Good day.
Sorry for my english.
I bought Galaxy S7 in Moscow, Russia. When i enable and configure the device appears samsung Knox Customization, then changing the system language and inaccessible to some important for me features like developer mode (I go there from app), USB Debuging. In apps i have KCC Agent and Knox Enrolment Service.
I don't know what it is and how to deactivate this? Please help
Customer Support Samsung is silent for a week.
PS I dont want to ROOT my phone.
Use a Package Disabler
*Detection* said:
Use a Package Disabler
Click to expand...
Click to collapse
I turn off this apps in package disabler, but they are still working.
Max_Deor said:
I turn off this apps in package disabler, but they are still working.
Click to expand...
Click to collapse
Rebooted after disabling them?
*Detection* said:
Rebooted after disabling them?
Click to expand...
Click to collapse
Yes.
Dealing with this problem for more than a week and can't win. On the Internet I learned that my phone is most likely tied in Knox B2B service by IMEI or serial number and as soon as a device enters the network it arrives the Knox customization Configurator. Times the Samsung tech support is silent, it would be a simple solution to change IMEI and check, but as far as I know it's impossible. To Root not want. Is it possible after a reset and the device settings, before you get the Knox customization Configurator, to manage to disable Internet and block the address from which the flies setting. But how to learn and how to block these addresses?
SAMSUNG OFFICIAL INFO:
QUOTE:
Knox Customization Configurator
How can end users remove a Custom Configurator profile from their devices?
End users should contact the IT admin listed on the Support section of their device profile. The IT admin can delete the device and the associated Device ID from the Custom Configurator server. Finally, the end user must factory reset the device to remove the Custom Configurator profile. All other device data will also be deleted.
END OF QUOTE.
So, until they delete it from the server, or you root the device, there is no way to disable that.
officialdjalin said:
SAMSUNG OFFICIAL INFO:
QUOTE:
Knox Customization Configurator
How can end users remove a Custom Configurator profile from their devices?
End users should contact the IT admin listed on the Support section of their device profile. The IT admin can delete the device and the associated Device ID from the Custom Configurator server. Finally, the end user must factory reset the device to remove the Custom Configurator profile. All other device data will also be deleted.
END OF QUOTE.
So, until they delete it from the server, or you root the device, there is no way to disable that.
Click to expand...
Click to collapse
Thanks.
Try to speak samsung knox support
You're welcome.
Let us know if they resolved your issue.
officialdjalin said:
You're welcome.
Let us know if they resolved your issue.
Click to expand...
Click to collapse
Good afternoon. I led communication with SEAP Samsung. First, they advised me to contact the Samsung branch in my country, then said that if on my phone there are such things, then they can remove the system administrator. I said I bought the phone and don't know the administrator and asked to tell me the contacts of the administrator. They asked me my IMEI to check in the database and a week do not answer.
I live and bought the device in Russia (I have documents), but the phone is not for Russia - it is a normal practice with us.
Technical support in Russia said that the IMEI of the phone is for sale in the Netherlands.
In Russia it is cheaper to buy a phone for sales in other countries (winning about 30% of the cost)
Next time severely thinking about buying a Samsung phone as having official documents for the purchase of phone (albeit made for another country) you will not get any support.
For information - when I had an LG phone, bought in Europe. Technical support in Russia assisted me and repaired free of charge phone service under warranty.
Related
Hello.
Thank you for your click to read my entire thread.
I prepared two version of my story with different length.
Herer is a longer story
Shorter story is available at the end of this thread.
My family and I have android-based smartphones.
We are Korean and have lived in Korea.
1.
My younger brother chose his first smartphone as Nexus S,
but my father chose his phone as GalaxyS.
My father and younger brother are not familar with electronic gadget,
so I always help them when any change is needed to his smartphone.
2.
Banks in Korea hate rooting action.
In the recent,
they decide to refuse providing smart-banking service
if customer try to use banking service with rooted smartphone.
There are many complains about this decision but no follwing measure was occured.
