recently downloaded this app from google app-store in order to play pokemon..
i have follow online instruction to root my phone and move this app to system/apps.
had been using it for a week to play pokemon.
So...in 1 lucky day, i was using my desktop pc to browse, the browser was super lag, which prompt
me to look at my router's log, and to my surprise, there were over 30 entries of active sessions.
These r some of the entries
219.77.41.167 - hongkong
123.194.190.41 - taiwan
42.80.233.52 - china
36.106.9.48 - china
49.228.98.115 - thailand
62.76.24.197 - russia
1.252.28.138 - south korea
211.227.85.33 - south korea
103.224.118.94 - singapore
i did some troubleshooting and pinpoint it to this app (FakeGPS). because whenever i turn on my phones' wifi, and run FakeGPS, my router active session would start to fill-up with strange ip.
so. can anyone tell me if this apps is malicious? is it stealing my phone data, or is it using my phone to tap into my wireless router in order to hack others?
Nothing like running a search on the apps name, and looking for info on malware protection sites.
I don't understand why this fake GPS from lexa doesn't work as system app if others are working there must be an issue with this app, has anyone been able to successfully move this app as system app? When I do it it disappears and I set permission to 644 but it still don't work.
Related
Hi..
Jst received update notifications for some lg applications, when I select update, mp informs me some applications is requesting to use location services.
Anyone knows why? Jst wondering y it nds to use location services
Sent from my LG Optimus 7
nothing serious just follow what was ask.
Marketplace is just letting you know that those apps may want to use your location for part of their functionality - e.g. in the same way Bing maps uses your location to show where you are on a map. Another example would be a train times app using your location to show you your nearest station.
It's never usually anything to worry about, although if for example a Tetris game wants to track your location, or be able to dial numbers on your phone, or have access to your emails, etc. then you would want to know why (which is why Marketplace checks with you first for those kind of things).
Ian
The latest Camera360 update demands a strange and dangerous permission - "Change WiFi State". This is defined as follows:
"Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks."
The apps already has internet access. But change WiFi state means it can not only turn your WiFi on and off, but it can add or delete to your access points, and read/change other information like encrypted passwords.
I emailed the developer (in China) and they just keep emailing me back asking what version I am using. He obviously doesn't want to answer the question!
I've noticed this "permission creep" in many other apps. The latest Firefox Android app wants access to global system setting, address book, and accounts. The latest YouTube app can take pictures and videos without your knowledge.
There are a few apps that I no longer update. I also use DroidWall to block cameras and other apps from internet access.
Stay Away from Camera360!
I use droidwall as well, actually extensively. I block everything but the necessities.
Sent from my LG-P999 using xda app-developers app
Thanks for the heads up.
Sent from my LG-P999 using xda premium
Now that look at it, some of the permissions that Camera360's Chinese developers want are pretty scary:
https://play.google.com/store/apps/details?id=vStudio.Android.Camera360
Here are the most dangerous as of today:
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows the app to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information. Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
SYSTEM TOOLS
RETRIEVE RUNNING APPS
Allows the app to retrieve information about currently and recently running tasks. Malicious apps may discover private information about other apps.
CHANGE WI-FI STATE
Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.
Camera 360 Browser Popups!
The Chinese developers that made Camera 360 removed the draconian permissions. But now, it has a more evil behavior. When you start your phone, Camera 360 starts a background process that displays popup ads on some websites with the default Android browser!
Thread on it here:
http://forum.xda-developers.com/showthread.php?p=33130018
Uninstall Camera 360 and watch your phone and your browser run faster!
Uninstalled :good:
Shouldn't this thread be a sticky, and, posted somewhere owners of all different models of phones will see?
Also, surely there must be some kind of app which lets you install apps without actually granting them those permissions? Some kind of permission stripper?
I'm not sure of any apps that control permissions directly but the is one called DroidWall which can block apps from communication over WiFi and/or your mobile network. Needs superuser/root access.
Sent from my LG-P999 using xda app-developers app
Pdroid, need to make a patch for ROM of choice, but it works like a charm!
Sent from my Nexus 7 using xda premium
Bob Tums said:
I'm not sure of any apps that control permissions directly but the is one called DroidWall which can block apps from communication over WiFi and/or your mobile network. Needs superuser/root access.
Click to expand...
Click to collapse
I have DroidWall, and Camera360 is blocked internet access. But it is still able to hook into the Android browser and show popups.
Not sure how that happens. You can try downloading AdAway from the market and see if that gets red of it.
Sent from my LG-P999 using xda app-developers app
For people who lives in the restricted countries, this is a free and root-less way on how to bypass and download country restricted apps and games in Play Store without modding the Play Store app itself.
First of all,
i. Create a secondary google account on your PC.
ii. Leave 'Mobile phone' blank.
iii. Choose United Kingdom as location.
iv. In the next page, you will then add in you phone number for verification.
Next, on you phone, got to Settings>General>Accounts>Add Account>Existing, sign in with you new google account.
After all are done, go to Settings>Connections>More networks>VPN and tap the + sign.
