? When Riffbox supports the Titan, I can make a full NAND dump of the device through JTAG, are there any tools available to extract files from such dumps?
Phil_123 said:
Does WP7 itself encrypt the NAND? When Riffbox supports the Titan, I can make a full NAND dump of the device through JTAG, are there any tools available to extract files from such dumps?
Click to expand...
Click to collapse
I don't know 100%, but may guess - it shoud be encrypted, same way as sd-card.
At this time, WP7 does not (claim to) support full device encryption. It's possible that it does so anyhow, of course.
It does lock the SD card, which means another device can't even see the data on the card, but JTAG might get around that.
One-star reviews + emails to the author explaining thr problem and the reason for the one-star review seems like the best bet for now. Lame, I know.
The author finally responded, he will be fixing the problems

[Q] Block unwanted cookies files in databases

Hi!
Yeah, yeah, I know, I know, I'm a noob... Well, sort of actually coz even if it's my first public message I've been roaming this forum for quite a while. And thanks to you guys I understood how to root, how to flash a CD Rom and so on. Without disturbing anyone, ain't it nice?:good:
But now I have a question, I couldn't find the answer anywhere on the web hence this post.
I'm rooted on both my Galaxy Mini and my Galaxy Tab P6210 and I noticed that some apks leave files like webview.db, googlestats etc. on the data/data/whateverapk/databases folders.
On the Mini I found how to prevent those annoying files from polluting my system(yep, I don't like cookies and similar spying stuff) by changing the databases folder's perms to --x --- ---, or even sometimes -- --- ---. For the most stubborn apks I rwx --- --- the databases folder, then I erase all the text in the unwanted file and finally I lock the file's perms to --- --- ---. It works with most apks including Dolphin Mini and Opera Mini, cool. Only one or two resist and FC if I attempt to modify too much the perms but it's OK, I don't use then that often and I don't mind to delete the trash manually.
The problem is that on the Galaxy Tab it doesn't work on most apks, it makes them FC. I've tried all the possible perms combinations but nope, FC.
I guess, since the concerned apks are the same on my Mini and on my Tab, that it has to do with the OS, Gingerbread for the Mini, Honeycomb for the Tab. I noticed as well that some of the files on the Tab are different, on the Mini it's mostly googleanalytics.db, webview.db and webviewCache.db files, whereas on the Tab I have, apart from the above mentioned ones, some webview.db-shm, webview.db-wal, webcookieschromium.db and webcookieschromiumprivate.db files.
I guess .db has something to do with dropbox, but I don't use any dropbox, and I even deleted the (empty by the way) folder in my system. When I open those files I can see that they have something to do as well with sqlite, but I don't have any built in sqlite. I have one that has been installed by an apk in the /xbin folder but I erased it and it didn't change anything (don't worry, I put the sqlite back afterwards). It's very annoying, those files spy on us guys, they record all the web sites we visited, the email(s) or facebook accounts we use etc.
For now I have put bookmarks on my home screen and I delete manually the troublesome files just after I opened the relevant apk but hey, it's not very convenient!
Anyone knows how I can prevent them from coming back everytime I use an apk?
Thanks a lot for your help, and sorry for the long post:angel:
Already 3 days and over 50 views but no answer yet, what's wrong?
Is it that my question is of absolute no interest?
Or that the way I explained my problem was not clear?
Or that no one knows how to do it?
Or a bit of the 3?
It seems that you want to remove unnecessary garbage files that have been left out by some applications. I recommend that you use SD Maid, free is good enough, but of course PRO is better.
Anyway, SD Maid can clean File Corpses and clean the system files like the ff:
/data/log
/data/tombstones
/data/system/dropbox
/cache
Temporary Files
Log Files
Gallery Thumbnails(This one can really build up even with just the same files. I'm not exactly sure as to why it adds again and again but it saves me a lot. Like 300~600MB)
Empty Directories
LOST.DIR Directories
It can also optimize DBs. All of these are available on the free version.
As for cookies in browser, you can uncheck "accept cookies" but this might cause some websites to malfunction or not work.
Other things like cache you can use History Eraser, One Tap Cleaner and etc.
Hope I helped.
I think most don't want to delete them because they are normal caches and cookies, also some apps' settings are stored on those database files. I don't see any advantages in deleting those files (apart from saving couple of MBs storage space...) They aren't any "bad" or "spying" files.
