Related
Firstly, hello everyone. I have a question about shopping in the Android Market. Is it safe to give your credit card number for Google Checkout? Have there been any reported thefts of money from your bank account through the holes in this service?
my personal opinion there are apps on there that are shady!!!
read the comments before you buy!!!
and stick with apps that are used alot!
Google Checkout itself, I've personally never heard of problems (of that sort) with. (Problems I have heard, are generally of the type, "it's not available in country ___")
There are malicious apps out there, but they shouldn't be able to access that information at all.
Google Checkout is safe. The Market? It's pretty safe, but always read the comments.
You should be very safe with Google Checkout. Read all the app info before Market buy...
market is safe, no one seems to have reported security probs.
HTCRALEIGHFAN said:
my personal opinion there are apps on there that are shady!!!
read the comments before you buy!!!
and stick with apps that are used alot!
Click to expand...
Click to collapse
Just to tone down the nonsense above, yes there are apps out there which can be shady. Probably .01% of the total apps, but they exist.. and by shady this means they might download your contact info, your phone number, email addresses or what not, that sort of stuff. From it I'd guess they would spam you, dunno.
What they can not do is steal from your Google Account. The Checkout process is a validation within the market, the app you are purchasing isn't doing any transactions, simply the Market won't let you access it until you have paid. Said another way, the app you're purchasing does not do the billing and could never charge you more than the cost of the app is listed as.
Hey does anyone know of a good antivirus app for a rooted zenfone 2e? I want one that is free but has as many features as possible as well. Thanks.
I used to use Avast but the best anti virus is you, the user. Know your system, know the internet. If youre rooting, you will/should eventually get very familiar with android, how it behaves, the file system, permissions, built-in apps, etc. Avoid indiscriminate app downloads, especially from places other than the play store, and never follow links that youre unsure of. My opinion is that Windows is the only OS that AV is pretty much necessary.
I second avast. An interesting feature is that it will survive a factory reset if stolen.
zshep99 said:
Hey does anyone know of a good antivirus app for a rooted zenfone 2e? I want one that is free but has as many features as possible as well. Thanks.
Click to expand...
Click to collapse
Unlike the PC, it is extremely unlikely you will "get" a virus on your android. It is you who has to install the malware to make it happen. And it is extremely easy to remove the malware. A factory reset would do it and as root user you could simply restore your nandroid backup.
tetakpatalked from Nexus 7 flo
Most antivirus apps come with a huge amount of crap no one needs. They often drain your battery and slow your smartphone down. I have also seen antivirus apps which behave more like spyware by replacing advertisements in other apps or direct you to untrustworthy websites when opening the webbrowser.
My opinion: You do not need an antivirus app on your smartphone. Make sure you install most apps via appstore. Take care with apps from 3rd party websites. (Especially if the website says you have an virus on your smartphone => scareware!)
I would never install Antivir-Apps, since they will drop your phone-performance. And what do you get for this? Nothing. Just be carefully of what you are downloading.
i thinks for android no needs one antivirus..
Kenfary72 said:
i thinks for android no needs one antivirus..
Click to expand...
Click to collapse
+ one
Envoyé de mon E5333 en utilisant Tapatalk
Kenfary72 said:
i thinks for android no needs one antivirus..
Click to expand...
Click to collapse
+ two
My opinion is that android doesn't need antivirus software when the user is careful about what he downloads.
no disregard to anyone, but are you sure you are in developers forum ?!?! this is not a google store !
do you still live in Symbian world ? even the google play itself has malwares ! or you just want to ignore it ? beside those, hangroid can be easily hacked. the only system that dose not a antivirus is winphone, and it has not need it yet ! but they will come for it very soon.
personally i will never trust ios o even open my email, and in android i have an original payed antivirus that really can respond to a virus. i have original nod32 (i do NOT like it, but i didn't get a better one in hangroid.)
visited by lenovo tab2 a8.
best regards, josef.
josef2600 said:
no disregard to anyone, but are you sure you are in developers forum ?!?! this is not a google store !
do you still live in Symbian world ? even the google play itself has malwares ! or you just want to ignore it ? beside those, hangroid can be easily hacked. the only system that dose not a antivirus is winphone, and it has not need it yet ! but they will come for it very soon.
personally i will never trust ios o even open my email, and in android i have an original payed antivirus that really can respond to a virus. i have original nod32 (i do NOT like it, but i didn't get a better one in hangroid.)
visited by lenovo tab2 a8.
best regards, josef.