Key in the following:-
Name : BestUKVPN
Type : PPTP
Server Address : BestUKVPN.com
Tick PPP encryption (MPPE)
and tap Save.
To connect, tap on the VPN you've just created :-
Username : free
Password : *the password changes everyday, go to w w w . bestUKVPN . c o m to get the password*
Then, go to Settings>General>Application manager and locate Google Play Store. Tap on it and tap Force Stop, Clear Cache and Clear Data accordingly.
Next, Go to your Play Store and choose your secondary account.
Viola, restricted country apps are available for download!
Unless you country is supported by Google Wallet, you can only download the free apps and games.
Enjoy!
No need for a second account, u can either kill PStore or just restart the machine. It will (re)authenticate the session to a different server (hence, country).
There are easy ways to block this as well, it is just a matter of time to be honest.
However, this method is very loaded, you are opening a VPN for all the connections, there are way better methods for this, i.e Per APP VPN, why make the whole system use a slow connection when you can only have a list of apps that will use that connection. ProxyDroid is amazing, but requires root, i think it supports VPN-s as well .
PlutoDelic said:
No need for a second account, u can either kill PStore or just restart the machine. It will (re)authenticate the session to a different server (hence, country).
There are easy ways to block this as well, it is just a matter of time to be honest.
However, this method is very loaded, you are opening a VPN for all the connections, there are way better methods for this, i.e Per APP VPN, why make the whole system use a slow connection when you can only have a list of apps that will use that connection. ProxyDroid is amazing, but requires root, i think it supports VPN-s as well .
Click to expand...
Click to collapse
Yes there are apps that provides fast and free VPN as well but most of the apps limits your usage, therefore not very efficient. You can switch off the connection once after the restriction is opened and use a faster connection, i.e wifi. And also this doesn't require root.
dayat710 said:
You can switch off the connection once after the restriction is opened and use a faster connection, i.e wifi. And also this doesn't require root.
Click to expand...
Click to collapse
yup confirmed, play store doesn't seem to care about the source location for as long as it authenticates on a country that has the service enabled.
It would be really nice though to have an app that does not require root and can handle a list of apps, and use the proxy/vpn only for that specific list. i guess iptables play a role here.
I tried using my first account which is registered in Brunei and use VPN, cant get thru the restrictions.
I also found out using MarketAccess/MarketEnabler *requires root* and set it to UK/US, I can browse apps/games in Samsung Apps, without the need of VPN. But also could not buy any apps or games unless I have a bank account outside my country.
My European Mate 9 came with some pre installed software out of the box, namely News Republic, WPS Office, Todoist and some others. I didn't bother to uninstall them but I did remove all permissions and mobile/wifi data access on day 1.
I run OpenDNS at home and when checking the logs today I've noticed some unusually high internet accesses to ksmobile.com , ksmobile.net , and cmcm.com
In the last 3 days there have been:
2969 (!!) requests to helpnewsrepublic1.ksmobile.com
82 requests to cm.gcm.ksmobile.com
67 to n.m.ksmobile.net
65 to ws.ksmobile.net
42 to ups.ksmobile.net
167 to ms.cmcm.com
The domains seem to belong to 'Cheetah Mobile', makers of News Republic among some other software that I've never heard before.
The strangest thing is I have never run News Republic. In fact as I've mentioned before I have disabled mobile data, wifi access and removed all permissions from day 1 yet it seems my phone is still communicating with Cheetah Mobile's servers.
Has anyone observed this behaviour with their Mate 9s? What could be going on here?
Wtf dude, that's a great find!
I'm gonna monitor that too. Let's find out.
We already lost privacy long time ago.
Listening in. Great find.
Skickat från min iPhone med Tapatalk
Wow, wtf that's crazy. I'm surprised you discovered all that. Can't say I am completely surprised.
wtf! this is the first time i am using china brand mobile phone, been considered for a very long period before i shift from samsung and LG. hope it is application based not kernel built-in spyware
You are right, but the problem is cheetah mobile. If you install their apps from playstore, you will have the same problem. Their apps are very useful and free, but they send information about our phones to their servers.
I'm a user of news Republic and WPS, since several years ago, in many phones and there is always the same problem[emoji35]
Enviado desde mi MHA-L29
raychak said:
hope it is application based not kernel built-in spyware
Click to expand...
Click to collapse
I've uninstalled News Republic yesterday and proactively blocked the mentioned domains on OpenDNS.com (Settings > select your network > Manage individual domains). Checking the logs today I see no blocked outbound attempts to ksmobile or cmcm which means uninstalling the app might be enough to stop it in its tracks. That's good news.
antz_77 said:
You are right, but the problem is cheetah mobile. If you install their apps from playstore, you will have the same problem.
Click to expand...
Click to collapse
Sure but that doesn't explain (nor justify) why it is establishing outbound connections when 1) I have never run the app and 2) I have disabled data/wifi access on day 1. This is bad enough for an app you've downloaded from the Play Store but even more worrying when it's a pre-installed app.
antz_77 said:
I'm a user of news Republic and WPS, since several years ago, in many phones and there is always the same problem
Click to expand...
