As the title say time I install a new rom or do a factory reset it looks like I've been hacked. As soon as I register and connect my phone to the internet google security activity shows that my phone has been connected from Irland or Germany although I'm connecting from Sweden. How can this be explained if I'm not being hacked? I take all the security measures, changing password etc... But yet this problem doesn't go away. Does this happen to anyone else?
give us more detail
did happen only with one device or more? what do u use for root, wich rom, custom recovery do u install? wich kind of gapps do u use? it happen just when u install the rom/recovery, or when u set up the gapps?
the foreign connection message is inside the gmail account? do u see foreign ip address logged when u are not logged or just foreign ip when u are logged? (this question is because maybe something use a vpn)
I use Viperone rom, but it does't matter what rom I use. As soon as i logg in to my google account it happens, on the google security activity where I can see my devices, it shows that I logged in from Irland or Germany, and after that it goes back to show that I logged in from Sweden. So far I noticed that it only happens on my phone, but in the past it use to happen on my PC too, and it does not show the ip address, it only shows the name of the country. This is how it looks like: http://imgur.com/2A9ZBJy Tyskland is Germany in Swedish and it's not supposed to be there with Irland.
Keomas said:
I use Viperone rom, but it does't matter what rom I use. As soon as i logg in to my google account it happens, on the google security activity where I can see my devices, it shows that I logged in from Irland or Germany, and after that it goes back to show that I logged in from Sweden. So far I noticed that it only happens on my phone, but in the past it use to happen on my PC too, and it does not show the ip address, it only shows the name of the country. This is how it looks like: http://imgur.com/2A9ZBJy Tyskland is Germany in Swedish and it's not supposed to be there with Irland.
Click to expand...
Click to collapse
when u install rom and configure gapps r u using your wifi? because is strange it happens also with your pc, maybe the problem is in your LAN, it happens just after the gapps setup after a fresh install or also later?
do u ose official gapps (and where is the source) or do u use other kind of gapps?
The roms that I use has allready Google apps installed. This time it happened right after I logged in to my phone. In the past it happened a day later.
It's possible that the new rom had it's location history set to those locations.. And Google apps like a good little app is telling where your are...
But it's wrong until it gets a proper location update.
nutpants said:
It's possible that the new rom had it's location history set to those locations.. And Google apps like a good little app is telling where your are...
But it's wrong until it gets a proper location update.
Click to expand...
Click to collapse
No. This happens when i change the password. I changed the password before i installed the new rom.
Google
Yeah sure.google needs update location.
sichuv11 said:
Yeah sure.google needs update location.
Click to expand...
Click to collapse
Nope. I'm definitely being hacked. Everything points towards it. I change my password I format my PC I install the original android to my phone, same **** happens. It was not like this before.
There is a trojan that can not be found by virus, malware and trojan software. This bastard got me. I think it could be the government.
Now it looks like this,I got USA instead of Germay http://imgur.com/uYDxZ1j Am i being hacked or not? 6th februari is the day i changed my password, compare it with the first picture i posted.
make 2 new google account with your pc
wipe your phone and install a rom, than configure it with one new account
use it for a day
than with your pc go in both account and see if are both comprimised or not
Let's assume the worst thing, that I am being hacked. How can I stop this from happening? I already changed password (I'm doing that from time to time), I use 2 step verification and sms verification when I login to my Gmail and I got virus, malware and firewall softwares, what else can I do? How am I being hacked?
Keomas said:
Let's assume the worst thing, that I am being hacked. How can I stop this from happening? I already changed password (I'm doing that from time to time), I use 2 step verification and sms verification when I login to my Gmail and I got virus, malware and firewall softwares, what else can I do? How am I being hacked?
Click to expand...
Click to collapse
if u want help you should try to do what we say and report it
niubboxp said:
if u want help you should try to do what we say and report it
Click to expand...
Click to collapse
Your just asking questions, I don't think you have answers.
Keomas said:
Your just asking questions, I don't think you have answers.
Click to expand...
Click to collapse
and you will never know
niubboxp said:
and you will never know
Click to expand...
Click to collapse
Maybe not on this forum, but there are other forums.
What rom are you using? Where did you get it?
What email app are you using?
Who is your internet provider for your device?
All of these can be factors in you being hacked...
Your rom could have a Trojan on it.
Your email could be not properly storing your password.
(Your not using the factory email app that uses the account your signed info your phone with are you? Please say no)
Is your internet provider known for making a federal case out of every request for information or do they give it out to anyone with a badge?
