Dear all,
I was just going through my apps list to see what I could disable and came across an app (only visible in the "ALL" tab in app manager) called Adam, it's 52 kb, cannot be disabled and has permissions to do just about whatever it wants.
Its version is 4.4.2-31. I recently updated to 4.4.2 (by manually installing the OTA), so I'm thinking it's something built in, but I cannot find anything explaining it. The closest "hit" on Google search was a paper on: "ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems" but this sounds more like an analysis tool than built-in virus protection. I also searched this forum directly and didn't find anything.
Can anyone verify what this is? I doubt it's malicious but I'm curious about how Android is handling security these days.
BTW this is on a Moto X GSM DE version (XT1053), oddly enough I haven't felt the need to root it...
Cheers!
[Edit] I was able to display a little more info in Avast!'s app manager and its name is com.motorola.adamsvc, so it's something from motorola. Still not sure what it is though...
droib said:
Dear all,
I was just going through my apps list to see what I could disable and came across an app (only visible in the "ALL" tab in app manager) called Adam, it's 52 kb, cannot be disabled and has permissions to do just about whatever it wants.
Its version is 4.4.2-31. I recently updated to 4.4.2 (by manually installing the OTA), so I'm thinking it's something built in, but I cannot find anything explaining it. The closest "hit" on Google search was a paper on: "ADAM: An Automatic and Extensible Platform to Stress Test Android Anti-Virus Systems" but this sounds more like an analysis tool than built-in virus protection. I also searched this forum directly and didn't find anything.
Can anyone verify what this is? I doubt it's malicious but I'm curious about how Android is handling security these days.
BTW this is on a Moto X GSM DE version (XT1053), oddly enough I haven't felt the need to root it...
Cheers!
[Edit] I was able to display a little more info in Avast!'s app manager and its name is com.motorola.adamsvc, so it's something from motorola. Still not sure what it is though...
Click to expand...
Click to collapse
Same story! Had a Moto G though. Still unable to find out what it is. But since bootloader is locked tampering the ota is impossible as that would change the signature too! So rest assured it shouldn't be a malware.
hi guys.. i also have adam app in my moto g.. its system app cannot remove.. is it a virus/malware ??? cant find anything on internet related to it.. how to get rid of it ???
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
If you didn't read it, it could be a good start in your search.
https://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
VPN!!!!
I think, regular updates with security patches is a must. But if you don't trust your original OS, how can you trust it's updates? I use mokee OS for this reason. And no gapps.
ThirdEchelonSam said:
I would like to setup my phone to be able to browse/use apps as anonymously as possible. I realize that will require Tor/VPNs, and I am working on getting that information elsewhere. Here I am focusing on the phone itself.
It will be a new Samsung on Verizon. I would like to anonymize and secure it as much as possible. For example, I know that Verizon and Google are shipping new phones with spyware and other tagging features. I am not very tech saavy (I cant code), but I am a fast learner.
I will be trying to avoid using Google products at all costs (No Play Store, GMail, etc) - except for Android system updates (I assume this is a necessity?). I am willing to do anything, *except*: Replace the OS - it has to be regular Android (Unless someone can show me an add-on/alternative that wont require constant maintenance/detailed knowledge of how a phone OS works), or compromise the basic software so that it become unstable or wont work with basic apps.
I assume rooting is a must - but I will need some direction as to how this can be done safely, and what I will then need to do to keep the phone updated and stable.
Specifically I am looking for:
- How to remove all native spyware/malware/unnecessary apps (without accidentally deleting something critical).
- Remove any features that could ID my device over the internet
- What kind of software/app I need to set up to protect against future malicious software (some kind of anti-virus/malware scanner?).
- How to most securely encrypt the phone and any data on it (so that if someone was able to get control of it, accessing it's contents without the pass key would be as difficult as possible).
- If necessary, before I web connect it, I could download any apps/programs on another device and trasfer via MicroSD
- Any general tips that might help with this.
Thank you.
EDIT: I was originally planning on getting an S8, but I have read that it might have some issues, so I can get an LG G6 or even Galaxy S7 if it is still preferred for privacy/security.
Click to expand...
Click to collapse
Assuming you are just talking about general privacy and security, then you are in with a chance to minimise data available to Google etc and be largely secure. If you are trying to prevent the likes of the NSA then you have no chance. At the very least your cell provider will know somethings about you (you have to show id in the US don't you?)
