Multiple malware apps preinstalled on Infocus phone? - Security Discussion

I bought Infocus M2 phone from Tinydeal. Infocus is not so well known brand and I am bit suspicious about chinese phones, I have used Lenovo phone quite some time now but I replaced its rom in the beginning, altough how can I be sure that the rom I have been using is totally pure? Well, I can't but I have used bank applications etc. without problems.
However, I first checked this Infocus phone with Avast which reported one PUP -rated app, related to updating the phones firmware. However, after running Malwarebytes it reports three malicious apps and none of them is the one Avast reported.
Apps cannot be uninstalled since this phone is not rooted and those are system apps. Should I stop using this phone? Nice device but...

I managed to root this phone and I removed those three apps, dunno if this phone is now secure to use.

how to root M2
Diexi said:
I managed to root this phone and I removed those three apps, dunno if this phone is now secure to use.
Click to expand...
Click to collapse
Can you share details or URL on how you rooted this phone?
I scanned mine with Malwarebytes (0 found). I'd still be interested in rooting it, though.
I bought my M2 in Taiwan through official channels, where did you get yours?

spawnflagger said:
Can you share details or URL on how you rooted this phone?
I scanned mine with Malwarebytes (0 found). I'd still be interested in rooting it, though.
I bought my M2 in Taiwan through official channels, where did you get yours?
Click to expand...
Click to collapse
I bought mine from Tinydeal. I cannot share links because I am new user, but google infocus m2 101 and check that facebook page, Taiwan rom factory.
Basically you boot the phone with alternative recovery and then install root package, there was confusion after you leave the recovery when it asks should root permission be fixed, I tried this whole process more than once I recall answering differently to that last question, can't remember which one was correct since it asks that even when you donn't try to flash that supersu zip package

Contacted Tinydeal and asked about the malware apps. The phone works and I have now dared to use it after removing those apps, no problems so far.
Tinydeal just said that those are system apps installed by manufacturer and that I shouldn't worry, but clearly all M2 phones do not have them so I doubt InFocus did install them. Spawnflagger, does your rom have finnish (Suomi) language in it? If not, I might have unofficial rom since finnish is very often absent from phones bought from China and many times only added by seller who replaces the rom.
Tinydeal so far does not admit installing malware.

Diexi said:
Contacted Tinydeal and asked about the malware apps. The phone works and I have now dared to use it after removing those apps, no problems so far.
Tinydeal just said that those are system apps installed by manufacturer and that I shouldn't worry, but clearly all M2 phones do not have them so I doubt InFocus did install them. Spawnflagger, does your rom have finnish (Suomi) language in it? If not, I might have unofficial rom since finnish is very often absent from phones bought from China and many times only added by seller who replaces the rom.
Tinydeal so far does not admit installing malware.
Click to expand...
Click to collapse
It's very possible that TinyDeal didn't do anything at all to the phone, just wherever they got the phone from, had a modded ROM. Another possibility is that an early version of the ROM had some code that scanners found as malware (false positive), and newer updated ROMs removed it. Did your phone do any OTA updates? Mine had an update as soon as I put it on WiFi, which I installed. Then after I setup Google account, there were several Google Play updates to Google Play Services, Gmail, Maps, etc. Only pointing out that it seems to ship from the factory with an outdated image, and maybe this is what modders added the Finnish language support to. Mine doesn't have Finnish though. (after updates, mine is Android 4.4.2, build # 00WW_2_260)
From infocusphones.com, seems they are targeting China, Taiwan, and India. InFocus is an American company, but all their phones are made by a Taiwanese company (but probably manufacture in China). I've used InFocus projectors before, didn't know they even had phones until a few weeks ago.

The phone did suggest updates, but because my past experience is that updating a China product via automatic updates might result in an OS without Finnish language and/or bunch of Chinese apps etc. My rom version is with "240" end so it is older, Needrom.com has "260" rom available but it says limited multilanguage and no mention of "FI". Also Avast and couple other virus scanners reported "update.apk" to be malware altough since Virustotal.com scans by using 57 scanners and only couple of them reported malware that might have been false positive.. however, I have removed update.apk. Those three apps mentioned were reported by several scanners of those 57 so I kinda believe those really were malware, also if the Twitter app really was genuine then why couldn't it be updated from Google Play? Also when looking for Cleanmaster from Google Play it showed that the apps wasn't even installed so I think there really was something about those three apk-files.

Diexi said:
The phone did suggest updates, but because my past experience is that updating a China product via automatic updates might result in an OS without Finnish language and/or bunch of Chinese apps etc. My rom version is with "240" end so it is older, Needrom.com has "260" rom available but it says limited multilanguage and no mention of "FI". Also Avast and couple other virus scanners reported "update.apk" to be malware altough since Virustotal.com scans by using 57 scanners and only couple of them reported malware that might have been false positive.. however, I have removed update.apk. Those three apps mentioned were reported by several scanners of those 57 so I kinda believe those really were malware, also if the Twitter app really was genuine then why couldn't it be updated from Google Play? Also when looking for Cleanmaster from Google Play it showed that the apps wasn't even installed so I think there really was something about those three apk-files.
Click to expand...
Click to collapse
There's a ROM translation app (video on youtube) that will use Bing Translate to recompile all the APKs, removing or adding languages desired. (I haven't tried it). It might be possible to get the stock 260 ROM and add Finnish to it.
Also, another XDA thread mentioned that the Cyanogen mod supports pretty much all languages... The officially supported devices wiki page doesn't list the M2 yet, but perhaps check back in future:

I also have malware on a new Infocus phone, its model M310, purchased from Banggood.com. The malware causes the internet to redirect randomly to coo123 or Qoocc web sites,this is both with the stock browser and firefox. Also a window comes up randomly with a sexy picture,this can happen anytime,even when brownser not open. I have tried a factory reset but didnt help.
After running various virus scans it seemed the preinstalled facebook app was suspect along with smsreg app. I managed to delete these, but the problem still remains. All virus scans are now clear (malwarebyes,eset,avg,360 security). So i am at a loss what to do. There is a newer rom on needrom, but it seems this may not have gapps or rooted and i wonder if this will be infected also. Would welcome any other suggestions?