More information is needed before you can be helped.
First off change roms...
If you are using a oem rom get a custom rom from a popular developer.
Then change email providers
(Unless you are taking Google)
Then dump the two factor crap
Get a third party open source email app or use tor to sign in by web mail.
Change and set your password from a cafe or hotel Wi-Fi that is nowhere where you usually go.
Then see if you think you are being hacked..
If so trash the phone
Get a new one with cash..
Root it secure it
Try again
And if that still looks bad..
User paper and one time pads for encryption and safe drop points.
Related
sorry if this is posted elswhere but i have look for the past hour for this answer.
i have the amazon appstore installed on my desire hd, but im in the uk.
i made a fake email and set it up to look like im in the US.
now i want to install custom mods on my phone but i cant remember the email i used to register with amazon.
no where can i find it mentioned in the app and no where can i find any data on my unrooted DHD.
i no what password i used but just need the email i used.
is there anyway i can find out which email ive used.
i ask because i dont want to lose all the free apps of the day that i have.
thanks in advance
Same problem here... I dont think its possible to recover login email. the appstore saves an encrypted file with your device data, so if you backup and then restore in the same device, should be no problem
killerbender said:
Same problem here... I dont think its possible to recover login email. the appstore saves an encrypted file with your device data, so if you backup and then restore in the same device, should be no problem
Click to expand...
Click to collapse
will i be able to do this without root access.
i ask because i was stupid enough to believe htc when they said the latest update will fix wifi problems but instead it just unrooted my phone and left wifi broken
I am from Malaysia. Just received my d2g i purchase from ebay. I managed to unlock and use local GSM network, NOT VERIZON!
i am unable to add google account. If i sign in an existing google account i have, it shows "user name and password doesn't match", i can log in fine from any pc. And im also unable to create new google account from the phone.
I had searching for weeks on a solution on this, but unable to solve it.
try to wipe data/cach it might help.
the-light said:
try to wipe data/cach it might help.
Click to expand...
Click to collapse
I did a few master reset. it wipe all data on the phone but still same issue.
attached is the image i just took after trying again. but this time it say "cant establish a reliable data connection to the server"
i wander if its control by verizon. means we must use it service in order to used the full function of the phone?
by the way, i am running on Android 2.2 Version.2.4.330.A956.Verizon.en.US
Have you tried changing the Google account password from your PC (making sure it doesn't have any non-ASCII characters like diacritical stuff &c.) and trying again with that new one?
Verizon has nothing to do with Google services.
Gasai Yuno said:
Have you tried changing the Google account password from your PC (making sure it doesn't have any non-ASCII characters like diacritical stuff &c.) and trying again with that new one?
Verizon has nothing to do with Google services.
Click to expand...
Click to collapse
Hi mate. Im using same account and password that im using on motorola defy. DEFY is singapore model which seems to be working fine. That's why i am thinking, maybe verizon did special program on all d2g to stop people like me simply getting the phone but doesn't used the services.
This means they chose to do a “special program” for just one single D2G — yours.
I use my D2G on GSM and I have never had any issues adding my Google account.
Gasai Yuno said:
This means they chose to do a “special program” for just one single D2G — yours.
I use my D2G on GSM and I have never had any issues adding my Google account.
Click to expand...
Click to collapse
LOL
That's positive. Meaning my setting might be wrong some where. There should be solution. Just hope some one experience same situation as me but found solution and share with me here.
when i had issues with google account ive deleted a few msg (first ones) and it became available again. not sure this is the solution for ur thing though..
btw if u can log via phone browser, u might want to sbf for 1 of the os component is bad
the-light said:
when i had issues with google account ive deleted a few msg (first ones) and it became available again. not sure this is the solution for ur thing though..
btw if u can log via phone browser, u might want to sbf for 1 of the os component is bad
Click to expand...
Click to collapse
what is sbf? i been seeing this alot but not sure how to do it. can you give me any link that show me step by step on this.
i am still waiting for the upgrade to 2.3... hope it solves all issue
http://droid.koumakan.jp/wiki/SBF
Gasai Yuno said:
http://droid.koumakan.jp/wiki/SBF
Click to expand...
Click to collapse
thanks mate. checking now.
Hello to all,
first of all forgive me if i am in the wrong forum. Second I am not an authority with ROMs and developing. I can flash a new ROM and follow guidance easily but that's it. Up to that.