Bank company's refusing mechanism is following.
When the smart-banking app is excuted, they check some files related rooting.
If the files were found, they stop to work and are automatically closed with warning messege.
3.
I found the 'Tegrak Kernal' and 'Tegrak app' composed by a Korean.
With these kernal and app, user can switch between Rooted and Unrooted by just one tap.
The kernal is neither a rom nor rom-dependant thing. It may stored in recovery reign.
Switching mechanism what I understood is simple.
When menu in the app is tapped, by excuting some script, su related files are completed deleted.
This action does not require any rebooting process.
In one or two seconds, unrooting (by deleting files) is done.
Finally the smart-banking app works again immediately.
Rooting (rerooting) is similar. Tapping another menu button in app, rooting is completed.
Titatanium or Root explorer works again.
This function is fantastic for Koreans.
4.
Tegrak kernal is dedicated to Galaxy serise.
There is no plan to make the kernal available for other devices.
5.
I love HTC's phone and want to keep using the phone with smart-banking feature.
My yonger brother also have to keep using his Nexus S until contract is ended.
I tried some search about rooting/unrooting without reboot in XDA, but I have no results.
In my thought, XDA is the most advanced place for smartphone in the world.
I also think that there are many developers outside Korea than inside Korea.
Idea about swithing without reboot may not unique or special.
I'm sure that a app for "swithing rooting/unrooting without reboot" is alrady exist somewhere.
6.
Can I get any advice or a clue about solution for "swithing rooting/unrooting without reboot" which work for any device (or just not os-dependent)?
The exact name or address is welcomed, but suggesting keywords is also appreciated.
Becasue English is not my native language, I have difficulties in expressing my need or goal in English for a good search result.
Click to expand...
Click to collapse
Shorter story
Tegrak is a kind of recovery and is made by Korean developer.
Tegrak have a function of switching between rooting and unrooting without any reboot.
Tegrak is dedicate to Korea's famous model, Galaxy serise only.
I'm finding such a app or thing for Nexus or DHD.
Any help for finding is appreciated.
Click to expand...
Click to collapse
..
I found this app:
OTA RootKeeper
From the app description:
"A bonus feature is present, allowing you to un-root your device while keeping a su backup.
This way you can naively hide root until you choose to restore it via without further complications.
This nifty feature work on every rooted device.
** Temporary un-root statement **
This feature is designed for dev purposes in order to test their app with or without root.
The goal here is not to encourage stupid and unacceptable behaviors by movie or content sellers trying to prevent you to purchase or watch digital media you purchased if your device is rooted.
Vote with your dollars: Don't accept being a customer of companies restricting your freedom with defective and and inefficient technical measures."
Thank you, Election Day.
Fight against company or government is very painful and scary things for me as a person in Korea. There are many complains but concentrated protest was not found yet in Korea.
Fortunately, a Korean developer opens file/folder list which should be deleted prior to running smartbanking app. That could be helpful later if I find some tunable tools for temp unroot.
Thank you very much el_psycho.
Your found is the exact what I want.
I just tested the app, but it requires some improvements against bank apps in Korea.
Therefore I leaved an appeal to the author of Rootkeeper.
http://forum.xda-developers.com/showthread.php?p=21769752#post21769752
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1241517&page=7
Click to expand...
Click to collapse
Thank you for your advice again, el_psycho.
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
That is sad to hear.
Thats why no company uses lockdown software. Now you are forced to buy new handset from them. Its only their win.
Only security they work on is to force no software changes by the buyer but not the thief.
Good sales point for iOS if I block an iPhone from iTunes acc, no way it can be reactivated w/o my account consent.
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
or maybe u didnt activate it ...
AcostaJA said:
My S4 was stolen, I'm disappointed with Android Device Manager and Samsung FInd My Mobile.
No way I'm sure why can't find my S4 neither service can contact it, I assume they (the thief) do a hard reset and switched SIM card, no way I can confirm the wipe commands I Sent where achieved.