After obtaining root access I deleted those three infected apps and then went trough every app I had on the phone and deleted everything I concluded not to belong into stock Android. I had one strange app named lyc_1.apk and since Google did not find anything about it I deleted it and so on. Stock browser had baidu mentioned in its name so I deleted that also and opted to run Chrome from Google Play.
I'm not experienced with network stuff, but have you looked at your hosts-file, how does it look? You can use Root -browser and edit it, atleast if you have root permissions.
My phone displayed an ad on the notification bar which had same kind of icon like Update.apk, after deleting Update.apk it never happened again, but also I cannot update the phone trough Settings. Not big loss probably since updating may cause problems...
After these things I have used phone without problems.

I updated the phone with original firmware from infocusphone.com.
I would happily provide the links for more convenience but I was restricted from the system because I am new.
Save the zip file on the sd-card.
To install the new firmware put the phone into recovery:
) Switch off the phone
) attach phone to charger
)press and hold Volume up + power button until you get into recovery
) choose install zip from the menu
With the new firmware there is a app Dr. Safety (trend micro) that reports no malware. Using eset the app meiyanxiangji is reported as malware. I uninstalled it using settings-> apps->uninstall
I am quite happy with the Phone.

I connected the phone to my PC today I noticed that there are multiple files in the root internal storage, they are labeled like following:
as643a27-b490-4x0a-49f6-c66fdbecb5e0
Anyone have idea what these are? They are all 36 bytes and seem to contain same text as they are named.

Diexi said:
I bought Infocus M2 phone from Tinydeal. Infocus is not so well known brand and I am bit suspicious about chinese phones, I have used Lenovo phone quite some time now but I replaced its rom in the beginning, altough how can I be sure that the rom I have been using is totally pure? Well, I can't but I have used bank applications etc. without problems.
However, I first checked this Infocus phone with Avast which reported one PUP -rated app, related to updating the phones firmware. However, after running Malwarebytes it reports three malicious apps and none of them is the one Avast reported.
.
Click to expand...
Click to collapse
I bought the same phone from dx.com (DealeXtreme) and had the same 3 apps show up with MalwareBytes.
I ended up getting the code from infocusphone.com. I can't post a link since I haven't posted enough.
It took a bit of trial and error to find the right file. The one I loaded was LSO-2260-0-00WW-A02-update.zip. If you copy it to an SD card and load it as described earlier in this thread, you should be set.
Malwarebytes no longer reports anything (neither does Avast). Will be looking get root next....

Diexi said:
I bought mine from Tinydeal. I cannot share links because I am new user, but google infocus m2 101 and check that facebook page, Taiwan rom factory.
Basically you boot the phone with alternative recovery and then install root package, there was confusion after you leave the recovery when it asks should root permission be fixed, I tried this whole process more than once I recall answering differently to that last question, can't remember which one was correct since it asks that even when you donn't try to flash that supersu zip package
Click to expand...
Click to collapse
I downloaded the alternate recovery from Taiwan 101. It is a rar file and asks for a password when I try to extract it. Do you know the password?
EDIT: found it on another Facebook page; password is taiwan101
EDIT: Rooted successfully ... thanks Diexi
Thanks

Getting Error while rooting
Getting Error reboot failed: -1
Plz suggest i am doing as it is said in the Taiwan rom Factory
---------- Post added at 10:05 PM ---------- Previous post was at 10:00 PM ----------
Exclamation Getting Error while rooting
Getting Error reboot failed: -1
Plz suggest i am doing as it is said in the Taiwan rom Factory

Diexi said:
I bought Infocus M2 phone from Tinydeal. Infocus is not so well known brand and I am bit suspicious about chinese phones, I have used Lenovo phone quite some time now but I replaced its rom in the beginning, altough how can I be sure that the rom I have been using is totally pure? Well, I can't but I have used bank applications etc. without problems.
However, I first checked this Infocus phone with Avast which reported one PUP -rated app, related to updating the phones firmware. However, after running Malwarebytes it reports three malicious apps and none of them is the one Avast reported.
Apps cannot be uninstalled since this phone is not rooted and those are system apps. Should I stop using this phone? Nice device but...
Click to expand...
Click to collapse
no joke, scan that thing with multiple anti viruses from the market. if they support root , there better because they can do a complete scan. also try completely swiping the SD card clean

A big mistake was to delete the possible malware, because now we have only rumors but nothing we can definitely say about. So, you learned now that next time just backup the infected stuff or directly scan it against known antivirus sites (or attach here). But without anything it's impossible to say what could be the risk now.
As written down a fresh and clean install would be help now to make sure no leftovers are left on the system.

Looking for rooting method for InFocus M2 and custom ROM
Sent from my XT1033 using XDA Free mobile app

Rom Devlopers
hi all good day
any one try to deodex this rom and any custom rom works for this device stop all these malware nonsense give me stable rom whats the version specific any one find custom boot theese questions help us to make new best rom please make it possible

I received InFocus M2 today.. I don't believe in this malware thing...
Sent from my XT1033 using XDA Free mobile app

Related

[Q] Android - Custom "Market" app vs Unknown Sources DISABLED

Hi All!
Let's say I would like ( or rather I'm forced to ) build a customized Android ROM. Among all related things that are well described there is a one "black hole" to me..
I need to replace Android Market with a custom market application and block unknown sources setting ( to always disabled ). Root access must also be disabled.
For me it seems that not having root access along with Unknown Sources disabled excludes writing a custom market application, because as far as i know custom market app will need to invoke Package Installer.
Did anyone came across such problem ?
For now i only need to estimate the complexity of this task so i would appreciate ANY clues on this one..
regards
Also interested in the solution, have a similar problem.
First, you should leave Unknown sources always on enabled. If you're worried that you might suck in a malware app, install an antivirus.
Second, I installed several custom ROMs so far, and the only problem I noticed with market is that it does not show the phone model (GT-i5800) anymore, but just "phone". Other than that, apps install fine, payed apps can be purchased and this is the stock Vending.apk, not modded.
Third, don't even consider not rooting your phone if you make a custom ROM (even this sentence is a contradicition...), coz if you don't have root, you can't dump the factoryfs.rfs, making it impossible to create a Custom ROM in layman's terms...
Got any questions, just ask!