Click to collapse
I pinpointed this to News Republic but after reading your comment I did a quick check on WPS Office and I've noticed it's made by Kingsoft which surprise surprise is the parent company of Cheetah Mobile. That's another app I'll be uninstalling then.
Even if you never run the app it still can have a background service
So 1 week after removing News Republic and WPS Office I can confirm that all suspicious traffic has stoped. OpenDNS reports 0 connection attempts in the last 7 days to any of the mentioned URLs so all's good.
Now my attention has shifted to a fairly large number of outbound connections to www.baidu.com (347 attempts yesterday alone). I noticed this on the first days of owning the device but the numbers were in the 80-100 a day. Now that the numbers have tripled I'm wondering if it's due to some rogue app that I've installed (AliExpress?) at a later time or some setting that I've enabled (HiSuite?). Connections to baidu.com don't necessarily mean something fishy is going on in the background but I still would like to know what apps exactly are causing this amount of traffic.
Unfortunately the only Android traffic monitor that I know (OS Monitor) isn't compatible with the Mate 9, or at least with my particular one. Any other suggestions? For now I've resorted to blocking baidu.com via OpenDNS and so far no apps have stopped working.
but you still use facebook ?
I've used NoRoot Firewall to take a closer look at the outbound traffic and came to the conclusion that the culprit for all baidu.com connection attempts is one (or more) of the following system processes:
Android HwResolver
Android System
androidhwext
Call Management
com.huawei.iaware
com.huawei.securitymgr
EuiReceive
FIDO UAF ASM
Fused Location
GeofenceService
HuaweiShare
HwApps
HwARService
HwChrService
HwIndexSearchObserverService
HwLBSService
imonitor
Information
Input Devices
Key Chain
MirrorShare
MMITest
Phone Manager
Power Genius
PredefinedEapSim
ProjectMenu
Settings
Settings Storage
Smart headset control
One (or more) of these processes constantly tries to connect to 103.235.46.39 (baidu.com) but unfortunately that's as detailed as NoRoot Firewall can be. Unless there's an app out there capable of telling us what process exactly is responsible for the connection attempts, the only other way to pinpoint it is by trial and error (ie disable wifi/cellular for certain system apps while keeping an eye on the OpenDNS logs until the connections stop). I don't think I'll bother though.
Once again outbound traffic to Baidu doesn't necessarily mean something fishy is going on in the background. Besides being a search engine Baidu provides cloud services similar to Akamai or Amazon AWS. Huawei might just be using Baidu Cloud Push for some of its apps.
I came searching because I found my phone reporting news republic as power hungry and recommending close. Also instagram. I have never opened either.
Using the power settings I appear to have disabled news republic.
Thanks to this thread, I've now got a longer list of apps to try and disable - its not as easy as my rooted Samsung., because I want to use android pay which precludes rooting.
I _strongly_ recommend uninstalling News Republic and WPS Office. In fact I would run a mile from anything developed by Cheetah Mobile or Kingsoft (parent company).
Regarding Instagram I suggest using Hermit ( https://play.google.com/store/apps/details?id=com.chimbori.hermitcrab ) to create a web app. That's what I did for a whole lot of power hungry apps and I'm happy with the results.
Sent from my MHA-L29 using XDA Labs
enable dev options go to the bottom force the number of background apps to 1 and monitor should allow you to pinpoint the app as it will have been the only 1 running when it pinged
To be clear,
I installed Blokada yesterday on my Poco X3 NFC Android 10. I always disconnect Wi-Fi and 4G antennas when I go to sleep. In the morning I reconnect and now the file mobileconfig.sascdn.com gets blocked in about an hour 485 times.
So it looks like an add link that gets stopped, but I find it odd that it keeps trying every 2 seconds
Where did you download Blokada from? Android app store
Which device do you use? Poco X3 NFC
Do you use a custom ROM? NO
Do you know which OS version you are using? 10
Since when are you facing this issue? This morning, 1 day after install.
Did you already try to solve the issue somehow? I googled it and did find: https://domain.glass/mobileconfig.sascdn.com but what does this say? Is it the phone or an app on the phone and if so witch app?
UPDATE: it seems like a security company so now I want to know why this is in a block list and why my phone wants to contact it ....
I followed the IP on cloudfire and stubled on this
Subdomain Finder scan of sascdn.com - C99.nl
Subdomain scanner result of Subdomain Finder performed on sascdn.com
subdomainfinder.c99.nl
Subdomain Finder - C99.nl
Subdomain Finder is a scanner that scans an entire domain to find as many subdomains as possible.
subdomainfinder.c99.nl
company https://www.akamai.com/
Uninstall Blockada which you downloaded from the Play Store and download the version from the Blockada website. (Don't worry it's safe.) This one works better and is updated more often than the one in the Play Store.
Check if you installed any app recently or which might have installed itself and unknown to you. Some apps mask their icon so it's invisible. The best way to find this...
Go to Settings - About Phone - Storage - Apps and Data.
The reason I suggest this method and not regular Application manager is because this method allows you to uninstall some apps which are otherwise unable to do from the regular application menu. (Especially Xiaomi Bloat).
Hope this helps.