I will tell you my scary experience with a specific rom which i installed a couple of days ago on my S3. First off all this post is not suppose to be rude to anyone or anything. I am telling you my story and I would appreciate your input as you are the experts.
3 days ago I installed the MIUI (http://miuiandroid.com/community) ROM on my S3.
As soon as I turned the phone on to run it for the first time I went to the typical set ups but then I noticed something.
On he top right corner of the status bar the a green phone icon appeared meaning that the phone was automatically set on "Call-diverting" .I dint pay any attention for about 30 mins as I was setting up the phone.
When I decided to see what the icon does to my sock and horror I realised that my phone was pre setted to call diverting automatically to a specific mobile number in the UK.
I quickly disabled the call diverting and dint think anything more. All of that happened around 12:30 in the afternoon (pay real attention to the times here).
about 10 minutes later I was at the office. around 2 hours after that I got a text message from my Bank to call them about a suspicious money transfer.
I called the bank and the told me that a few minutes earlier someone attempted to transfer 2000 pounds from my account. Of course my on-line banking was frozen and I was lucky not to loose the money.
Now, during these two hours my phone never rang just the text message from my bank. The bank security employee told me that it looked suspicious to them because whoever was trying to transfer the money asked for the 4 digit number via the automated bank security system to be diverted to another mobile number. The bank advised me to call my mobile carrier as I did.
The mobile carrier , when i talked to him, confirmed that someone called them and accessed my account by giving them all the right info, and requested that every time my phone was out of coverage all calls to be directed to another mobile!
have you guess what was the other mobile?? It was exactly the same mobile number as the pre-set on the ROM which I had installed 3 hours earlier!
And my bank confirmed that the same mobile was used in order to get the 4 digit pin.
I was shocked to say the least!!
When after a few minutes I managed to talk to my girlfriend , she told me that she was calling me earlier for about an hour. These phone calls never made it to my phone. As the phone was pre-setted to call diverting it was ringing to the diverted phone and not mine.
It is obvious that as I do mobile on-line banking and I access my accounts from my mobile (as many do), somehow they managed to get all the information about me and I am suspecting dodgy applications on my phone. I hope I am wrong but this experience has really shocked me.
I love android phones I love what you developers do but I am after you opinion in this one.
I am not here to offend any developers but to have a genuine answer and a sensible discussion about this issue. I am not a kid I am professional and this experience has really made me think twice about smart phones.
nice.! install only trusted ROMs with a lot of feed back
Sent from my GT-I9100 using Tapatalk 2
jowett69 said:
nice.! install only trusted ROMs with a lot of feed back
Click to expand...
Click to collapse
the miui-rom made by miuiandroid.com is a "trusted rom with a lot of feedback" and has a long history and a community with over 50.000 members.
mtdgr said:
I am suspecting dodgy applications on my phone.
Click to expand...
Click to collapse
i think you're right, it wasn't the rom but some malware-/spyware-app.
assuming your phone was rooted, it would be easy for an app to do all kind of bad stuff once it got root-privileges, eg hiding on your sdcard and spying your data and after that establishing the call-divert to catch the 4digit-pin and the rest would be history.
only thing you could do is think what questionable apps with root privileges you installed in the last days before this happened, try to get a copy of it and have a closer look on it, maybe installing it without a simcard inserted or with a simcard without charge on it, to see what happens...
a big piece of luck would be some kind of log from about 1230h to see what established the call-divert, but if i would do such app i would ensure to delete all logs with traces afterwards, but who knows?
though, all of that are just the ideas that came to my mind as i read your post...
good luck for the investigation, would be interesting to know if you could get any information about what happened, so keep us updated, ok?
greetz,
sUsH
It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.
some ideas
mtdgr said:
It would be difficult for me to know which custom ROM is safe and which one is not! I am not an expert you see. And the same goes with apps. I don't think anyone can state with certainty that any are safe.
It is just shocking to know how easy it is for your details to "escape" !
I will keep you informed about how this goes.
jowett69 If you can tell me how to get that log you are talking about, that would be great.
In the meantime can anyone advise on a descent mobile data protection application? something which will prevent any sensitive data from leaking from my phone? Payware or freeware I don't mind.
Click to expand...
Click to collapse
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist
fluxist said:
A start might be to check the Superuser app and click on Log and see what apps received su permissions.
Also, from a cmd prompt you can enumerate all the running processes by running:
Code:
adb shell "busybox ps -A > /mnt/sdcard/process.log"
adb pull /mnt/sdcard/process.log
View process.log for anything suspicious, or post it up and I'll have a look.
fluxist
Click to expand...