[Q] Who to root thsis one: Caterpillar S50, framaroot fails

Processor: Qualcomm MSM8926 Quad-core 1.2Ghz
Platform/OS: Android 4.4.2
Kernel: 3.4.0-gc6284e5-dirty
Buildnr: LTE_S0201121.0_S50_0.015.00
Framaroot shows Aragorn as only exploit (although this is not a Samsung) whichs fails with error #6.
Any advise on more testing that is available or other remedies & possibly known path to investigate?
(The device is new & out since oct, 1 2014)
There is more technical info on: http: // catphones.com / en-gb / phones / s50-smartphone /
Cat s50 root
Hi,
Whenever you insert a micro SD card in the device, the device the same complains or can not connect to download images, videos, music ...
The device we complains micro sd card but can not do anything with it. From the Play Store I downloaded the app "ES File Explorer". When transferring the images from internal memory to micro sd card, notice was that it must be the root device.
How to root the device, have you anything to it?
external sd-card ist useable without root
You dont need root to use an external sd-card. But you cannot write directly into the external sd-card for security reasons. Only installed apps are allowed the store their data there.
When you insert the sd-card, android put a folder named Android/Data into the root-folder of the sd-card. Apps who are modified for external sd-card use, put their own folder in there, which is writable only for this app. For instance, my navigation app store its data to the external sd-card.
If you want to copy your music to the external sd-card, you have to use a computer. The phone is mounted as external device. Then drag and drop your mp3 to the external sd-card. I have made a folder Music on the external sd and copyied my mp3 collection in there.
Greetings
hannesausmwald
My original question about rooting the device is not for storing data on SD. It is more about controlling the device and be able to make a proper backup. Under my control.
So the question still is How to attack this problem. Searching leads to a lot of unusable approaches. (Mostly because they reference OLDer firmware. This firm ware is from last summer).
If more info is needed please indicate what is needed.
Hi noci2,
I've succesfully rooted my S50 with Root Genius BUT new OTAs may not work.
In my case the new update (LTE_S0201121.0_S50_0.017.00_E01) has unrooted the phone and left it crippled (root is lost, partly removed and can't be gained till now and worst thing is: I can't update/root/unroot the phone hence I'm stuck with the 0.016 firmware). Anything else works fine so I'm just waiting for a stock rom + recovery / flash tool + image of the original firmware to undo the "damage" (no root and no updates).
kevin22
P.S.: I would be very grateful if anybody could support a backup image or something (one day)
borstie22 said:
Hi noci2,
the new update (LTE_S0201121.0_S50_0.017.00_E01) ...
I would be very grateful if anybody could support a backup image or something (one day)
Click to expand...
Click to collapse
New OTA? My baseband number is LTE_S0201121.0_S50_0.015.00 and a new update is not available till now via OTA (here in Europe/Germany) What is changed?
I would like to have a backup image too.
Well, that's odd. I'm living in Germany, too.... maybe it depends on your carrier (mine is o2). In version 0.016 the Cat App Store was removed (I've contacted the support and they told me that it'll be back in 0.017 with some improvements). Further LTE was optimized (in 0.016).
Summary:
0.015 - base firmware
0.016 - first update (LTE improvements and Cat App Sotre removed)
0.017 - Cat App store should be back and maybe some minor changes (size is 45,4MB) ... and I can't test it :crying:
kevin22
borstie22 said:
Well, that's odd. I'm living in Germany, too.... maybe it depends on your carrier (mine is o2). In version 0.016 the Cat App Store was removed (I've contacted the support and they told me that it'll be back in 0.017 with some improvements). Further LTE was optimized (in 0.016).
Summary:
0.015 - base firmware
0.016 - first update (LTE improvements and Cat App Sotre removed)
0.017 - Cat App store should be back and maybe some minor changes (size is 45,4MB) ... and I can't test it :crying:
kevin22
Click to expand...
Click to collapse
Hi Kevin,
I am also an o2 - customer, so that cannot be the reason. I will contact the support. Maybe they can tell me whats wrong.
Greetings
Hannes
Hi guys,
I'm on 0.016 as well and it shows me I can upgrade to 0.017, but it always fails (download - reboot - after reboot there is a message in notification area, saying that upgrade failed). Do you know more about this?
Regards
I'm in Holland, no OTA available
mine only gives "server error" when explicitely checking if an update is available.
Hi herdt,
I've got exactly the same problem with the update. Seems like my "partly rooted" ROM isn't the troublemaker after all. Maybe there's a flaw in the OTA itself?
Hi!
I am in Estonia and today I got my first update (had .15). It installed successfully and now I have _0.017.00. I had only tried rooting it before with towelroot which failed.
Framaroot still shows Aragorn as only option. Towelroot fails.
Cat appstore looks the same.
Kernel version: 3.4.0-gd73c047-dirty
Hey guys!
Same problem in Switzerland. Unrooted so far (though have been desperately trying to). No OTA yet, still on 015. OTA update doesn't complain when checking for updates, just saying that none are available. Had to turn off LTE since it has been pretty volatile.
hannesausmwald said:
I will contact the support. Maybe they can tell me whats wrong.
Click to expand...
Click to collapse
I wrote to support and asked about the OTA 0.017.00 The support-staff member wrote me back, that this update is only available via OTA, but not for all regions. The availability depends on the CID-Number which is displayed when you call the #02# (Mine is E01) When the update is available I will get a push message.
On my further askings, on which point in time I will get the OTA and about the purpose to upgrade the phone to Android 4.4.4 or 5, comes nothing concretely. Version 0.015.00 is up-to-date, wrote the staff-member, and I will get a push message. Upgrades are not decided till now.
But when it is up-to-date, why we have other users like borstie22, who has got 0.016.00 via OTA?
I think they are momentarily a little bit confused themselves. My S50 is also E01 and I get an update notification (0.017) but the support told me that 0.016 is the current E01 firmware yada yada yada ("you'll get a push message when the time has come").
Once again: I think we need the help of some clever xda-developers to unleash the true performance of this phone and it's software (Bullitt seems to be somewhat overchallenged with that).
borstie22
Got the E01 (0.015) as well, no updates so far. I'm really looking forward for it since it will hopefully solve the terrible LTE instability I'm experiencing, in general the network (voice as well) is much worse than my old nexus 4. Do you guys made the same experience or is yours stable? I already asked for a 2nd (new) SIM but got the same flakiness. I guess its time to contact support.
Edit: I just realized they don't even list the s50 in their support section nor in the contact form. Weird.
I haven't had any issues, but that support thing is a bit weird. I tried contacting them through contact form, regarding windows USB drivers to get the phone recognized for ADB. There was no response at all.
Stumbled on this thread looking for root, as It would've been Ok for me to read logs from phone directly.
Driver problem got sorted by updating SDK and explicitly telling Windows to use the generic android drivers that came with it.
That doesn't sound very promising. I just ordered my s50, should arrive tomorrow. I'll report back what CID and firmware I have and if I can update.
The LTE thing doesn't sound good at all.
So I sent them an email 2days ago late in the evening and got a reply concerning the LTE issues this morning: They basically recommend to turn LTE off which indeed improves the stability, no random blackouts anymore but general network reception (voice calls) is still beyond good and evil. My dear co-workers with other phones and LTE enabled have no problems at all (same carrier, same place, same contract). About the missing S50 info/support on their site: They're working on it. Anyway I just replied to see whats going on with the updates, lets see. Well at least they answer to support requests :good:
---------- Post added at 10:09 PM ---------- Previous post was at 10:04 PM ----------
d3l1 said:
That doesn't sound very promising. I just ordered my s50, should arrive tomorrow. I'll report back what CID and firmware I have and if I can update.
The LTE thing doesn't sound good at all.
Click to expand...
Click to collapse
You got any news on your device? LTE works fine?
Lots are talking about firmware update, but what about actual root ?

