Hello,
I have a lg ls775 and under the user security certificates there is one called sprfw01. I have no idea why or what its for. Im on the sprint network. Is there a way i can inspect the cert or atleast figure out whats using it? Any info is greatly appreciated. Thnx guys!
Could this be from pairing my phone with some device ie. Smart watch or another phone?
Its actually under User credentials. Hope that can jog anyones memory as to what this may be.
I'm currently using the same phone as you and on the same carrier, and just noticed this user credential the other day as well. I didnt recognize it so I deleted it. I'm afraid I cant tell you if it really affected my device as it was already giving me some issues before I deleted the credential. At the time, and again today, I looked for the same answer as you and haven't found any additional information on it, so I can't be much help with exactly why it's there or what put it there.
However, I may be able to help put your mind at ease since I did happen to do a factory reset today and even though I deleted it before, it was back afterward. So my guess is that its not dangerous. (again, thats my opinion, hopefully someone can confirm if I am correct)
Some details to that lead me to think it's safe:
My LG G6 isn't rooted, and was not before the redo. (so technically nothing should have been able to reinstall it that was nefarious)
I didn't install any potentially shady apps when I did the factory reset ( at time of writing this, just a few big name apps from the play store, no random restored apks or anything like that).
I pulled my SD card out before the wipe and haven't put one back in yet, so that rules out something left over on there working itself back in somehow.
I allowed google to "restore" my most recent backup it made, but the most recent backup was AFTER I removed the credential so it shouldn't have been on there (google backups seems to restore very little anyway, and requests all backed up app downloads from the Play store) .
I have connected it to my home secured wifi.
No bluetooth connections yet.
No sharing to any devices or NFC usage, etc.
So from all of that, I believe it is either a Sprint thing, an LG UI thing, or something specific to the LG g6 model, and built into the factory settings. That's just my thoughts, but I thought maybe my experience might make you feel a little more at ease. Hopefully someone can reply with what the heck it actually is though, because little things like not being able to figure out the source of this drive me crazy even after all of that.
Just an update, I was looking through my LG V30+ and found the same credentials stored on this device too. No additional details on it's purpose were really gained from it though. Picture attached.
"User Credential" "sprfw01" also on LG ls 775
I saw the same thing and I searched "sprfw01" . I was wondering what it was. I also have this "User Credential" on an LG ls 775 on Sprint.
Passwords Saved Credential
I did some research into this and what I see is it's a credential from when you saved your passwords for an example unlock screen & any passwords like I have to specific websites.
Jusy my thoughts...
*Any good unlock or root for the ls993?
Related
Hello
I am new to this forum and though I build PC's and write some code (albeit in VBA / SQL), I have no past experience of Android and hence the call for help!
My situation: I have a Sony Xperia T (LT30p & NOT rooted) which I recently upgraded and so now stands at Android 4.3 and Build 9.2.A.1.205. Like most I use it to access emails and for this I had 3 email widgets on my desktop(s), 2 of which were gmail 1 for private emails and one for work. The latter at some point called me to update the Device Policy and that is where many things started going wrong.
In short, after the update for some reason the email widgets stopped working, I deleted them to re-install, only to find they would no longer appear on my desktop (..?). So I decided to reset the phone to the factory settings. I copied all my documents across to a PC and pressed reset... only to remember that I had not backed up my contacts/sms list!
The phone now works great, the email widgets are back on, but I have no contacts (unfortunately I had not backed them up on Google, etc). So for the past few days I have been looking for a way to restore them and found an app that promises it will do so (MYjAD Android Data Recovery, or if you know of a better one please do advise!), only it needs root access to do so!