Click to collapse
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?
oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?
mtdgr said:
I don't think I could do that my friend. As soon as I suspected that something with that ROM was wrong I performed a full wipe and installed omega 9.1 rom.
My question is this. By performing a full wipe should really erase any malware from the previous installation right? Can anyone advise on a descent antivirus/firewall application which will help me (and others like me) monitor and "block" unusual application behavior?
Click to expand...
Click to collapse
did you wipe your internal and external sdcards too? how did you wipe? cause it depends where the malware was hiding, if it is erased now or not.
a simple, yet powerful firewall is droidwall. you can find it in the market. put it in whitelist-mode and allow only the stuff you know. but droidwall controlls "only" internet-connections (wifi and 3g or such). for full controll over every permission of every app and connection of your phone you sohuld use pdroid, but i don't know if that's really necessary, though i understand your fear. but if someone really wants to harm you and has some knowledge, there are always ways, i think...
mtdgr said:
oh and one more question for my information...sensitive personal data can only be leaked when the device is rooted ? if it is not rooted am I safe?
Click to expand...
Click to collapse
not really, think of those apps you can use to root your device. think a bit further and one could make an app that roots your device and afterwards does the stuff it wants. but seriously, though it is possible, who would do that to you? that's what you should think about...
greetz,
sUsH
ps: cause you did a wipe, there's no possibilty of going through some logs, sry. (though this too depends on the way you wiped and what exactly you wiped...)
I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app
mtdgr said:
I did a full wipe to install the new rom...wipe cache data ...devlink and one more but cant remember it
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
sry, then your try to get rid of the problem also got rid of possible evidence. just try to forget it and be more careful in future with suspicious apps from questionable sources and similar.
greetz,
sUsH
It may be that I am not entering the right keywords, but I can't find the answer on the forums here. It's not a big deal, but I'm curious. When I connect via VPN on 2.3.6 through L2TP ipsec, I get a warning in Gmail saying that someone from a different IP was trying to sign into my account and google prevented it. (Because suddenly a different ip address from hundreds of miles away is attempting to sign in). I don't care that it's not letting it sign in (this isn't my daily driver, I just use it as a media player basically), but the choices I get are to click " No it's not me, change password" or " yes it's me" ( which I don't really want to say either). So is there some simple solution that I am totally missing? Or do I just ignore this everytime I connect to vpn?
Thanks
The simple solution is, if it's you, tell it that it's you. Why wouldn't you want to say it's you if it is?
Theraze said:
The simple solution is, if it's you, tell it that it's you. Why wouldn't you want to say it's you if it is?
Click to expand...
Click to collapse
Point taken. I suppose my first impression is that since Google services pretty much thrives on its users data, I don't necessarily want to admit that I'm encrypting it. I mean it's obviously legal, but I somehow feel that there will be a red check mark next to my account now. Or.... Maybe I should just take off the tin foil hat.
I put this out there to see if I'd get a response from anyone else who came across the same thing in the past.
Sent from my SGH-T889 using xda app-developers app
Well, if you want it to work, tell it that it's okay to work. If you don't want it to work, then you can keep telling it not to work. But if you tell it not to work and it does... that's a bug or security flaw.
My phone's wallpaper canging it self in past couple of days. I did not set an automatic wallpaper changer or anything, I never downloaded or installing any app outside google play store, I never do any illegal download such as image, video, music, apk files, etc.
I don't wanna talk about why this happen, I want to find out a solution to this. This is really creeps me out. What should I do? I've done some security check using Samsung's built in McAfee and shows nothing. My device is Samsung A10s, SM-A107F
HELP
Just factory reset it. It should clear everything out.
and how about tape on the camera in the mean time?
SHAH RUKH 45 said:
Just factory reset it. It should clear everything out.
and how about tape on the camera in the mean time?
Click to expand...
Click to collapse
Yea I was thinking that way, but I have a telegram account that registered using the inactive numbers, and it's really important. Not because there is an important data, it's because that is my work account
renofumi46 said:
Yea I was thinking that way, but I have a telegram account that registered using the inactive numbers, and it's really important. Not because there is an important data, it's because that is my work account
Click to expand...
Click to collapse
Sign in a laptop, use telegram desktop edition. Once you have logged into your account from your pc, you don't have to worry about losing your credentials. Then after formatting your mobile data you just have to install telegram as usual, the app will ask you for a code (or a QR Code) . Look at your pc and you will receive it, type the code into your phone.
That's it!