Without going to extremes as in the first link below and ending up pretty much with a dumb phone your best bet is to follow something more like this
https://privacytoolsio.github.io/privacytools.io/
As for security you can "harden" your system, there are some good threads etc on this. Or you could just buy a phone that is already hardened see Copperhead OS.
You are your phones best security, but I would say EVERYONE is fallible and could be tricked into opening a malicious email etc under the right circumstances so you should run a good antivirus, it may just save you one day. However they are not even 100% against all known malware let alone future ones or other exploits, it's just another layer of defence. Keeping your phone up dated with monthly security patches is probably your 2nd best defence after you! At some point you are trusting whoever provides your OS, network and any apps installed. Then of course this level of security must extend to all your devices that may link to your phone, no good running a router which doesn't get regular firmware updates, just this week all Linksys ones were found to be vulnerable, before that some Netgear ones, before that ....
Even using TOR does not guarantee anonymity as the NSA, GCHQ etc have been able to identify users in several ways, and no doubt still can, but it is the best way, though can be slow
Use your phones built in encryption, though this only works on a looked phone, anyone can see your data if they lack it up unlocked, or if using remote admin. Using an app to encrypt folders/files can prevent a local person viewing saved files though.
Rooting & removing bloatware would certainly help reduce data "leaks", but it has it's own risks and will void your warranty (though not up to date on S8 & tripping knox etc or on unlocking bootloaders on Verizon phones as I'm not in the US.) If it was me I'd buy an older model that has great support on xda & that you know you can unlock bootloader/root which has a good choice of roms from reputable devs that release monthly security updates quickly & then get a limited set of apps from fdroiod or similar.
whirlpool95 said:
VPN!!!!
Click to expand...
Click to collapse
But be choosy!
https://blog.csiro.au/tinker-torrentor-streamer-spy-vpn-privacy-alert/
(some vpn's are named in the full report, link at bottom of page)
Yea just don't use the internet on your phone, that's my advice .
On Joying headunits with CAN Bus, it is not possibile to use resistor based USWC: this thread aims to overcome the limitation by using an Arduino MICRO connected to the receiving unit of the USWC and to the headunit via USB to simulate a hardware keyboard.
reserved 1
Github repository: https://github.com/MobeedoM-opensource/android-auto
reserved 2
reserved 3
surfer63 said:
In your code you also use the BOOT_COMPLETED broadcast. You know that with the Joying deep-sleep option, you will see that only on rare occasions? This is: only on reboots or power (dis)connects?
Click to expand...
Click to collapse
Yes i know thank you, i noticed that for some strange reason the firmware deactivates the accessibility service even at reboot (at true boot not only with ACC_OFF).
You use the "com.fyt.boot.ACCON" intent filter in your services. If it doesn't have serious consequences please also add the "com.glsx.boot.ACCON" for those users on Sofia that might want to start using your app as well. But this in turn would also require the "minSdkVersion 23" instead of "minSdkVersion 24" like you have now. My PX5 is on 8 so I have api level 26, but my old Sofia on the bench is on 6.0.1 and it would be handy to test there first. (I tried to build your code, but there are many "hurdles" in your app/build.gradle, so I need to dive a little deeper into it)
Click to expand...
Click to collapse
Yes of course i'll add the intent filter, but please note that the current version of the app doesn't use those intents on api level 26+ (my headunit), because of the background execution limits (the implicit intent is simply not received).
The only intent that i was able to trap, but i still need to investigate because it doesn't always work and I haven't figured out why yet, is the android.hardware.usb.action.USB_DEVICE_ATTACHED.
For the build.gradle, if you tell me what are the hurdles maybe i can help, also via PM if you prefere.
You have the method startAccessibilityService with the rooted system call: What does that actually do? Is it for the user to give access? Or the system to give access (as it is rooted)? Is it for the root_preference "OnlyBroadcast"?
Click to expand...
Click to collapse
An accessibility service cannot be started programmatically in android, the user must manually activate it with the switch in the accessibility services section.
That command is used to simulate the behavior of the user who changes the state of the switch, it requires root and it is not granted to work on all roms.
You use the "getCurrentForegroundPackage()". I guess this still works if your have (for example) your navi app in the foreground and your media player in the background and you want to skip to the NEXT, as you automatically come to the last "if" statement in your MediaKeysMapper. But does this also work when your navi app is the foreground program and you are listening to the radio or some "generic_syu" program in the background?
Click to expand...
Click to collapse
Yes you are right, the last use case is not covered. To manage it correctly you need to know which app is currently playing, maybe it is possbile to distinguish syu apps by non syu apps by checking the android AudioManager which i think is only used by non-syu apps.
bambapin said:
Yes of course i'll add the intent filter, but please note that the current version of the app doesn't use those intents on api level 26+ (my headunit), because of the background execution limits (the implicit intent is simply not received).