By the way, the .db means database, not dropbox.
Sent from my GT-P6210
miksumortti said:
I think most don't want to delete them because they are normal caches and cookies, also some apps' settings are stored on those database files. I don't see any advantages in deleting those files (apart from saving couple of MBs storage space...) They aren't any "bad" or "spying" files.
By the way, the .db means database, not dropbox.
Sent from my GT-P6210
Click to expand...
Click to collapse
Correct me If I'm wrong but it is necessary to clean caches and cookies once in a while because it can hog the device. Sometimes old caches are stored even if they are of no use anymore. It's like the principle of filling up your internal storage too much that you can see a dramatic decrease in performance. These kind of files updates a lot and does not seem to overwrite existing files or at least delete those that are unnecessary. It is not needed however to clean it every after use. Just once or twice a week is good enough.
Thanks for your answer but it's not what I was meaning, let me explain more clearly.
Take any app, say a mp3 cutter. It doesn t need any internet connection to work but when one downloads it one sees that it requires internet access permission. One thinks it s ok and one downloads it. But then in the mp3 cutter databases one finds those webview.db files, and this is why I say that it spies on us coz why this mp3 cutter needs such databases? The same with offline dictionaries, or one tap cleaner (a very bad one by the way, put it through privacy blocker and you ll be amazed of all the infos it takes from you), or mp3 players etc. On browsers like dolphin it s the same story, and when one views those files one sees that they record all the sites one has been through although the apk doesn t need it (I know it for sure coz I delete the files before my browsing cession and it still works). Disabling the cookies doesn t help, it just prevents you from accessing web sites that need cookies like gmail, yahoo and the like. Apps like LBE or privacy blocker show partly what those apks do in our back, taking our IMEI number, our contacts, reading our sms and sending everything to who knows where and for who knows what purpose. But they don t show the databases leaks...
As I said in my first post another parameter is that for a same apk, with the same version, let s say dolphin 2.3, on my Galaxy Mini running GB I managed to block the perms and thus to prevent those files to pollute my system but on my Tab running HC it doesn t work and FC the apks. Plus the files are not the same, there are more of them and with different extensions on HC (again using the same apk on both GB and HC).
So the answer lies somewhere in the OS but I couldn t find where due to my limited knowledge and that s why I m here
Any hint or idea on how to eradicate those files from their source? Of course one can delete them manually and that s what I do but it would be so nice not to have to do it all the time. It s not about saving space, those files weight next to nothing, it s about privacy.
By the way I deleted most google apks and this is already a big relief. Other setting I did include blocking all the perms of the usagestats folder, of the throttle folder (well I just left r--, ---, --- otherwise it bootloops). Download testlogging and you will see for exemple of many spying stuff the google apks put on your tablet...
Anyway, back to the topic:
how can I permanently block those files? Many people on this forum and elsewhere are very concerned with their privacy, to the extend that some create privacy watching apks, but to my knowledge nobody ever bothered about those databases files although they represent a big privacy hole in our systems...
Thanks a lot for your help!
Send from my barebone Galaxy Tab P6210, 34 system apks left and counting down
Apart for some real serious stuff, apps need some way to persist information. If you prevent them to, you should expect fc when they try, no?
That's too much paranoia for me.
Enviado de meu MB525 usando o Tapatalk 2
Graffiti Exploit said:
Correct me If I'm wrong but it is necessary to clean caches and cookies once in a while because it can hog the device. Sometimes old caches are stored even if they are of no use anymore. It's like the principle of filling up your internal storage too much that you can see a dramatic decrease in performance. These kind of files updates a lot and does not seem to overwrite existing files or at least delete those that are unnecessary. It is not needed however to clean it every after use. Just once or twice a week is good enough.
Click to expand...
Click to collapse
Yes, the caches can get bloated if the app doesn't remove unnecessary things automatically. In that case a clean is ok.
Sent from my GT-P6210
@unclefab
If the mp3 cutter that you mentioned in your example has ads it needs the internet permission for them, and some ad providers make the database files automatically. They just contain some ad web address cache and only "personal" information saved is your language setting, at least from my experience.
And blocking the apps saving the information doesn't help with privacy really much because they can still access the info, they just can't save it in the databases. A malicious app can send the info without saving it too.