I have found places that advise 'single button' rooting, but they do not cover my build version. I have looked at various posts here at how to do so, but I will admit I am getting lost! For example even looking at the '{ROM}[STOCK][T][JB 4.3][9.2.A.1.205] Official Firmware - Rooted&Deodexed 03/04' thread here, what is a CWM, a dalvik cache, or PhilZ Touch? Moreover, what is an FTF (so far I understand this as a way to login in unrestricted mode, though unsure exactly what benefits this would have) and I am assuming it is different to rooting (which I so far believe would make the user a super-user, so would have unrestricted rights too), so why would one have a rooted phone with locked FTF/bootloader? Am I loosing the plot, or what?
All that aside though, what I really would appreciate is someone explaining is easy and detailed steps how I can root my phone (or even better how I can 'undelete' my contacts/sms lists?!!) so that I may try to recover what I have rather foolishly lost!
Many thanks
...alternatively could someone please advise where I could find a listing / thread where it is all explained in a bit more detail?
Thanks
Howdy (and apologies ahead of time if this is a dup, I _did_ search, didn't find anything),
Is it just me or did application specific passwords break with Lollipop? Googled a bit and couldn't find any details. I just see postings stating that 2fa works now, but I don't see how that negates the need for app specific passwords.
I know 2fa is now supported but I'm a bit concerned to use my normal password as I'm not sure if it's stored in any way. Anyone know of any links that explain what exactly is stored and how the auth is persisted across reboots? Maybe I'm misunderstanding, but I thought that if my device was lost, with app passwords I could revoke the device without changing my main password.
The other issue is, since I'm using 2fa with the google auth app on this phone I wouldn't even be able to setup if I wiped this phone (which I will need to). At least prevously I could login to my google account on my PC, create the app specific password and sign on that way.
- TIA for any info
I have just upgraded my Nexus 5 from 4.4.4 into 5.0.1 (I didn't install 5.0.0). What I did:
1. Factory reset on 4.4.4
2. Install system update into 5.0.1
2. Factory reset on 5.0.1
3. Application specific password NOT accepted on initial account setup on Nexus 5. I had to use my master password and code list because you can't read sms before account is added on the phone.
Is this really broken? I haven't found any info on this either.
Wow, someone else who was using this feature. That makes 2 of us at least. I guess that's why they removed it...? Yeah, unless I'm missing something it appears it's indeed broken.
The best part is this isn't really part of Android, but part of gapps; no way to report bugs for that (at least that I've found). Someone opened a bug against AOSP but they closed it as this stuff isn't part of AOSP:
{scheme}code.google.com/p/android/issues/detail?id=57863&can=1&q=app%20specific%20password&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars
They suggested using the "google mobile help forum"; I guess this page links to it: {scheme}googlemobile.blogspot.com/2008/11/got-questions-try-new-google-mobile.html - following the link just gives an error "no group mobile found" or something similar.
All I could see to do was to post a response to their help page on signing in with app specific password to Play pointing out the inaccuracy of the article. I can't find that article anymore, it looks like it might've been removed? I received no response to that.
I can't imagine this being a very difficult feature to support, so I'm a little surprised it was removed. But hey, at least they added all sorts of eye candy and other crap I don't really care about.
I think this is a deal breaker for me. Unless I'm misunderstanding here, if someone were to acquire my phone and extract the password the key or whatever it's storing, they would then be able to access my account settings and take full ownership. If it only had the app specific password, I don't think that'd allow them to modify security settings. If it's tieing the key to the device, that's great but I still can't revoke it (doesn't show up in the app specific password page). Unacceptable (again, unless I'm misunderstanding something?).
Maybe it's time to start looking for alternatives. Wonder if any Maemo derivatives can run on the M8? It was miles ahead of Android in all departments except eye candy anyways...
I'll reply here if I see any more info - please do the same.
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
dragonash said:
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
Click to expand...
Click to collapse
Agreed. Quite unfortunate, but I can't find anyone outside of this thread and a few random posts that seem to actually care.