The only intent that i was able to trap, but i still need to investigate because it doesn't always work and I haven't figured out why yet, is the android.hardware.usb.action.USB_DEVICE_ATTACHED.
For the build.gradle, if you tell me what are the hurdles maybe i can help, also via PM if you prefer.
Click to expand...
Click to collapse
I know about the implicit intents, but on a Sofia on Android 6.0.1 (api level 23) they should still work.
W.r.t. the build.gradle.
I had to remove the private.gradle import statement, some signing statements, defProd and the like, and finally (also literally in time) upgrade my sdk from 27 to 29 to be able to do a simple "./gradlew assembleDebug".
So no issues anymore.
(Of course I had set compile version to 27 in the build.gradle, but I ran into "missing" xmls, which I first blamed on being not committed to the repo (your fault, not mine of course ), but which turned out to be part of sdk 28 and up, so still my fault ).
surfer63 said:
W.r.t. the build.gradle.
I had to remove the private.gradle import statement, some signing statements, defProd and the like, and finally (also literally in time) upgrade my sdk from 27 to 29 to be able to do a simple "./gradlew assembleDebug".
Click to expand...
Click to collapse
Ah yes, the private.gradle... it contains my private keys passwords so i preferred not to publish them on the internet .
Indeed that file must be placed next to the app build.gradle with this content:
Code:
ext {
my_keyAlias = 'YOUR_KEY_ALIAS'
my_keyPassword = 'YOUR_KEY_PASSWORD'
my_storeFileName = 'YOUR_KEYSTORE_FILEPATH'
my_storePassword = 'YOUR_KEYSTORE_PASSWORD'
}
bambapin said:
Yes you are right, the last use case is not covered. To manage it correctly you need to know which app is currently playing, maybe it is possbile to distinguish syu apps by non syu apps by checking the android AudioManager which i think is only used by non-syu apps.
Click to expand...
Click to collapse
Maybe I insult you with providing this link , but anyway: here it is: https://developer.android.com/guide/topics/media-apps/mediabuttons
And the image in post #1. How is red and black connected, and to what?
surfer63 said:
Maybe I insult you with providing this link , but anyway: here it is: https://developer.android.com/guide/topics/media-apps/mediabuttons
And the image in post #1. How is red and black connected, and to what?
Click to expand...
Click to collapse
No insults at all don't worry and even if it were i hardly get offended
Actually i'm not expert on this particular topic, at the beginning i tried to use the standard Android MediaControllers but it seemed to me that when it came to "syu" APPS everything was bypassed, but if you think it's a viable way i'll try again.
The photo is the final version that is now installed in the car.
I noticed that there was enough room inside the SWC receiver to insert the arduino, i made a little hole for the usb socket and i connected the arduino directly (yes i admit, i soldered to save the space of dupont ).
What you see is the inside of the receiver + the arduino. The black and red cables are the power supply of the receiver, the orange and blue are KEY1 and KEY2 (the white and gray of the video). The arduino is simply glued with a removable glue (patafix).
@surfer63 i was thinking again about the autostart after the ACCON.
In the end i managed to make the intent android.hardware.usb.action.USB_DEVICE_ATTACHED always work so the accessibility service is always restarted, but i'm still looking for a better alternative (using the navi app would work but it interfere with the audio mixing level).
I looked again at the code of syu.ms and saw that when the unit wakes up, a series of apps are always launched with hard-coded package names: eg. "com.yh.devicehelper" and "com.cpsdna.mirror" which i don't seem to find installed in the headunit.
Do you have any idea what they are?
If they are never installed, perhaps it is enough to create an app with one of those package names and the system will take care of starting it at ACCON.
bambapin said:
No insults at all don't worry and even if it were i hardly get offended
Actually i'm not expert on this particular topic, at the beginning i tried to use the standard Android MediaControllers but it seemed to me that when it came to "syu" APPS everything was bypassed, but if you think it's a viable way i'll try again.
The photo is the final version that is now installed in the car.
I noticed that there was enough room inside the SWC receiver to insert the arduino, i made a little hole for the usb socket and i connected the arduino directly (yes i admit, i soldered to save the space of dupont ).
What you see is the inside of the receiver + the arduino. The black and red cables are the power supply of the receiver, the orange and blue are KEY1 and KEY2 (the white and gray of the video). The arduino is simply glued with a removable glue (patafix).