Sent from my GT-P6210
leodfs said:
Apart for some real serious stuff, apps need some way to persist information. If you prevent them to, you should expect fc when they try, no?
That's too much paranoia for me.
Enviado de meu MB525 usando o Tapatalk 2
Click to expand...
Click to collapse
I have to agree with this one. Messing up with permissions can cause issues to certain applications and it really seems that he is paranoid.
If your concerned about such privacy, you shouldn't download the app on the first place. Although some developers get rid of such permissions because of some people's concern, this is unlikely to happen to every application. HC is a different platform from Gingerbread and so such issues that you have mentioned may occur.
Have you tried firewalls like DroidWall? I'm not sure if it really works, but it might lessen your burden from manually deleting files or privacy concerns like your data being accessed/used. Again, not sure.
Don t worry, I m not paranoid, my Tab is well protected, I have rather intricated settings between Privacy Blocker, LBE (by the way and FYI, LBE conflicts with Droidwall, both can t work together) Rom Tool Box, Logging Test and Permissions denied, so I don t think that any apk can steal any info from me!!!
Actually it s more a matter of principle, why apks like let s say Dolphin or Opera record all the sites I ve surfed, eventhough they don t need to do so (coz they still work after I deleted those files manually). And about the exemple given above, why apks which don t display adds need to have an internet permission and to put such webview.db files in the databases? Of course I m not obliged to download them, and actually I ve already erased many such apks, but for some I don t have any choice, specially for dictionaries (I travel a lot and need such stuff).
Plus it s a matter of curiosity, where the heck lies the source of those files? And why can I block those files easily on GB but not on HC? Yes, it s because the OS is different, I know, but how does it work? I don t know so much about Android OS but I like it and I want to learn more.
So back to the question, how can I tweak my system in order to prevent those files from appearing everytime use an apk? There are enough experts on thsi forum so hopefully someone knows the answer.
And BTW, when I see the difference between GB and HC, I mean more spying from the Google/Android OS, then I feel less eager to upgrade to ICS coz for sure it will get even worse, not to mention JB...
You're not saving passwords in your browsers/webview-based-apps, right?...
Do you mind explaining why webview.db databases have you concerned?
Thanks.
They are saving information from him, that's why. Nothing can save his information, I think that is the point.
Dude relax, there are spy apps, there loggers, but you are blacklisting all webview based ones.
And as some guy told before, if they want to spy you, they don't need to save anything.
But seriously, you don't need to study much on Android OS to known why what you are doing are causing fc. Take any app in any platform that have internal Conf and db files. Corrupt them and mess with permissions, you should get something similar.
Enviado de meu MB525 usando o Tapatalk 2
Thank you for explaining me why they Fc but I had understood it by myself from the very begining, I m what you call a noob but I m not brain dead:silly:
All what I want to know is what generates those files in the OS, and how to prevent it from happening, provided that it s possible.
Apart from that it s ok for me if other people don t mind having files in their databases which record their web activity, and if they don t feel uneasy to know that the more advanced the Android OS the more files there is and the more difficult it is to block them (I said already 2 times that on Ginger Bread I block all those files and that the apks don t FC, which prove that the files are not required by the apks to work normally).
Thanks
I am not calling you noob buddy, but you were trying to solve a problem with no elegance at all.
Contact developers and ask why they are using webview and that you are not comfortable with files it creates. But if you use a program that uses it you have to accept those files, simple.
A lot of details of stuff like webview are API specific so changes version to version. So access of those files may changes on each version of android, as well as file location, name or how to handle errors. So the fact that what you did worked on gb, helps you with no conclusions.