Thanks for confirmation that this is still a problem, btw. I'm still not sure if there's anyplace to even raise this to Google...
i just spent an hour trying to understand why this smart feature wasn't working on my new mobile with a stock andorid lollipop! at least i feel less lonely now...
i sent a feedback to google even if i don't think they'll reply.. i opened a ticket on AOSP website (Issue 189310) if you want to check their reply.. sorry but i can't post outside links
Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.
Hello all from a noob on the forum,
I have a very specific use case: I want to access the content of the internal memory of my recently deceased father's phone. We'd like to get the photos, messages, anything personal that might be worth storing elsewhere.
The is a ZTE BLade V770 (branded as Orange Neva 80 in France), it runs Android 6.0.1. When I got hold of the phone if was already turned off, and of course not rooted. The developer mode is not activated either.
I want to access the content of the phone memory. Obviously I could get the content of the external SD card easily and I also managed to reinitialize the PIN code for the SIM card through the PUK code. But now the phone asks for the phone code, which is a PIN code. I tried many codes that I know he used but unfortunately it seems that there is a limited number of tries at it is now saying I have only a few tries left before it erases all data.
I do have access to the Google account used by the phone but it seems that I can't reinitialize the code from the Google account site. And I did not find a way to access the backup on Google site, it seems to be available only from the phone that made it.
Basically I have a full physical access to the phone and also the google and operator's accounts, I just miss the lock code.
I googled around and tried to find information in the forum but I am not an Android expert and this is not a simple use case.
I can boot into recovery mode but that only allows me a factory reset which I don't want.
I read that some versions of Android (5 ?) have some kind of buffer overflow exploit in the form for the PIN but that does not work.
I also read that after a few tries the phone could ask to unlock by using the google account, but the phone never prompted that after my many tries. Or it did and I missed it and now it's too late.
It seems that the code could be reinitialized by removing some file in /data, but as the phone is not started I can't connect using adb. And in recovery mode this does not seem possible.
What I want is to find a way to bypass/replace/erase the locking code so I can have access to the content of the internal memory of the phone.
Any help appreciated !
gfraysse said:
Hello all from a noob on the forum,
I have a very specific use case: I want to access the content of the internal memory of my recently deceased father's phone. We'd like to get the photos, messages, anything
...
What I want is to find a way to bypass/replace/erase the locking code so I can have access to the content of the internal memory of the phone.
Any help appreciated !
Click to expand...
Click to collapse
Hi,
You're in a uncomfortable situation, because what may have allowed us to bypass the phone's password is root. Unfortunately developer options aren't enable so we're stuck here...
But if you have another phone, you can try sign-in to his Google account on the phone, and see if he has a Google drive backups. Usually those G-Drive backups can't be opened like that, but can be restored to a new device.
Give it a try
Also, toutes mes condoléances pour votre père
gfraysse said:
Hello all from a noob on the forum,
I have a very specific use case: I want to access the content of the internal memory of my recently deceased father's phone. We'd like to get the photos, messages, anything personal that might be worth storing elsewhere.
The is a ZTE BLade V770 (branded as Orange Neva 80 in France), it runs Android 6.0.1. When I got hold of the phone if was already turned off, and of course not rooted. The developer mode is not activated either.
I want to access the content of the phone memory. Obviously I could get the content of the external SD card easily and I also managed to reinitialize the PIN code for the SIM card through the PUK code. But now the phone asks for the phone code, which is a PIN code. I tried many codes that I know he used but unfortunately it seems that there is a limited number of tries at it is now saying I have only a few tries left before it erases all data.
I do have access to the Google account used by the phone but it seems that I can't reinitialize the code from the Google account site. And I did not find a way to access the backup on Google site, it seems to be available only from the phone that made it.
Basically I have a full physical access to the phone and also the google and operator's accounts, I just miss the lock code.
I googled around and tried to find information in the forum but I am not an Android expert and this is not a simple use case.
I can boot into recovery mode but that only allows me a factory reset which I don't want.