[Help]I Un-rooted my Phone so I can run a certain app but still run into problems

Hello, as the title says, I un-rooted my phone a few days ago... I used KingRoot, and I also used the Un-Root option on their windows app when I un-rooted my phone. I also used Root Checker App and the Terminal Emulator App from Google Play to verify, the results showed that my phone is no longer rooted.
Note: I'm also very newbie and most of the time, very clueless when it comes to these Android Rooting business, so I would appreciate it as well if the answers will be newbie friendly, and I apologize as well if I'm asking to be spoonfed for the solutions; I only have very limited time, and me hunting for answers in google resulted in hours of wasted time, except on me being able to learn just the meaning of a very few terminologies, too few to be considered significant I think.
~~(Might be helpful) Details:
-The model is: Samsung Galaxy Core Duos GT-I8262, and is running the Android Jelly Bean (Android Version 4.1.2)
-For a more detailed firmware/rom info (after dialing *#1234#):
AP: I8262XXAMG6
CP (Baseband Version): I8262DXAMH1
CDC: I8262OLBBMH2
Kernel Version:
3.4.0-1322246-user
[email protected] #1
SMP PREEMPT Mon Jul 22 17:26:39
KST 2013
~~Situation:
Now the thing is, the app I am using no longer allows phones who are rooted, so I un-rooted my phone, and to begin with, I haven't really done anything with my phone being rooted, since back then I was trying to fit my games on my external SD card by installing apps which requires root... but everything I tried with my limited time didn't work even with root, so I did not bother to do anything root-related (like installing certain UI modification and such). The only thing that got installed on my phone is this KingRoot app (which I prevented from installing any other app that it offered), and is since then removed.
Now, I un-rooted my phone using the Windows App that KingRoot provided, and I even used Root Checker app from Google Play and even checked my root status using the Terminal Emulator; results are all cleared, my phone is no longer rooted.
But when I run this app, it still gives me an error code that the devs themselves provided... an error code that indicates that my phone is either Rooted, is a China Phone, or other problems.
For the first two problems; Rooted or China Phone; I'm supposed to be cleared of this, and my phone is a Samsung bought from an official dealer...
As for the third problem: one of my friends who uses the same app told me that my problem might lie on my ROM not being a "Global" one... from the Firmware info I provided, I can see an area code called 'DX' (which should stand for Indonesia, Malaysia, Philippines, Singapore, Vietnam, and I am in the Philippines right now).
~~Problems:
There comes a whole lot of new problems, but first, to sum up my whole problem:
--What should I do with my phone to change its ROM or Firmware (what should I change between these two to begin with?) so that it becomes "Global" and would finally allow me to run this App (a Game), WHILE at the same time, still allows me to use my Sim Card in the country I am in right now and still being able to keep all my data intact (assuming Flashing a ROM would erase my phone's data particularly in the internal storage)?
Specific Problems:
-With my limited time, I only am able to find tutorials that allows one to flash a ROM using a Rooted Device... should I root my phone again and do the flashing then remove the root? And before that... really, what in the world should I do? (Refers to my question above on my problem summary), like, how should I flash this ROM while my device is unrooted, what should I do? (I'm really sorry for this question, but I hope someone will help me on this...)
-I am having dilemmas with backing up my data in my phone, such as my notes on the built-in Memo App, and my research said I have to use Titanium Backup... which requires a rooted device to work... can I just use this "Backup and Reset" from my phone's Settings and would still allow me retrieve my notes on my Memo App as well as my contacts and Text Messages intact after I flashed this "Global" ROM?
-I cannot seem to find a ROM that is "Global"(?) for my Smartphone Model and Android Version whenever I search google... can anyone of you who are knowledgeable enough provide me with such? Searching for it using google is not giving me any exact answers...
-I have read during my research earlier that when I flashed a ROM that is not in my country, my Sim Card would fail to work? Then what should I do to make this phone have this "Global" ROM/Firmware which will allow me to run this App, while at the same time, still allows me to use my Sim Card in this country without any problems?
-To begin with, from the data I provided:
AP: I8262XXAMG6
CP (Baseband Version): I8262DXAMH1
I see from the AP the area code 'XX' which denotes that it's Austria, Belgium, France, Germany, Hungary, Italy, Spain, United Kingdom, right? Then isn't my phone "Global" already? I'm very, VERY confused...
---
These are all the questions I have in my mind right now. I hope someone would help me with my problems, and clarify necessary things from my problem. If someone could also direct me to a tutorial of sorts, on flashing a "Global" rom that would enable me to run this App, while still making my phone's data intact and still allows me to use my Sim Card for communication purposes here in the Philippines, would greatly be appreciated as well.
Thank you all in advance, sorry for the long post too, I tried giving all the details I could and asking all the questions I could that might help pinpoint the problem as well as might help in providing me a solution that would work to fix my problem.