Enviado de meu MB525 usando o Tapatalk 2
I didn t mean thay you (tu) called me a noob but that you in general (vos) call newbies noobs. Sorry for the misunderstanding, it s one of the many limitations of english compated to latin or germanic languages
So it sounds like what I was asking about is impossible to do, well, well, I will see what I can do with apktool, maybe I can change something in the manifest or ressources or I don t know where. Just for info, here s what s insideone of those files when it s newly created and before it starts spying:
SQLite format 3@ 
-� g
���k �6� `���" �tablepasswordpasswordCREATE TABLE password (_id INTEGER PRIMARY KEY, host TEXT, username TEXT, password TEXT, UNIQUE (host, username) ON CONFLICT REPLACE)/
Cindexsqlite_autoindex_password_1password�+�)tablehttpauthhttpauth CREATE TABLE httpauth (_id INTEGER PRIMARY KEY, host TEXT, realm TEXT, username TEXT, password TEXT, UNIQUE (host, realm) ON CONFLICT REPLACE)/Cindexsqlite_autoindex_httpauth_1httpauth
�"�tableformdataformdataCREATE TABLE formdata (_id INTEGER PRIMARY KEY, urlid INTEGER, name TEXT, value TEXT, UNIQUE (urlid, name, value) ON CONFLICT IGNORE)/Cindexsqlite_autoindex_formdata_1formdataR}tableformurlformurlCREATE TABLE formurl (_id INTEGER PRIMARY KEY, url TEXT)J%cindexcookiesIndexcookiesCREATE INDEX cookiesIndex ON cookies (path)�� tablecookiescookiesCREATE TABLE cookies (_id INTEGER PRIMARY KEY, name TEXT, value TEXT, domain TEXT, path TEXT, expires INTEGER, secure INTEGER)W--ctableandroid_metadataandroid_metadataCREATE TABLE android_metadata (locale TEXT) ��en_GB
@unclefab
Even if the webview.db has always all the fields it doesn't mean they need to have a value or string. For example the "password" field is almost always emtpy.
Sent from my GT-P6210
A little old, but worth the reading:
forensicsferret.wordpress.com/2010/09/30/android-browser-forensics/
Sent from my GT-P6210 using Tapatalk 2
Why would I use such apks?
I said it already, it s because I need them. I deleted some and replaced them by similar apks more privacy friendly, but for some I don t have any choice. For exemple browser. I managed to lock the perms on opera mini and it still works but you know opera mini, on some sites it doesn t display correctly so I have to use dolphin whose perms can t be locked. Talking about it I will try boat browser, it s not as good as dolphin but if it doesn t have those files it could be a solution...
Same stories with dictionaries. I m a language teacher who lives in asia and I need far eastern languages dictionaries. Try to find a thai english or thai indonesian dictionary which can work without those files... BTW if you are interested I found a good english chinese which works without any .db garbage;-)
Thanks for the links, interesting article, some food for thoughts...

Big bug Huawei Mate 9 : warning for all

Good evening
Best wishes to you all
Sorry for my Bad english but I will try to do my best to explain the incredible bug encountered and warn everyone about my problem hoping it will avoid you the same disaster
I hope you can help me even if I do not believe it anymore...
Since I was caught by the time I carried out the daily transfer (by car, in the night, eating ....) of my photos / videos between my old phone (galaxy note 3) and my new Huawei mate 9 and this in several stages over several days via bluetooth.
Since everything worked perfectly because I checked day after day that I had the same number of files, I opened the videos transferred to the mate 9 and everything was there.
But one day I open the files transferred on the mate 9 and there everything disappeared except the directory tree: I mean that the folder transfered are there with their original names but all the content have been deleted and the folders transfered are well there but are all empty.
Of course like an idiot i have deleted the original content from my note 3 as I checked a successful transfer: result I have so far lost a major number of pro and family photos and video due to some sort of bug Of the mate 9.
I tried all the apps of recovery possible on the Google store or on Windows (easus, dr fone ....) but nothing does they do not find anything (and I'm in development mode with debug USB activated after that i have pressed 9 times on the phone model)
I know that I proceeded as an adventurer without saving before doing this damned transfer.
But do you think that there is a hope that I can manage to find by some means those files that have disappeared miraculously but their folders are still there but empty.
Thank you for your suggestions
Small precision in case: I made these transfers on the session of my second user account of my mate 9 and not the master account originally created during the first start of the phone.
I noticed that these additional user accounts are attractive at first but in fact there are too many limitations: only the master account can send MMS for example in no case the additional accounts even with all the permissions granted, there are Other limitations too ... I contacted Huawei who confirmed these limitations for security reasons according to them.
Similarly one can delete at any time the additional user accounts but if you want to delete the main account it is absolutely necessary to reset the phone and it is impossible to reverse one of the secondary accounts into master account, you will have to reset and recreate as desired.