I read that some versions of Android (5 ?) have some kind of buffer overflow exploit in the form for the PIN but that does not work.
I also read that after a few tries the phone could ask to unlock by using the google account, but the phone never prompted that after my many tries. Or it did and I missed it and now it's too late.
It seems that the code could be reinitialized by removing some file in /data, but as the phone is not started I can't connect using adb. And in recovery mode this does not seem possible.
What I want is to find a way to bypass/replace/erase the locking code so I can have access to the content of the internal memory of the phone.
Any help appreciated !
Click to expand...
Click to collapse
I sympathize with you, I know what it means to lose a father and I know you just want to hold on to whatever you can from your father..
But......
Unfortunately, the XDA rules prevent us from helping you bypass the PIN on a device that you don't own. It is a privacy/legality issue and XDA prefers not getting involved with privacy and legal issues, anything that is illegal does not get discussed here. We have no way of knowing if you are telling the truth, we have to take your word for it, for all we know, the device could actually be your girlfriend's phone or any number of scenarios where the phone isn't yours and we couldn't help in any of those scenarios because the device/data is not yours.
The reason we can't discuss it, even if you are telling the truth, is because even though your intentions would be legitimate, anything we told you that helped you break into the phone could be used by others that have nefarious purposes.
Yes, I know there are other discussions on XDA involving this subject, but, even in those cases, the members here should not have offered information that allows someone to unlock a phone that isn't theirs.
Even though they may have felt like were trying to help or do the right thing, the other member @Raiz should not have attempted to help you gain access to the data on the device.
I do wish you luck though.
Sent from my SM-S767VL using Tapatalk
@Droidriven: Thank you for your detailed answer. I understand your point from the XDA point of view: the use case is technically almost identical to accessing any phone without the person's permission. However it is a valid and painful use case and if there was a legit process at Google or ZTE (the manufacturer) for example to unlock phones in this situation there is official paperwork to prove it. Apart from technical solutions that are in a grey area, it should be possible for people on the forum to point out, as @Raiz did, to try legit solutions that could help in this situation.
I unfortunately understand between the lines that no such legit process exists. Otherwise someone would probably have pointed me to it.
@Raiz: merci and thank you for your answer. I did try after your suggestion to reset another phone and initialize it with his Google account. But it did not restore anything to the new phone. I also realized that it is possible to see the content of a Google backup from Google Drive itself. I realized that the backup was a few months old and that few things were indeed backed-up. So the data are only in the phone.
gfraysse said:
@Droidriven: Thank you for your detailed answer. I understand your point from the XDA point of view: the use case is technically almost identical to accessing any phone without the person's permission. However it is a valid and painful use case and if there was a legit process at Google or ZTE (the manufacturer) for example to unlock phones in this situation there is official paperwork to prove it. Apart from technical solutions that are in a grey area, it should be possible for people on the forum to point out, as @Raiz did, to try legit solutions that could help in this situation.
I unfortunately understand between the lines that no such legit process exists. Otherwise someone would probably have pointed me to it.
@Raiz: merci and thank you for your answer. I did try after your suggestion to reset another phone and initialize it with his Google account. But it did not restore anything to the new phone. I also realized that it is possible to see the content of a Google backup from Google Drive itself. I realized that the backup was a few months old and that few things were indeed backed-up. So the data are only in the phone.
Click to expand...
Click to collapse
One way to bend the rules and help while at the same time, keep the information from being available to whoever wants to see, is to reply with suggestions via PM.
And yes, it is a grey area and people do make posts to help in these situations.
But, in the grand scheme, there is that wild scenario hanging out in limbo that comes to the forums, gets answers/help cracking a phone, then explodes into a legal case with people coming looking for all parties involved with and have knowledge of the device being cracked/invaded. A very bad situation for XDA and the members that provided the help. There is no way of knowing which scenarios are threats or not.
Just saying.
Sent from my SM-S767VL using Tapatalk