[Nougat] What is "zdemo" app? Could it be malware? - General Questions and Answers

Hi Everyone,
Long time no see, but I'm back with a quick question: I've noticed an unknown (to me) application on my Leagoo T5c running Android 7.0 called "zdemo".
It doesn't appear in my app drawer (I use a launcher called Rootless Pixel that I like a lot, because it's extremely light and easy on the eye), only in the Application list in Parameters, and I've uninstalled it, but I suspect it could have been malware, because all of a sudden, I've started to get unwanted popups in a few application, Blue Mail among them, so I suspect it could come back.
Do any of you know of this app? I Googled it and got nowhere.

It happens to me too. I have another one named media provider or something like that, it has a fake Android logo and it can be desistaled.

Yeah, I managed to uninstall it... Twice, which means it's coming back at more or less regular intervals. I suspect it's a malware, but MalwareBytes didn't find anything wrong on my phone, so I'm a bit stumped.

I suspect those malware were bundled with Rootless Pixel Launcher, because since I've uninstalled it, they're gone and haven't returned...

Zdemo appears in conjunction with System Input Method. I think the former is a trojan and the latter adware. I keep stopping and uninstalling the apps just to have them return. I think the gallery app is the culprit but haven't figured out how to clean it yet because its a system file.

Hi Donna,
Do you own a Leagoo phone too? I've had issues with rotten ROM from that brand before, but I thought that was a thing of the past.
If the Gallery app is indeed the culprit, then there must be a bad picture or video in it that you imported, maybe a cover from a music album you downloaded?
I for one know that all the music on my phone doesn't come from CDs I ripped...
The funny thing is, before I installed those two launchers I mentioned, I had no issues whatsoever. The Rootless Pixel Launcher contacted me via Play Store and defended himself from injecting any bad code into his launcher, and says that CPL Launcher is based on his own Rootless Pixel launcher, so it could be that the repository where the APK is stored has been compromised, and the malware is added to the files before it's made available to the Google Play store, but I can't be sure.

For reasons unknown, my first reply got lost somewhere, and I don't feel like rewriting it word for word. Do you have a Leagoo phone too? If so, which ROM do you have installed on it (mine was released in March 2018)?
I suspect those two malware come bundled with the launchers I mentioned, but the dev for Rootless Pixel launcher assured me his code is clean, and I tend to believe him. I think the repo where his code is stored could have been hacked, but I have no way to prove it, of course.
EDIT: my first reply finally made it to the thread. Sorry for the double post...

UPDATE: I finally did a factory reset, reinstalled all my apps (minus a couple I never used anyway) from the Play Store, put my music back on the device (not my pictures though, because I want to sieve through them first), installed Rootless Pixel Launcher again, and so far, so good, no malware in the applications list.
I'll give it a day or two, just to be on the safe side, then I'll modify my incendiary comment on the Play Store about Rootless Pixel Launcher...

Somebody created this code to bug people, had probably nothing to do uses your ip to track and install his popup window.
If I disconnect my wifi and use my phone without an internet connection zdemo and system input method don't come back. I should try on another wifi or in another country. Wonder if it could be tracked and maybe interesting to see where it leads. Could it be stashed on google play store? It seems curious that there is little info on the web about this problem as if somebody in a key position really f...-up

Yeah, I too find it hard to believe that those two malware aren't better documented on the Web. However, if you scan your device with MalwareBytes and look up the entire name of both, you find ***partial*** references, stating that they aren't "real" malware, just PUPs, which I find intriguing too.
On my phone, I've noted unwanted popups that were hard to close when they were installed, but nothing untoward once I got rid of them, so they're definitely adware, either separately, or working jointly, I don't know.