The more absurd for me is the inability to transfer files present on the internal memory between sessions of user accounts, we can only access the files of our current session even when we are into in the session of the master account we can't access the files of one of our others account.
You dont have your stuff backing up to one of the many available clouds?
amazon, google, dropbox, etc.
I would have mentioned easus but looks like you tried. I feel bad for you but take it as a learning lesson, backup important stuff. Get you a hdd, cloud backup and computer backup minimum. Never solely rely on a cell phone.
Huawei is big on security. Sometimes they get it right but if your 2nd user account was someone you didnt want to access your information you would appreciate the added security. I have never used guest accounts or anything but I remember my 2 year old was playing with my phone as she always do, and few minutes later she was in twrp attempting to delete everything. This was a 128gb nexus 6p filled to the rim with important information.
any twrp backups from previous phones?
Don't call it a bug because It isn't.
And also there are easier and much faster ways to transfer files out there.
Sent from my MHA-L29 using XDA-Developers Legacy app
intruda119 said:
You dont have your stuff backing up to one of the many available clouds?
amazon, google, dropbox, etc.
I would have mentioned easus but looks like you tried. I feel bad for you but take it as a learning lesson, backup important stuff. Get you a hdd, cloud backup and computer backup minimum. Never solely rely on a cell phone.
Huawei is big on security. Sometimes they get it right but if your 2nd user account was someone you didnt want to access your information you would appreciate the added security. I have never used guest accounts or anything but I remember my 2 year old was playing with my phone as she always do, and few minutes later she was in twrp attempting to delete everything. This was a 128gb nexus 6p filled to the rim with important information.
any twrp backups from previous phones?
Click to expand...
Click to collapse
Hi
Thanks for your kindness
But unfortunately no twrp backups too... ;(
victorlht88 said:
Why didn't you use a micro SD card for data transfer?
Click to expand...
Click to collapse
I had a sandisk class 10 on my note 3... The SD card died with many importants informations and impossible to recovery too... Thats why i didn't and i won't use SD card anymore
Mate 9 victim said:
I had a sandisk class 10 on my note 3... The SD card died with many importants informations and impossible to recovery too... Thats why i didn't and i won't use SD card anymore
Click to expand...
Click to collapse
Bummer! Hope it gets better for you...
Btw, I see you just joined, so Welcome to XDA!
Hello... about my problem...
I have contacted Huawei and I was surprised that they seemed almost to know the problem : they told me "you had a file corruption" at our stage we can not do anything you need to contact [email protected] with the following ticket number that we will create together ".
I wrote 3 days ago ... Still no answers ...
We will see ... But given the bad comments found on the net about the Huawei support I have no illusions ...
Last episode and season finale of my bad experience
I had the Huawei support by phone finally... They admit that there must be a file corruption "bug" on the mate 9 and they propose me to send the phone to a technician to try to do something without any guarantee to succeed and of course without lending of a phone replacement during this period.
If I can go back I will never buy this phone 1stly for the bug encountered but seeing the support recognising that it can be a real bug from the phone and not lending a phone... For a 700€ phone the support and results are very bad in the end.
Excepted this bug the mate 9 has many limitations and bad cons that I will explain in a video in a few days to describe why if I could I won't buy the mate 9 again
have you checked if the files are still taking a space inside the storage? or it is all free?
there is a lot of viruses out there that could have renamed or hide your original folders
michel090428 said:
have you checked if the files are still taking a space inside the storage? or it is all free?
there is a lot of viruses out there that could have renamed or hide your original folders
Click to expand...
Click to collapse
Hi Michel
It is exactly what I think and after discussing about this the Huawei technical phone operator told me that it can be the files corrupted by the bug : yes I am sure that the actual storage is higher than it must be, at least 8-10 Go more...And that's why they propose me to send it to their technical support but without any guarantee to succeed and with no phone to lend during this period.
I hope that soon there will be a root 100% secure of this phone to do a full recovery deeper as possible but for the moment I don't know how to access this extra storage used that I can found exploring the phone in all the account users sessions or with hi suite or others recovery software (Dr fone, easus...) and I have enabled the option show hidden files and folders into ES explorer but no results
Hope you learned a valuable lesson.
Backup your data. Anything can happen. Bug. Stolen. Lost. Water damage.
I do have sympathy but very little.

Categories

Resources