Click to expand...
Click to collapse
Best antivirus is still brain.apk
Just do not instal every bulls* and you are good to go.
Most antivirus apps are snakeoil/bloatware which will not protect you from anything!
It is good to think about an anti-virus. Android malwares exist, so everyone who's telling here that AVs for Android are a no-go are jumping the gun. However, the Android system already has some security measures into place. So is it still worth it? Yes. The Play Store can't guarantee a 100% clean virus free app collection. History has shown that. "use your brain" is also not a really constructive argument, it is easy to install a sample or virus infected application. Is it that dumb to use an AV on Android? No.
My suggestion, *buy* an AV. For example I have a yearly subscription to Freedome from F-Secure (VPN service). Primarly for my laptop but you can install it on three devices (I have it on 2 laptops and my smartphone). For the smartphone, besides a VPN the app will also scan the device for malicious apps so I got all my important security features in one app. I know that Avast has something similar. I paid 50 euros for one year, which is next to nothing considering the features and piece of mind. And for all those that go on ranting on my post here, I am a security professional in Android and see malware samples from the inside (reverse engineer) all the time
I encourage you to look in those options: VPN and App scan.
tetakpatak said:
Unlike the PC, it is extremely unlikely you will "get" a virus on your android. It is you who has to install the malware to make it happen. And it is extremely easy to remove the malware. A factory reset would do it and as root user you could simply restore your nandroid backup.
tetakpatalked from Nexus 7 flo
Click to expand...
Click to collapse
Remember stagefight thingy ? One could have abused it to gain root privileges and install a binary that run at start, a raw binary, not a package.
Tell me how it is easy to uninstall it, you would first have to track it, if it's purpose wasn't to patch other binaries, and then, you're good to reflash system partition.
No system is invulnerable
Of course, it's tough to get a virus on android, but there's still common malware, adware, scareware, and raw security flaws. There is still need for security solutions, mostly for the raw flaws.
Best choice for you from my point of view
CM Security & Malwarebytes Anti-Malware
I agree with Magissia if you think over that what you are going to do.
Virustotal AND vulnerability patches
Hi,I have an android box and just done a scan with Malwarebytes.
It brought up this threat
Android/PUP.Riskware.Autoins.Fota
/system/app/FotaUpdateReboot
FotaUpdateReboot.apk
Is it genuine malware or a false positive ?
Cheers.
ascender13 said:
Hi,I have an android box and just done a scan with Malwarebytes.
It brought up this threat
Android/PUP.Riskware.Autoins.Fota
/system/app/FotaUpdateReboot
FotaUpdateReboot.apk
Is it genuine malware or a false positive ?
Cheers.
Click to expand...
Click to collapse
Looks like several firms are flagging it as malware on virus total, at least according to the following thread
https://forums.malwarebytes.com/topic/216168-pre-installed-malware/
Thanks for that.
Looks like the system app FotaProvider allows adverts to pop up in the browser,which is exactly the issue I've been having.
I've uninstalled it now.Have to see how I get on
Cheers
update
ascender13 said:
Thanks for that.
Looks like the system app FotaProvider allows adverts to pop up in the browser,which is exactly the issue I've been having.
I've uninstalled it now.Have to see how I get on
Cheers
Click to expand...
Click to collapse
HI.
Is everything fine after you deleted the fota provider?
Yes,that fixed it.
remove problem apps
How do you delete these unwanted system apps?
The main sources of malware are google play store, and wireless update (the system app)
both are pre-installed malware when you buy the device
mprox said:
How do you delete these unwanted system apps?
The main sources of malware are google play store, and wireless update (the system app)
both are pre-installed malware when you buy the device
Click to expand...
Click to collapse
If I remember correctly I just used a file manager with root access
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
Could be a fake Play store app reinstalling itself somehow eg from SD card. Is your antivirus scanning your external storage also? Check if you have more than one play store app shown in settings>apps (not your normal apps screen as they can be hidden there). Or it could be an overlay made to look like Playstore screen ... you did get official Avast app right?
else something has installed itself in system folder which is why factory reset not working and you will need to reinstall your FULL Samsung factory ROM suggest you use Samsung SmartSwitch like RootJunky here (use high quality cable eg samsung usb cable, else danger of bricking)
https://m.youtube.com/watch?v=9QhJngOuLQ4
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
Download Odin 3.xx (current version)
Browse SamMobile for firmware for your device, download factory ROM. Pay close attention to the region code for your ROM, CSC code. Use one compatible with your device and regional settings. It can be found on the IMEI sticker on the back of the device
Follow the flashing instructions to the letter that you will find on SamMobile website.