Nomu S20 - GPS problems, mic volume, no OTA or support, and Android Triada ROM virus

ROM version 1.0.7 available through OTA update. See post #93 for instructions. Most of these issues have been fixed.
I have bought Nomu S20 which in principle is a great smartphone by hardware but is plagued with many problems. I have started this thread to discuss possible solutions, as part of the problem is that Nomu does not provide any OTA (it looks like a face FOTA), and there is no suppor from their website nomu.hk, not even to supply a downloadable stock ROM. So here are the problems I have found:
1. Stock ROM comes prepacked with Android Triada Virus*. The virus is very persistent, and imune to antivrus programs. It silently installs a fake "Settings" app in the background. Antivirus scan software can detect the app and delete it, but it will be installed again silently later on. See attached files for some of the related processes/apps. There is also the com.chunmei.calculator publicity Spam/virus. It's possible to uninstall it, but it will come up again on the background, at some trigger event. * For possible fixes/workarounds specific to this ROM see posts #32, #53 and #57. Also read the other posts.
2. GPS software is very glitchy¹: it's necessary to reset all GPS data at almost every restart of the GPS service. I have tried many tweakings, but the problem seems to be really in the ROM, how it communicates with the GPS chipset. Using an app like GPS Reset COM before using an app which requires geolocation helps with solving the problem by forcing a full, cold start. Using GPS Up in the background also helps with keeping the service functioning while it's been used by or a fix is not gotten by other navigation software. ¹ The GPS problem is fixed in ROM version 1.0.6 -- Link --- (Also available on Needrom.com.) See post #96 for further tips on how to possibly stabilize the GPS/GLONASS fix. See post #93 for instructions on how to update your ROM.
3. Microphone volume level is low: microphone volume is low when used in apps like Whatsapp to record a message. One has to speak very close to the microphone so that the one receiving the message might hear it in a good, reasonable volume. I've had other phones and this is a problem specific to Nomu S20.
4. No support from their website: there is no support from their website nomu.hk. They do not even supply stock ROMs for those who might want to update their phone or fix a bricked one. One has to rely on websites like needrom.com or this XDA forum to get the stock ROMs.
5. OTA/FOTA is fake: it really doens't work. I had installed version 1.0.2 and 1.0.3. In both cases the wireless update feature gives the message that the phone already has the latest software. So OTA/FOTA is most likely a fake , non responsive service.
6. Charger doesn't work when the phone is off: the phone doesn't recognize the plugged charger when the phone is off.
7. Android translations not complete: specially in version 1.0.2, several languages are missing. Systems apps like the dialer may not have an accurate translation in version 1.0.3.
There's a new official ROM on needrom.com which purportedly solves the Triada Trojan problem: NOMU_S20_COMMON_V1.0.6_2017_05_18_FQ5C23WTE1D.XWP_.NOMU_.M0.HB_.H.SM_.0518.V3.06 mod edit - link removed I shall be testing it in the coming days.
Update: the uploader himself tried already and states that the ROM is also infected: "Tried already…. no help, All Nomu ROMs are still infected… anybody can help?".
JVitor said:
5. OTA/FOTA is fake: it really doens't work. I had installed version 1.0.2 and 1.0.3. In both cases the wireless update feature gives the message that the phone already has the latest software. So OTA/FOTA is most likely a fake , non responsive service.
Click to expand...
Click to collapse
Maybe it's because "Wireless Update" app is infected by itself (Android/Trojan.Downloader.Fota.e) as reported by Malwarebytes Anti-Malware scanner.
Nice thread btw! :good:
navigatoras said:
Maybe it's because "Wireless Update" app is infected by itself (Android/Trojan.Downloader.Fota.e) as reported by Malwarebytes Anti-Malware scanner.
Click to expand...
Click to collapse
Indeed. Perhaps if we delete, disable or uninstall files assciated with FOTA (Wireless Update), we might "cure" the ROM. I have noticed that the "Seetings" app (com.chunmei.calculator) is installed through a temporary installer at /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk If the trigger event or process of origin is located, we might "cure" it. It could be the Wireless Update feature/FOTA as well. I will experiment with that.
Also, there seems to be an alternative ROM, from a rebrand called MTT IDEAL: https://forum.xda-developers.com/showpost.php?p=72467315&postcount=19 Official website: https://www.mttmobiles.com/fr/mtt-ideal If we can get the official ROM from MTT IDEAL, it might work on Nomu S20 and if from a different developer, it might also be clean and better.
I have already tried deleting the following folders and still the /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk processs is injected randomly and the fake Settings app is installed. So it doesn't seem to be related with Wireless Update/FOTA.
Code:
/system/priv-app/SecurityService
/system/app/AdupsFota
/system/app/AdupsFotaReboot
JVitor said:
I have already tried deleting the following folders and still the /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk processs is injected randomly and the fake Settings app is installed. So it doesn't seem to be related with Wireless Update/FOTA.
Code:
/system/priv-app/SecurityService
/system/app/AdupsFota
/system/app/AdupsFotaReboot
Click to expand...
Click to collapse
Does this mean you found a way to root the phone?
I have contacted a Nomu representative and supposedly the company tried "to clean the malware from their rom" with the 1.0.6 update. I am not sure that the company put the malware there on purpose (for some extra cache) and was not fooled by a third party (as a lot of other Chinese manufacturers have the same issue).
I am not familiar flashing ROMs with MediaTek based phones (not even sure if the method is CPU based) but are we sure that ROM 1.0.6 is also infected, according to the user in the 'needrom' forum and the result is not dependent on the flashing method (ie a partial vs a full wipe of the storage area)?
Let's hope that we'll be able to also try the official ROM from MTT IDEAL at some time..
navigatoras said:
Does this mean you found a way to root the phone? I have contacted a Nomu representative and supposedly the company tried "to clean the malware from their rom" with the 1.0.6 update. I am not sure that the company put the malware there on purpose (for some extra cache) and was not fooled by a third party (as a lot of other Chinese manufacturers have the same issue).
Click to expand...
Click to collapse
Yes. I have rooted the phone. I had to install first TWRP recovery and then flash SuperSU via TWRP. A little complicated: 1) First unlock bootloalder via Fastboot; 2) Flash TWRP and reboot into recovery; 3) Flash SuperSU flashable zip file; 4) Rewrite IMEI numbers using SN Write tool (click here).
When I flash a new ROM I have to do it all over again (except if IMEI was backed up before, but then root might be necesssary for this anyway). I will try and test the 1.0.6 update next week, with a full wipe/format command.
All right! Thanks for confirming that the above mentioned method works. As I am planning a motorbike trip (the reason I bought the phone in the first place) I don't feel comfortable to follow the procedure at this time but I will definitely be more experimental after the trip.
I will eagerly wait for your results, as you 've already said "this is an otherwise good device", and report back if the company representative communicates to me any more info!
navigatoras said:
I will eagerly wait for your results, as you 've already said "this is an otherwise good device", and report back if the company representative communicates to me any more info!
Click to expand...
Click to collapse
Thanks. I will post results here. Hopefully meanwhile the representatives or someone else provide some other solution, if version 1.0.6 is not the final one. Have a nice trip. You can use some antivirus scanner/monitor to keep the Settings spammer/trojan in check and uninstall it when it comes up.
I have flashed and tested ROM version 1.0.6 and although antivirus programs don't detect any threats, the Triada virus is still there. The fake "Seetings" app (com.chunmei.calculator) is installed through a temporary installer at /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk. It's installed on the background, at some random event. I am not able to determine the process of origin.
Mega.nz link:
NOMU_S20_COMMON_V1.0.6_2017_05_18_FQ5C23WTE1D.XWP_.NOMU_.M0.HB_.H.SM_.0518.V3.06
I wonder if message #19 posted on the thread about com.chunmei.calculator (link in your first post) about removing and replacing the USIM card has something to do with the persistence of the above mentioned malware. Is it possible that some code is stored in the USIM card?
navigatoras said:
Is it possible that some code is stored in the USIM card?
Click to expand...
Click to collapse
Very unlikely: https://security.stackexchange.com/questions/121571/can-a-sim-card-propagate-malware Triada is a very sophisticated malaware: http://news.softpedia.com/news/triada-trojan-infects-android-s-zygote-core-process-501304.shtml
In fact, developers/hackers have plenty of options to infect a phone ROM with malaware/viruses. To my mind it's the manufacturer's responsibility to make sure that the ROM they are supplying is clean of viruses and other malaware. In this case it's Nomu's fault not to make sure their phones are free of malaware or viruses. Even if they might have been fooled by the developer which supplied the software, it shows poor quality and safety controls. And they should at the least fix it immediately once a problem has been detected.
Update: the below fix doesn't work. Fake "Settings" came up again.
But this time, it seems that the developer (or hacker) which supplied the ROM has been just joking/fooling with us. In version 1.0.6 the FOTA feature was removed, as well as the other files which were associated with malaware, some of them mentioned in this thread. Then they added an app called "Software Updates". It has this icon:
It's a system app meant purportedly to apply software updates to the ROM. I suspected that this app was injecting the malaware when pretending to look for updates. So I uninstalled it with System app remover (requires root). I also deleted the temporary file at /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk (with Root Browser). Since then the fake "Seetings" app (com.chunmei.calculator) has not come up again. I will be monitoring in the next couple of days and report back if it shows up (or another suspect process).
Unfortunately the above fix doesn't work. Fake "Settings" came up again this morning after starting YouTube app. Hackers are not kidding.
For those who might be interested, attached follows the the installer of the fake "Settings" app which is injected by some unknown process at /storage/emulated/0/.jm/com.android.vending/8949_1004_1495532446456.xde.apk (it looks like it's renamed or changed after install so that antivrus programs will not see it or detect it).
I suppose that there isn't any custom rom for this phone that is clean, right? :crying:
Boys, let's go to spam this problem on their official Facebook page, maybe they will wake up and take this problem seriously.
https://www.facebook.com/nomumobile/
---------- Post added at 12:07 PM ---------- Previous post was at 12:07 PM ----------
Boys, let's go to spam this problem on their official Facebook page, maybe they will wake up and take this problem seriously.
https://www.facebook.com/nomumobile/
Can you post a screenshot of the rom/software version your device is using? Have you scanned your device with Malwarebytes' scanner?
My firmware version is 1.0.3, but the virus is still there in versione 1.0.6.
Anyway, Nomu just released the S30 mini which would seem to have exactly the same hardware of nomu s20. Maybe that the firmware is compatible? Even if there are no viruses also in this one...
---------- Post added at 12:44 PM ---------- Previous post was at 12:40 PM ----------
Kiloplt said:
I own one too. But have no virus appearing untill now.
Click to expand...
Click to collapse
This virus seems that remain "hidden" for a while... I've used my phone for about 4 mounths until the first ads appeared.
I've updated my phone to the latest ota firmware, rooted and deleted virus with demo license of Dr.Web.
No virus so far...
LeonKillah said:
I've updated my phone to the latest ota firmware, rooted and deleted virus with demo license of Dr.Web.
No virus so far...
Click to expand...
Click to collapse
I deleted it with avira and created a file with the exact name and changed to read only (rooted phone). It seems like It's worked. Yet.
---------- Post added at 08:03 PM ---------- Previous post was at 07:13 PM ----------
Btw for me the 1.0.6 zip is corrupted says the TWRP when I try to install. I successfully installed the chamelephone os.