So I now changed every password
Click to expand...
Click to collapse
Rwgister a complaint with the police. IMEI tracking is possible.
My friend was mugged and the crook was caught a couple of months later using IMEI tracking.
Sent from my GT-I9500 using xda app-developers app
This feature relies on WiFi/Mobile data. May be the thief turned off the data.
Not sure about that. You can reset the phone with a sms. So I guess it doesn't rely on mobile data alone.
I don't know which features the op enabled, so everything is unclear. Maybe the thief just turned off the phone and waits until the owner gives up.
Is there any software capable of installing itself into /system and working after system reset in hidden mode?
+ taking photos with front cam (only if "stolen") and uploading them somewhere?
+ store those photos in /system (so no gallery can show those photos)
Or better - be installed right into bootloader/(and|or)kernel?
Yuna said:
Is there any software capable of installing itself into /system and working after system reset in hidden mode?
+ taking photos with front cam (only if "stolen") and uploading them somewhere?
+ store those photos in /system (so no gallery can show those photos)
Or better - be installed right into bootloader/(and|or)kernel?
Click to expand...
Click to collapse
Yes, cerberus.
Sent from my GT-I9500 using xda app-developers app
have you used an app called Android Lost, i like this one
If I take your phone and immediately remove the SIM card and immediately flash / wipe a new rom - no way to track it by the Samsung software... (by the way - even it is very easy to change the IMEI ). So, the only option is to send the SMS wipe command before the phone is reflashed
Sent from my GT-I9505 using XDA Premium 4 mobile app
Easy to change imei? Please, make proof-of-concept.
Can i change my IMEI to 1234567890123 or even 666666777777 in my sgs4 (i9500)
Yuna said:
Easy to change imei? Please, make proof-of-concept.
Can i change my IMEI to 1234567890123 or even 666666777777 in my sgs4 (i9500)
Click to expand...
Click to collapse
With root and Terminal Emulator you can change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Primokorn said:
With root and Terminal Emulator you cand change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Click to expand...
Click to collapse
Yes, ive seen mods take care of bussiness regarding this topic.
Sent from my GT-I9505 using xda app-developers app
Primokorn said:
With root and Terminal Emulator you can change IMEI but I'm not sure that giving proof is a good thing to do on XDA!
BTW sorry OP... I don't care about Samsung or Google tools because after several tests I also deduced that they are useless.
Click to expand...
Click to collapse
Device manager. Phone lost etc.
These are tools only for nsa tracking not for us to track.
+1 for Cerberus. This is a must have app for all Android owners
p.s. OP sorry to hear about your loss
gdonanthony said:
or maybe u didnt activate it ...
Click to expand...
Click to collapse
Point is if you do a hard reset everything gets wiped and the thief has a brand new phone to use. The user who lost it cant find it by imei via samsung.
I also wonder why we are not able to set a password in recovery mode (like a bios for pc would allow us).
I both registered , activated and tested Google ADM and Samsung FMM , I hoped both being similar to Apple's Activation Lock, but isn't its very easy for thieves to overcome just doing a hard reset thru boot loader.
Also the Imei at police I was informed that mafias have IMEI repair tools that in fact are service tools for repair centers but capables to change the Imei number, so is very possible my S4 now lies on a new box with new accessories and new imei and is being sell as an new s4 w/o complaints neither evidence was stolen.
Big issue here
Samsung's introducing consumer-centric features for Knox with the N3. It includes the abilitiy to prevent wiping the device. You can also hide your porn in a seperate secure container that only the phone owner has access to. The SGS4 h/w as it relates to Knox should be the same so hopefully the 4.3 update will push the functionality to the SGS4.
From the N3 press release...