Click to expand...
Click to collapse
I do indeed think that the SYU apps do nothing according standard Android rules, so the MediaController would only be helpful for any other app. I do think you need to check if "some" SYU app is active by using something like "this" or by checking the com.syu.ms apk (via jadx(-gui)) or so, because that one also checks on several places whether one of its own SYU app is active or not, and on top or not.
So the bottom side of of the plate with the red led and condensator (or so), is the bottom of the SWC controller circuit?? If so, the image now makes sense.
surfer63 said:
So the bottom side of of the plate with the red led and condensator (or so), is the bottom of the SWC controller circuit?? If so, the image now makes sense.
Click to expand...
Click to collapse
Yes, it is the bottom, when it is inserted it rests on the 4 pillars and leaves enough space below, there will be almost 1cm from the arduino.
The only negative thing i noticed is that with the arduino so close to the antenna the reception distance of the buttons is a little lower than before, but they still work.
bambapin said:
@surfer63 i was thinking again about the autostart after the ACCON.
In the end i managed to make the intent android.hardware.usb.action.USB_DEVICE_ATTACHED always work so the accessibility service is always restarted, but i'm still looking for a better alternative (using the navi app would work but it interfere with the audio mixing level).
I looked again at the code of syu.ms and saw that when the unit wakes up, a series of apps are always launched with hard-coded package names: eg. "com.yh.devicehelper" and "com.cpsdna.mirror" which i don't seem to find installed in the headunit.
Do you have any idea what they are?
If they are never installed, perhaps it is enough to create an app with one of those package names and the system will take care of starting it at ACCON.
Click to expand...
Click to collapse
It worked!!! :laugh:
The app attached is automatically launched by the syu.ms at ACC_ON.
I used the package name "com.cpsdna.mirror", i have no idea what the original app was supposed to do, but now we have a real autorunner at our disposal.
bambapin said:
It worked!!! :laugh:
The app attached is automatically launched by the syu.ms at ACC_ON.
I used the package name "com.cpsdna.mirror", i have no idea what the original app was supposed to do, but now we have a real autorunner at our disposal.
Click to expand...
Click to collapse
:good: Very nice.
There are many apps in this ms.apk that no longer exist. Some are hardcoded called inside the app, some are called via the text files in the assets/property, but no longer exist.
I assume it is related to http://www.cpsdna.com/solutions1.html and a previous "mirrorlink" application. zlink is now by another company.
What I would do (and did in the past) is making a "micro starter app" (11~16Kb) , that only starts the app you want. So the "com.cpsdna.mirror" started by ACC_ON, starts your "com.mobeedom.android.auto.jyhuremote".
If Joying/FYT updates their list of started apps, you can simply take another "old" app and still call your own app without having to rewrite all the packages inside your own code.
(And please don't use the appcompat for such a microstarter . It explodes your code from ~11-16Kb to 1.5MB. I really hate how Studio always adds that to your project even if you target APIs that don't need it, or your app as such doesn't need it)
It would only need something like:
Code:
PackageManager pManager = context.getPackageManager();
Intent intent = pManager.getLaunchIntentForPackage("com.mobeedom.android.auto.jyhuremote");
if (intent != null) {
context.startActivity(intent);
}
surfer63 said:
:good: Very nice.
There are many apps in this ms.apk that no longer exist. Some are hardcoded called inside the app, some are called via the text files in the assets/property, but no longer exist.
I assume it is related to http://www.cpsdna.com/solutions1.html and a previous "mirrorlink" application. zlink is now by another company.
What I would do (and did in the past) is making a "micro starter app" (11~16Kb) , that only starts the app you want. So the "com.cpsdna.mirror" started by ACC_ON, starts your "com.mobeedom.android.auto.jyhuremote".
If Joying/FYT updates their list of started apps, you can simply take another "old" app and still call your own app without having to rewrite all the packages inside your own code.
(And please don't use the appcompat for such a microstarter . It explodes your code from ~11-16Kb to 1.5MB. I really hate how Studio always adds that to your project even if you target APIs that don't need it, or your app as such doesn't need it)
It would only need something like:
Code:
PackageManager pManager = context.getPackageManager();
Intent intent = pManager.getLaunchIntentForPackage("com.mobeedom.android.auto.jyhuremote");
if (intent != null) {
context.startActivity(intent);
}
Click to expand...
Click to collapse
Ok ok, no AppCompat
Maybe i could also put a minimum of parameterization with the ability to choose what to launch, maybe even more than one app.