Once completed the device is fully refreshed and has latest available software at the time of the build. Do device setup and download app updates.
Enjoy.
Many thanks for both replies , but I have a few more questions:
a) Does this virus have the power to attack my router? If so, what should I inspect at my router? Should I use my brother´s ios iphone as a router while cleaning my device?
b) If I attach the tablet at my PC to perform the firmwire installation, could the virus be transmitted to it? What should I do to avoid it?
c) Where can I safely download this ODIN?
And answering some questions you made:
a) The avast app was downloaded from the store
b) Ive already tried disconnecting the sd card, perform a factory reset without the card but the problem persists.
c) I logged at my google account and when looking at my registered activity, Google claims I did opened the Google Play Store and searched for the IQ Option Broker app. So the virus acts as if it was me.
malandrex said:
Many thanks for both replies , but I have a few more questions:
a) Does this virus have the power to attack my router? If so, what should I inspect at my router? Should I use my brother´s ios iphone as a router while cleaning my device?
b) If I attach the tablet at my PC to perform the firmwire installation, could the virus be transmitted to it? What should I do to avoid it?
c) Where can I safely download this ODIN?
And answering some questions you made:
a) The avast app was downloaded from the store
b) Ive already tried disconnecting the sd card, perform a factory reset without the card but the problem persists.
c) I logged at my google account and when looking at my registered activity, Google claims I did opened the Google Play Store and searched for the IQ Option Broker app. So the virus acts as if it was me.
Click to expand...
Click to collapse
b) Possibly access is possible via your modem (or Bluetooth as serious bug was just patched this month if an attacker knows your BT MAC ... though likely take a while to rollout to all Samsung so you moray not be patched). If you suspect modem then you need to therefore also update your modem firmware (assuming its been patched & is not old & still vulnerable to some old bug, or buy new one) AND change both user & admin passwords
There is an XDA article with link to safe Odin download, google to find. But I'd recommend using Samsung SmartSwitch as this is official way & no special knowledge required.
Re item c) then possible it's just someone trying to load an app remotely via your Google account, does it show any unrecognised login from another device? Also I'm not 100% sure if this requires user to tap install on newer phones, so might not be what you are seeing. Change Google password. (your phone not infected in this case as you didn't click install) Always use a different password)(used same password then check your email address on have I been pwnd)
See below
IronRoo said:
b) Possibly access is possible via your modem (or Bluetooth as serious bug was just patched this month if an attacker knows your BT MAC ... though likely take a while to rollout to all Samsung so you moray not be patched). If you suspect modem then you need to therefore also update your modem firmware (assuming its been patched & is not old & still vulnerable to some old bug, or buy new one) AND change both user & admin passwords
There is an XDA article with link to safe Odin download, google to find. But I'd recommend using Samsung SmartSwitch as this is official way & no special knowledge required.
Re item c) then possible it's just someone trying to load an app remotely via your Google account, does it show any unrecognised login from another device? Also I'm not 100% sure if this requires user to tap install on newer phones, so might not be what you are seeing. Change Google password. (your phone not infected in this case as you didn't click install) Always use a different password)(used same password then check your email address on have I been pwnd)
Click to expand...
Click to collapse
b) I have 2 modens here, one from the internet provider , which is at bridge mode and one that spreads the signal. THe last one is modern and updated and the bridged one , there is no way I can acesss the firmwire besides its info. However , when I had to put it at bridge mode, I had to use an ethernet cable with a computer which maybe wasnt the most protected one. Could that process corrupts a firmwire modem?
c) But I have 2 stage factor. Shouldnt my phone receive an SMS alerting someone is logging at my account? And no, I havent seen any unrecognized login when I accessed my google account.
But your reply gave me an idea...: Maybe an access to my google account was made from a "public" computer and since the access wasnt terminated, as I use this computer a lot, a bot may be trying to remotely install this app.
malandrex said:
b) I have 2 modens here, one from the internet provider , which is at bridge mode and one that spreads the signal. THe last one is modern and updated and the bridged one , there is no way I can acesss the firmwire besides its info. However , when I had to put it at bridge mode, I had to use an ethernet cable with a computer which maybe wasnt the most protected one. Could that process corrupts a firmwire modem?
c) But I have 2 stage factor. Shouldnt my phone receive an SMS alerting someone is logging at my account? And no, I havent seen any unrecognized login when I accessed my google account.