X2 Pro - Chinese version living in the EU (regrouped Questions and Answers)

Hello Guys,
So i'm new to Oppo, but an old wolf within these corridors.
I have some questions for you crazy people who bought the Chinese DUAL sim version of the Oppo Find X2 Pro.
I went through all the threads, read them and there are some inconsistent answers. So i will post my questions (feel free to ask me to add more) and will update the orginal post with the answers you will give me - so this helps new comers.
1. Does Google Playstore work?
-Confirmed working
2. Does Google Pay work?
-Confirmed working
3. Does Google assistant work?
-Apparently yes, but the "Hey Google" voice detection apparently is grayed out and doesn't work (Need more confirmation on this also)
- Works with issues or extra application
4. Do Gsuite applications work?
-Normally they should as Oppo is not blacklisted like Huawei and runs GMS. But could someone confirm please.
5. Do third party launchers work (without ADBing "pm" the orignal launcher) ?
- NEED CONFIRMATION - but apparently not
- Confirmed not working
6. Does 5G / 4G work?
Apparently a forum member living in Italy says it works fine, but found that some 5G bands are not present in the Chinese version. Please reply yes or no and on which carrier you are and which country.
- NEED MORE CONFIRMATIONS
7. Does WifiCalling and / or VoLTE work? And if they do /don't please write down your carrier/country
-NEED CONFIRMATION
8. Can you force install the Global ROM onto the Chinese Phone (important point here)?
-Still waiting to see if that is possible. Waiting to get confirmation from people who tried / succeeded / failed please
- Waiting on results
9. Can you unlock bootloader and install TWRP.
-Only answers i could find were : yes and no, bootloader not yet unlockable, TWRP working... very confusing.
9. Apparently you can't use an app like Textra or other to replace the Stock SMS app (who uses SMS anyhow, right? but still an interesting point).
-Anyone?
10. Looking for tutorials on how to use MEMStool, QPST, etc... anyone know of any so i can link them here? Coming from Samsung, Oneplus, etc could be handy
- Anyone?
11- Autostart of more than 5 untrusted applications? asked by @yarik88
Has anyone won this limitation? This is very important, as it affects notifications from third-party applications. And without autorun, calls are not accepted in some messengers that are not indicated by Oppo as trusted.
You can give permission to the application to autostart related applications, therefore, perhaps there is a program (something like an autostart manager) giving it the right to autostart, it will already launch the application that you specify in it. But so far I have not found one and these are my assumptions
12. Anything else?
Thanks for your feedback and help.
I can come back to you on the other questions for but for now I bought mine from Wonda. Google Play was pre installed and works fine (I had a P40 Pro before so I know about Play Store not working fully!)
Google Pay works without issue. The app is stable and have used all my cards to pay using NFC.
Google assistant works once when you set it up, then it takes itself out of settings. I use the Google Voice Search app instead (I only use mine to set timers etc). All my other Google apps work fine, maps gmail etc.
4G works fine, I have the option for 5G in the menu but don't have a 5G sim to test. No option in the menu for VoLTE/WIFI calling it seems.
Flashing Global ROM needs more testers
8. Can you force install the Global ROM onto the Chinese Phone (important point here)?
All attempts to flash the Global (CPH) software on a Chinese (PDEM) phone were unsuccessful so far, however, it seems that all these people (claiming a failure while flashing) are members of the Beta program.
My friend with an Oneplus phone reports the same behaviour (the phone just won't let you flash an older firmware), furthermore, one Beta user here reported that now he can not even flash the original PDEM software while getting the same error message (The installed version is lower than current).
tl;dr
So there is a solid chance that all of this has nothing to do with Global/Chinese ROM, we just need users who AREN'T in the Beta program to test the ROM.
Global ROM (UK version), 12th May 2020, 3 597 MB, CPH2025_11_A.18: https://oppo-uk.custhelp.com/app/software_update_detail/p_name/Find+X2+Pro/session/
The same ROM decrypted from .ozip to .zip for those who want to play with it: https://1drv.ms/u/s!AjPo24k0toyl0VJOap14txM-W3Nl?e=ePbq9I
While I've got you here, can you please see if you can install Nova launcher or lawn chair... Just to see if third party launchers work.
Thanks!!!
Kotd88 said:
I can come back to you on the other questions for but for now I bought mine from Wonda. Google Play was pre installed and works fine (I had a P40 Pro before so I know about Play Store not working fully!)
Google Pay works without issue. The app is stable and have used all my cards to pay using NFC.
Google assistant works once when you set it up, then it takes itself out of settings. I use the Google Voice Search app instead (I only use mine to set timers etc). All my other Google apps work fine, maps gmail etc.
4G works fine, I have the option for 5G in the menu but don't have a 5G sim to test. No option in the menu for VoLTE/WIFI calling it seems.
Click to expand...
Click to collapse
Yes I've read these also....we need to find someone who is willing to try that out...
Killer007TV said:
8. Can you force install the Global ROM onto the Chinese Phone (important point here)?
All attempts to flash the Global (CPH) software on a Chinese (PDEM) phone were unsuccessful so far, however, it seems that all these people (claiming a failure while flashing) are members of the Beta program.
My friend with an Oneplus phone reports the same behaviour (the phone just won't let you flash an older firmware), furthermore, one Beta user here reported that now he can not even flash the original PDEM software while getting the same error message (The installed version is lower than current).
tl;dr
So there is a solid chance that all of this has nothing to do with Global/Chinese ROM, we just need users who AREN'T in the Beta program to test the ROM.
Global ROM (UK version), 12th May 2020, 3 597 MB, CPH2025_11_A.18: https://oppo-uk.custhelp.com/app/software_update_detail/p_name/Find+X2+Pro/session/
The same ROM decrypted from .ozip to .zip for those who want to play with it: https://1drv.ms/u/s!AjPo24k0toyl0VJOap14txM-W3Nl?e=ePbq9I
Click to expand...
Click to collapse
I think the same with all Chinese rom phones, there isn't an option to set another launcher. Yes you can download them and they appear but once you close an app it reverts back to stock. Just tried and no it doesn't set as home launcher (Lawnchair 2 anyway).
SO only way is to adb and uninstall the orginal launcher...thanks for confirming.
Kotd88 said:
I think the same with all Chinese rom phones, there isn't an option to set another launcher. Yes you can download them and they appear but once you close an app it reverts back to stock. Just tried and no it doesn't set as home launcher (Lawnchair 2 anyway).
Click to expand...
Click to collapse
Just a last question, are you willing to test the global ROM on your phone for the community? As all whom tested it , were trying on beta program and couldn't make it happen as stated by Killer007 above.
Kotd88 said:
I think the same with all Chinese rom phones, there isn't an option to set another launcher. Yes you can download them and they appear but once you close an app it reverts back to stock. Just tried and no it doesn't set as home launcher (Lawnchair 2 anyway).
Click to expand...
Click to collapse
11- Autostart of more than 5 untrusted applications?