Do you think something like this could be useful in your JET?
bambapin said:
Ok ok, no AppCompat
Maybe i could also put a minimum of parameterization with the ability to choose what to launch, maybe even more than one app.
Do you think something like this could be useful in your JET?
Click to expand...
Click to collapse
I don't see it yet. What would be useful to start from my Jet apk? Can you explain?
Please also note that when I started the JET apk I knew absolutely nothing about java (and didn't want to know anything about java) and started in appinventor/thunkable, as that was easy enough. But it is a big mess of all kind of shell scripts called from my app using the "rootexec" plugin, because that was the only way to make it work.
If I would start again I would rewrite it immediately in java.
So perhaps your own app would be a much better basis than my JET apk.
Please don't think I'm against it, but I do not understand (yet?) why that would be useful.
surfer63 said:
I don't see it yet. What would be useful to start from my Jet apk? Can you explain?
Please also note that when I started the JET apk I knew absolutely nothing about java (and didn't want to know anything about java) and started in appinventor/thunkable, as that was easy enough. But it is a big mess of all kind of shell scripts called from my app using the "rootexec" plugin, because that was the only way to make it work.
If I would start again I would rewrite it immediately in java.
So perhaps your own app would be a much better basis than my JET apk.
Please don't think I'm against it, but I do not understand (yet?) why that would be useful.
Click to expand...
Click to collapse
Don't know, i thought of your JET because i see it as a great collection of tools dedicated to Joying head units.
Given that on android 8 the intents ACC_ON and ACC_OFF are not usable, it could be an additional tool that allows you to schedule actions to be performed on wakeup without without the need to set Tasker as an NAVI app and without Xposed, since it still doesn't work on SC9853i.
BTW about Xposed i am also afraid, but i really hope i'm wrong, that with the code obfuscation of the firmwware, the maintenance of the Xposed modules will become increasingly difficult.
However, i will make a mini app with a list of apps to launch at ACC_ON (in my case the Accessibility Service, Poweramp and the NAVI), the code will be available if you change your mind .
bambapin said:
Given that on android 8 the intents ACC_ON and ACC_OFF are not usable, ...
Click to expand...
Click to collapse
Based on your work on USB, I also started to work on that idea again and built a "UsbReceiver" in my FytHWOneKey. It works great on my old sofia (6.0.1), but the usb event (""android.hardware.usb.action.USB_DEVICE_ATTACHED"") is never triggered on my 8.0.0 PX5. It doesn't work there.
Does this USB still work for you on 8.1.0?
bambapin said:
BTW about Xposed i am also afraid, but i really hope i'm wrong, that with the code obfuscation of the firmwware, the maintenance of the Xposed modules will become increasingly difficult.
However, i will make a mini app with a list of apps to launch at ACC_ON (in my case the Accessibility Service, Poweramp and the NAVI), the code will be available if you change your mind .
Click to expand...
Click to collapse
Xposed will no longer be feasible indeed when you look at the code obfuscation.
Your list of apps to be started: An internal list or external list (ascii config/ini file?), or preferences list?
surfer63 said:
Based on your work on USB, I also started to work on that idea again and built a "UsbReceiver" in my FytHWOneKey. It works great on my old sofia (6.0.1), but the usb event (""android.hardware.usb.action.USB_DEVICE_ATTACHED"") is never triggered on my 8.0.0 PX5. It doesn't work there.
Does this USB still work for you on 8.1.0?
Click to expand...
Click to collapse
Yes, it's the intent i'm still using to re-activate the accessibility service. It seems strange to me that it is not triggered at all, do you have any other app installed that could "steal" it? Torque for example?
EDIT: did you fetch the last version from github? i added a .xml with the filtered devices, it could be required (it depends on the firmware implementation)
Xposed will no longer be feasible indeed when you look at the code obfuscation.
Your list of apps to be started: An internal list or external list (ascii config/ini file?), or preferences list?
Click to expand...
Click to collapse
Internal, stored in the shared preferences.
bambapin said:
Yes, it's the intent i'm still using to re-activate the accessibility service. It seems strange to me that it is not triggered at all, do you have any other app installed that could "steal" it? Torque for example?
EDIT: did you fetch the last version from github? i added a .xml with the filtered devices, it could be required (it depends on the firmware implementation)
Click to expand...
Click to collapse
No other apps, only my own FytHWOneKey.
I did see the xml, but did not understand it and wanted to ask later. Those vendor id's / product id's: Are those from your usb devices or are they from (internal) Joying devices?
I can only find one vendor-id in the USB device database.