But your reply gave me an idea...: Maybe an access to my google account was made from a "public" computer and since the access wasnt terminated, as I use this computer a lot, a bot may be trying to remotely install this app.
Click to expand...
Click to collapse
b) would need to be a modem exposed hero their internet with known vulnerability, so not sure.
C) yes, should have got a msg so can role that out, I guess.
Suppose it' possible that public pc could be comprised and doing that ... bit of a long shot ...
IronRoo said:
b) would need to be a modem exposed hero their internet with known vulnerability, so not sure.
C) yes, should have got a msg so can role that out, I guess.
Suppose it' possible that public pc could be comprised and doing that ... bit of a long shot ...
Click to expand...
Click to collapse
I think I found the culprit , when I reviewd the few apps Ive installed on my tablet and googled them . There is Netflix, Omega Wars game, PUBG and COD Mobile, handycalc, Go Read, Hube and... QuickPic gallery!!!!!!!!! I used this app on my ancient galaxy S2 and at my other 2 previous tablets. When I looked for the program at Google Play one hour ago ,QuickPic wasnt available anymore!!!! I googled about it and saw many people complaining about this program when a chinese company bought it a few years ago . Maybe QuickPiC installed some crapware at my device!!!!
malandrex said:
Hi guys, I believe my galaxy tab s4 is contaminated with a virus . I already did many factorys resets and didnt installed no apps but from time to time , even when Im at the home screen with Avast only or with the antivirus that comes with the tablet activated, google play store opens without my request showing a program called IQ Option broker. What should I do?
Click to expand...
Click to collapse
BTW, can you find same app on Google, is it called IQ Forex, is closest I could fined
IronRoo said:
BTW, can you find same app on Google, is it called IQ Forex, is closest I could fined
Click to expand...
Click to collapse
The name of the program is IQ Option , from IQ Option developer
malandrex said:
The name of the program is IQ Option , from IQ Option developer
Click to expand...
Click to collapse
I can't find this one but doesn't mean anything, maybe not available in my country or not compatible with my phone.
PS: Don't rule out a compromised router even top of her range can be affected eg
https://threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/
IronRoo said:
I can't find this one but doesn't mean anything, maybe not available in my country or not compatible with my phone.
PS: Don't rule out a compromised router even top of her range can be affected eg
https://threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/
Click to expand...
Click to collapse
Dont have much free time , but despite the fact I think the router is still safe, Ill reset it on a weekend and change again its id and password as this is a process that takes too much time ( mostly due to my ignorance at the beginning of the process ).
Im thinking about taking my tablet for a Samsung assistance, but Im worried theyll change one virus for another if the employees are corrupt. Do you think I should take the risk or Im beeing too paranoic?
I observed a strange thing today.
I keep a backup of my favourite apps by extracting them using SAI. I don't check these files on VirusTotal because they are downloaded from Google Play Store.
I downloaded Aloha Lite v1.7.3 from apkmirror today. As usual, when I ran it on VirusTotal, it was flagged by 2 antivirus engines, one of it being Google itself.
So I downloaded the same version (which is the latest one available) from Google Play Store, backed it up using SAI, and then wanted to check on VirusTotal again:
1. Contrary to what I expected, this file appears to have a different hash value compared to the one available on apkmirror. Does it mean the one on apkmirror is tampered with?
2. VirusTotal flagged the Play Store version too, and it was the same two antivirus engines, one of which is Google itself. This came in as another surprise.
So what are we supposed to conclude from these observations?
1. Google Play Protect says the file is safe, but Google on VirusTotal says it isn't. Which one is true?
2. How come the apk on apkmirror is having a different hash value compared to the one on Google Play Store? Isn't hash check the only way to ensure there is no tampering? I thought apkmirror had enough checks in place to ensure authenticity.
Apkmirror file analysis
Google Play Store file analysis
I trust Virustotal more than Playwhore... Playstore has failed multiple times in multiple ways
Anything that looks suspicious doesn't get installed; not worth the risk. Study the Virustotal results closely... error on the side of caution. No app is worth a factory reset. If there are any signs of system instability after install, ditch it fast...
Any app that's allowed to update can bring in a payload especially if it's from a 3rd party site. Don't update apps unless there's a good reason to.
Firewall block all apps that don't need internet access. Reject apps that shouldn't need internet access and refuse to function without it.