Has anyone won this limitation? This is very important, as it affects notifications from third-party applications. And without autorun, calls are not accepted in some messengers that are not indicated by Oppo as trusted.
You can give permission to the application to autostart related applications, therefore, perhaps there is a program (something like an autostart manager) giving it the right to autostart, it will already launch the application that you specify in it. But so far I have not found one and these are my assumptions.
yarik88 said:
11- Autostart of more than 5 untrusted applications?
Has anyone won this limitation? This is very important, as it affects notifications from third-party applications. And without autorun, calls are not accepted in some messengers that are not indicated by Oppo as trusted.
You can give permission to the application to autostart related applications, therefore, perhaps there is a program (something like an autostart manager) giving it the right to autostart, it will already launch the application that you specify in it. But so far I have not found one and these are my assumptions.
Click to expand...
Click to collapse
Blazingly fast phone, with almost unlimited RAM... and they limit autostart to 5.
Bizarre (theres that buzzword again!)
I don't get this thing of autostart... Are you telling me that this phone with 12gb of ram...limits 5 applications? Meaning if you have mail, WhatsApp, telegram, calendar , or other apps you need notifications for you are limited to 5 apps max??!!?
Please elaborate...I'm having a hard time believing this. Seems worst than Huawei's app killer...
BlueMeany68 said:
Blazingly fast phone, with almost unlimited RAM... and they limit autostart to 5.
Bizarre (theres that buzzword again!)
Click to expand...
Click to collapse
Killer007TV said:
8. Can you force install the Global ROM onto the Chinese Phone (important point here)?
All attempts to flash the Global (CPH) software on a Chinese (PDEM) phone were unsuccessful so far, however, it seems that all these people (claiming a failure while flashing) are members of the Beta program.
My friend with an Oneplus phone reports the same behaviour (the phone just won't let you flash an older firmware), furthermore, one Beta user here reported that now he can not even flash the original PDEM software while getting the same error message (The installed version is lower than current).
tl;dr
So there is a solid chance that all of this has nothing to do with Global/Chinese ROM, we just need users who AREN'T in the Beta program to test the ROM.
Global ROM (UK version), 12th May 2020, 3 597 MB, CPH2025_11_A.18: https://oppo-uk.custhelp.com/app/software_update_detail/p_name/Find+X2+Pro/session/
The same ROM decrypted from .ozip to .zip for those who want to play with it: https://1drv.ms/u/s!AjPo24k0toyl0VJOap14txM-W3Nl?e=ePbq9I
Click to expand...
Click to collapse
not beta participant and won't flash for me for same reasons
SAO said:
I don't get this thing of autostart... Are you telling me that this phone with 12gb of ram...limits 5 applications? Meaning if you have mail, WhatsApp, telegram, calendar , or other apps you need notifications for you are limited to 5 apps max??!!?
Please elaborate...I'm having a hard time believing this. Seems worst than Huawei's app killer...
Click to expand...
Click to collapse
ItsIt's very similar to this.
This is Oppo's worst idea. I don't understand how they think in China, forbidding the user to use his phone. Just the thought that there are so many ad notifications from apps to take this step.
You have the "Manage autorun" setting in it on top of the list of trusted applications from installed (I have Instagramm, Skype, Telegramm, Whatsapp, Vk, Facebook) I think there are more, but here OPPO decides which applications to consider trusted.
Apps from this list do not affect the 5 apps limit.
And below is a list of all the other apps installed on your phone. And you can select Only 5 applications that have been autorun.
Notifications from applications that don't have autorun permission come in very badly, usually only when you start the application itself. But sometimes they break through, too, but not always.
For example, a SIGNAL messenger without autorun does not receive call notifications and becomes useless, you can get within an hour notifications that you missed a call.
mahst68 said:
not beta participant and won't flash for me for same reasons
Click to expand...
Click to collapse
Now that's devastating to hear. Considering previously mentioned cases it should have allowed you to flash it... I'm speechless and saddened.
May I at least, out of pure misery, ask you which tool did you use to flash the ROM?
That's nuts....
yarik88 said:
ItsIt's very similar to this.
Click to expand...
Click to collapse
On a side note, I went to a local store to.see the single SIM version, and we looked inside...and there were connectors for 2 SIM cards...so my question now is : if we hack the card, and able to put two sims inside...is there a way to change the system for it to work with 2 Sims...
Other tools for flashing stock firmware
mahst68 said:
not beta participant and won't flash for me for same reasons
Click to expand...
Click to collapse
Could you possibly try to use some other way to flash the ROMs? Perhaps one of these: https://www.getdroidtips.com/stock-rom-oppo-find-x2/
Steps to Install Stock ROM on Oppo Find X2 CPH2023
2.6 Method 1: Instructions to Install via Recovery
2.7 Method 2: Instructions to Install via MSM Download Tool
2.8 Method 3: Instructions to Install via QFIL Tool
2.9 Method 4: Instructions to Install via QPST Tool
Killer007TV said:
Could you possibly try to use some other way to flash the ROMs? Perhaps one of these: https://www.getdroidtips.com/stock-rom-oppo-find-x2/
Steps to Install Stock ROM on Oppo Find X2 CPH2023
2.6 Method 1: Instructions to Install via Recovery
2.7 Method 2: Instructions to Install via MSM Download Tool
2.8 Method 3: Instructions to Install via QFIL Tool
2.9 Method 4: Instructions to Install via QPST Tool
Click to expand...
Click to collapse
I tried via recovery the last time using the official EU rom version from oppo's site... I will try these when I get home after work. I believe MSM tool might be the correct route to use from other posts in different threads. :good:
mahst68 said:
I tried via recovery the last time using the official EU rom version from oppo's site... I will try these when I get home after work. I believe MSM tool might be the correct route to use from other posts in different threads. :good:
Click to expand...
Click to collapse
Thank you for your hard work! You deserve some sort of donation at this point.
To save your time, avoid the latest (4th) method (QPST) - files the application requires for flashing are not located in the Oppo's Global ROM.
Killer007TV said:
Thank you for your hard work! You deserve some sort of donation at this point.
To save your time, avoid the latest (4th) method (QPST) - files the application requires for flashing are not located in the Oppo's Global ROM.
Click to expand...
Click to collapse
I believe QFIL won't work either since we only have .ozip to work with..... I will try though. Now if only there was more time in the day to get this done... Of course this couldn't have been something when I had them Corona Days Off.... hahahaha
mahst68 said:
I tried via recovery the last time using the official EU rom version from oppo's site... I will try these when I get home after work. I believe MSM tool might be the correct route to use from other posts in different threads. :good:
Click to expand...
Click to collapse
I guess a lot of people are waiting on you :laugh::fingers-crossed:
Great job for the community. fingers, toes , everything crossed to see if it works.
BUT i still beleive that there is a way to hack the dual sim for single sim international phones, which in a way would be much better.

Categories

Resources