The new GALAXY Note 3 comes with enhanced privacy and security protection provided by Samsung KNOX. Users can activate Samsung KNOX with ease which allows them to run and store security- sensitive applications and data inside a protected execution environment called “container.” The security inside the container is strengthened by system-level protection of Samsung KNOX against malware and phishing attacks as well as hacking attempts on physical devices when devices are stolen or lost. For instance, important personal pictures or video can be stored in the container with no worries for data leakage due to hacking. In addition, users may choose to store enterprise applications and data such as corporate email, contacts and calendar and allow the IT department to manage the container through EAS (Exchange ActiveSync Server). These features make the GALAXY Note 3 an ideal device for BYOD (Bring-Your-Own-Device to work)
Furthermore, the GALAXY Note 3 is equipped with an improved Find My Mobile feature that allows users to disable the phone when it is stolen or lost. With the enhanced user authentication, the technology prevents stolen mobile phones from being reset to factory settings, and allows users to remotely track or erase the data from their lost or stolen mobile phones.
Any news on this regarding the S4? Does the new 4.3 firmware prevent hard-reseting the phone?
Starting at a new company that has a BYOD policy and they will just add to my paycheck to cover my phone bill. I hate carrying 2 devices, so I would love to take advantage of this.
However, they require me to install MaaS360 (Ancero) to access my company email. I've read online that the policy this app runs usually detects root and report back to the admins. Unfortunately, my Galaxy S4 (T-Mo) is rooted with CM11, and I'd like to keep it that way as I hate touchwiz and samsung bloat.
I noticed if I install SuperSu, there is an option to unroot. If I do this, and keep CM11 on, has anyone tried bypassing an MDM this way? I'd rather not risk it unless it has been done before, don't want to start off on the bad foot with new job. At the same time, I'd like to be able to keep my custom rom, I could careless about loosing root, just want the rom.
Hello everyone, I was given a Samsung Galaxy A5 SM-A500FU, and I have more or less the same problem,
I can not do the hard reset because of the MDM does not allow factoryReset. The phone will restart automatically.
I can not update via Odin because of the MDM.
How do I remove or exceed MDM to reset and update the firmware?
Thank you.
Crisal said:
Hello everyone, I was given a Samsung Galaxy A5 SM-A500FU, and I have more or less the same problem,
I can not do the hard reset because of the MDM does not allow factoryReset. The phone will restart automatically.
I can not update via Odin because of the MDM.
How do I remove or exceed MDM to reset and update the firmware?
Thank you.
Click to expand...
Click to collapse
I could give you a bunch of links, but it would be best if you did a Google search for:
"Samsung MDM remove Galaxy A5"
You'll see various videos and links for removing MDM on various Samsung devices, try some of those methods.
Sent from my LGL84VL using Tapatalk
Thanks for the advice, I tried and tried most of the solutions without being able to solve.
The problem lies in the fact that MDM also blocks the DOWNLOAD mode so as to be able to update the Firmware.
I do not know what to do, maybe there is another solution that escapes me.
There is no one who can tell me something? also direct me to someone who arranges them to send it.
Help please
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
No,you will not get any manufacturer selling rooted devices.Rooting helps the device to do any sort of tweaks which can even change the main software components of a device. Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Take an example of imei no.: you can change it after rooting and none company would allow it.
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
So,you have got your answer with the reason
Regards milkyway3
milkyway3 said:
No,you will not get any manufacturer selling rooted devices.Rooting helps the device to do any sort of tweaks which can even change the main software components of a device. Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Take an example of imei no.: you can change it after rooting and none company would allow it.
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
So,you have got your answer with the reason
Regards milkyway3
Click to expand...
Click to collapse
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
jd2066 said:
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
Sent from my SCH-I535 using Tapatalk
Its not worth spending your money on this
First of all it's features are not so good
The company is not popular and we don't even know weather it is a official license company or not
Even if your device fails to work you may not know where to go for service or maybe the service center could be too far from what you thought.
If this company is not licensed there may be chances of not getting your warranty properly authorized. Also you may not get the device's parts if your device doesn't works after few months......
There are many drawbacks and I prefer you to never believe in such kind of advertisements.....:angel::angel:
Regards milkyway3
milkyway3 said:
No,you will not get any manufacturer selling rooted devices
Click to expand...