You are what you load...
blackhawk said:
I trust Virustotal more than Playwhore... Playstore has failed multiple times in multiple ways
Anything that looks suspicious doesn't get installed; not worth the risk. Study the Virustotal results closely... error on the side of caution. No app is worth a factory reset. If there are any signs of system instability after install, ditch it fast...
Any app that's allowed to update can bring in a payload especially if it's from a 3rd party site. Don't update apps unless there's a good reason to.
Firewall block all apps that don't need internet access. Reject apps that shouldn't need internet access and refuse to function without it.
You are what you load...
Click to expand...
Click to collapse
I hope you are aware that VirusTotal is owned by Google.
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
TheMystic said:
I hope you are aware that VirusTotal is owned by Google.
Click to expand...
Click to collapse
So...?
TheMystic said:
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
Click to expand...
Click to collapse
Don't use it if you don't trust it... an easy choice.
blackhawk said:
So...?
Click to expand...
Click to collapse
If you are dealing with the same entity in both situations, where is the question of trusting one over the other?
blackhawk said:
Don't use it if you don't trust it... an easy choice.
Click to expand...
Click to collapse
Having a better understanding of what is happening helps in better and informed decision making.
My experience with VirusTotal:
I release a lot of Windows executables that I write.
They don't have any analytics, phone-home, anything.
They don't even use the internet.
Once in a while somebody tells me, "your blah-blah.exe was flagged on VirusTotal" (2 out of 99 or thereabouts).
So I check it out and maybe 1 or 2 have flagged it as virus (not necessarily the same two).
So I knock on the doors of those two and say, "whadjamean?"
Eventually they say, "oh, it's all good".
Renate said:
My experience with VirusTotal:
I release a lot of Windows executables that I write.
They don't have any analytics, phone-home, anything.
They don't even use the internet.
Once in a while somebody tells me, "your blah-blah.exe was flagged on VirusTotal" (2 out of 99 or thereabouts).
So I check it out and maybe 1 or 2 have flagged it as virus (not necessarily the same two).
So I knock on the doors of those two and say, "whadjamean?"
Eventually they say, "oh, it's all good".
Click to expand...
Click to collapse
Not all flags are necessarily false positives.
In your case, you are confident about the programs because you are the one writing it.
The user has very limited information and so there are concerns.
TheMystic said:
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
Click to expand...
Click to collapse
The question still remains:
Why was I required to upload the file I downloaded from Google Play Store to ApkMirror if it had the same cryptographic signature as the one that the site was already hosting?
TheMystic said:
If you are dealing with the same entity in both situations, where is the question of trusting one over the other?
Click to expand...
Click to collapse
If you have a better site... I'm all ears.
TheMystic said:
Having a better understanding of what is happening helps in better and informed decision making.
Click to expand...
Click to collapse
Not sure why you're bothering. There's one sure fired way to find out... better you than me☠
blackhawk said:
If you have a better site... I'm all ears.
Not sure why you're bothering. There's one sure fired way to find out... better you than me☠
Click to expand...
Click to collapse
I have over 600 apps installed on my device, all downloaded from Google Play Store. Until today, I never bothered to check any of these on VirusTotal. But this thing has got me thinking now.
TheMystic said:
I have over 600 apps installed on my device, all downloaded from Google Play Store. Until today, I never bothered to check any of these on VirusTotal. But this thing has got me thinking now.
Click to expand...
Click to collapse
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
blackhawk said:
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
Click to expand...
Click to collapse
If I count the system apps, then it is over 1,000.
blackhawk said:
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
Click to expand...
Click to collapse
I have 92 apps with system apps included
Dayuser said:
I have 92 apps with system apps included
Click to expand...
Click to collapse
What phone and OS?
On a Samsung's there are lots of system apps, about 379. About 60 of those are package disabled as well as some Gookill system junk.
blackhawk said:
What phone and OS?
On a Samsung's there are lots of system apps, about 379. About 60 of those are package disabled as well as some Gookill system junk.
Click to expand...
Click to collapse
Moto G7 Power stock Android 10 OS
Dayuser said:
Moto G7 Power stock Android 10 OS
Click to expand...
Click to collapse
That's clean. You take a battery or performance hit with 10?
blackhawk said:
That's clean. You take a battery or performance hit with 10?
Click to expand...
Click to collapse
Yes it is. I don't know what do you mean by hit? Battery life is really good (just changed new battery).
Performance is well.. Decent.. It's not flagship performance but it's still good for me. I'm not experience any lags.