Click to collapse
Well, 'rooted' usually refers to getting root on a device where it wasn't allowed and of course no company would sell a device where the software was hacked.
However, if a company made a device that already had root access via including the SuperSU app for example then the device is not hacked and it's secure when it's sent out.
It's then the responsibility of the user to only give root access to apps that are trusted, in which case there is no problem.
This is how all Desktop and Laptop Operating Systems are designed.
Of course, this allows users to install untrusted software on their computers which can be designed for malicious purposes like messing up the computer, showing ads, stealing personal information, etc. but if you install only trusted software then you should be fine.
The same would be true for mobile OSes that allow root access but thus far few if any Phone/Tablet manufacturer using a mobile OS has decided to allow this.
milkyway3 said:
Rooting helps the device to do any sort of tweaks which can even change the main software components of a device.
Click to expand...
Click to collapse
Right, that is the main point of rooting a device.
milkyway3 said:
Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Click to expand...
Click to collapse
Yes, companies that sell a device where they don't intend for the user to root the device will list it as something that will void the warranty.
However, if a company were to make a phone that came with root access as an included feature, then that would not be the case as the warranty would not be void for a feature built-in to the device.
It would make things more complicated as root software could change settings like the CPU clock rate/cooling functions in a way that causes the hardware to fail but it could be done.
milkyway3 said:
Take an example of imei no.: you can change it after rooting and none company would allow it.
Click to expand...
Click to collapse
An IMEI number is like a MAC Address, it is fixed in the hardware and cannot be changed.
In theory you may be able change the software so it doesn't use that IMEI number but the device's built-in IMEI number will not have changed.
milkyway3 said:
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
Click to expand...
Click to collapse
Yes, many manufacturers put in software that can't be removed.
In a device with root access, this would be pointless and could cause a device that comes with root access to be more expensive as manufacturers and carriers could end up with less money when the built-in apps can be removed.
milkyway3 said:
So,you have got your answer with the reason
Click to expand...
Click to collapse
The are the reasons that many if not all Phone/Tablet manufacturers currently do not allow root access but none of them are reasons that prevent this from happening.
A Phone/Tablet manufacturer could sell a phone with root access if they wanted to.
Droidriven said:
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
Click to expand...
Click to collapse
It appears the 'Root 101' tablet is more of an idea then an an actual device.
The people behind it, started an IndieGoGo Campaign that failed to reach it's goal so it appears that device never actually got made.
milkyway3 said:
Its not worth spending your money on this
First of all it's features are not so good
The company is not popular and we don't even know weather it is a official license company or not
Even if your device fails to work you may not know where to go for service or maybe the service center could be too far from what you thought.
If this company is not licensed there may be chances of not getting your warranty properly authorized. Also you may not get the device's parts if your device doesn't works after few months......
There are many drawbacks and I prefer you to never believe in such kind of advertisements.....:angel::angel:
Regards milkyway3
Click to expand...
Click to collapse
I never said anything about actually getting the device. I posted it as just ONE example that there are devices that are manufactured with pre installed root, as I said, it may be rare but there are IN FACT devices that come with root. You just missed my point because you were trying to defend your original response. Try paying attention to what someone's response is actually saying.
Sent from my SCH-I535 using Tapatalk
Droidriven said:
I never said anything about actually getting the device. I posted it as just ONE example that there are devices that are manufactured with pre installed root, as I said, it may be rare but there are IN FACT devices that come with root. You just missed my point because you were trying to defend your original response. Try paying attention to what someone's response is actually saying.
Click to expand...
Click to collapse
I m sorry in this matter
But atleast my points were not useless
Regards milkyway3
jd2066 said:
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
If this is your main concern, another option to look at is systemless root.
Droidriven said:
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
Click to expand...
Click to collapse
Some Xiaomi devices where pre rooted...
jd2066 said:
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
Manufactures produced devices but operating system provided by Google. Google not allow stock root for several security reasons.
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.