Related

[Q] Action Launcher malware-like behavior on Pacman rom

Hi guys, not sure if this post belongs here or in the developers section but I recently ran into major problem using Action Launcher and since it seems to be growing in popularity I thought I should post what I found and see if anyone else if experiencing this as well. I'm running the latest stable build of Pacman rom and I installed Action Launcher but it had too many bugs to be a daily driver so I decided to uninstall it, which is where I ran into my problem. Once Action Launcher is installed, it does not allow itself to be uninstalled. The uninstall button becomes completely grayed out. I either have to use Titanium or uninstall through the Play store, which is very weird for a user installed app. I tried contacting the developer but there was no help there. This is very strange. I installed in multiple times just to check and even re-flashed my rom and it still becomes uninstallable upon being installed. I've tried every launcher I've ever bought and none of them exhibit this behaviour.
Can anyone else confirm that this is happening? I posted on the developer's google+ forum and at least one other person is experiencing this but I would love to find out if this is a wide spread problem. Also, it is not installed as system app, since someone already asked me that and all the defaults are cleared so it's not even listed as the default launcher. It's all very weird and I don't know if this is on the end of the rom or the app. Can someone help with a possible explanation or answer?
I would suggest removing the apk manually from the system.
Hope it helped
What does the app do that requires it to call phone numbers directly? This could be a red flag as a lot of malware today consists of bad apps calling premium numbers for direct monetary gain.
syung said:
What does the app do that requires it to call phone numbers directly? This could be a red flag as a lot of malware today consists of bad apps calling premium numbers for direct monetary gain.
Click to expand...
Click to collapse
You know I never really looked at launcher permissions closely enough considering how widely in use they are by the android community, I'm just assuming these are basic permissions every launcher requests. The permissions themselves don't bother me. I'm sure the call numbers directly permission is there because the app allows you to add and call contacts directly from a folder/cover.
I'm more curious about why the app becomes uninstallable after being installed. It's just a behaviour I've never noticed from any other app I've downloaded from the Play store. I would love to be able to explain it but the developer is pretty lax about getting back in touch with people so I thought I would pose the question to the xda community.
Daniel120201 said:
I would suggest removing the apk manually from the system.
Hope it helped
Click to expand...
Click to collapse
No, the app is uninstallable from the Play store and even using third party apps but for some reason not through the system ui, at least not with Pacman rom and I'm pretty sure that shouldn't be the case. I just want to know if other people have experienced something similar, using Pacman or any other rom.
Analyss14 said:
You know I never really looked at launcher permissions closely enough considering how widely in use they are by the android community, I'm just assuming these are basic permissions every launcher requests. The permissions themselves don't bother me. I'm sure the call numbers directly permission is there because the app allows you to add and call contacts directly from a folder/cover.
I'm more curious about why the app becomes uninstallable after being installed. It's just a behaviour I've never noticed from any other app I've downloaded from the Play store. I would love to be able to explain it but the developer is pretty lax about getting back in touch with people so I thought I would pose the question to the xda community.
No, the app is uninstallable from the Play store and even using third party apps but for some reason not through the system ui, at least not with Pacman rom and I'm pretty sure that shouldn't be the case. I just want to know if other people have experienced something similar, using Pacman or any other rom.
Click to expand...
Click to collapse
What he meant was since you have rooted the phone, you can use a file manager to directly remove the apk from the /data folder, hence removing the problem for you.
Also, the app could become uninstallable for several reasons (ROM compatibility issues, version issues, or a specific feature designed to prevent deletion). I would not immediately suspect malware though, as malware would also be coded to not appear in the apps dashboard in the first place, so that you would not be aware of it, unless it was a bad app pretending to be something else (games, etc.)
syung said:
What he meant was since you have rooted the phone, you can use a file manager to directly remove the apk from the /data folder, hence removing the problem for you.
Also, the app could become uninstallable for several reasons (ROM compatibility issues, version issues, or a specific feature designed to prevent deletion). I would not immediately suspect malware though, as malware would also be coded to not appear in the apps dashboard in the first place, so that you would not be aware of it, unless it was a bad app pretending to be something else (games, etc.)
Click to expand...
Click to collapse
I understood what he meant, my "no" was just to let him know that wasn't the issue though I could see how that would be confusing since it also directly answers his question. It's not a problem, I know how to remove the app and using a file manager isn't even necessary since as I said titanium removes it as does simply uninstalling from the Play store. As I said, I've installed and uninstalled it multiple times just to see if it was a glitch. How to uninstall it isn't the issue, why it becomes uninstallable is.
Also, I said malware-like behavior. I didn't say it was malware and I even stated above that none of it's permissions seem suspect to me. That was never the question. This is honest curiosity about why the rom and this app in particular seem to be reacting in this way. It's not a slight to the app or it's developer. When something doesn't work as expected sometimes there's a a genuine interest in finding out how and why. I don't even use the app, I bought it to try because I've heard so many good things but it wasn't my cup of tea. I was just curious why no one else has reported this possible bug. Maybe the "why?" has already been answered but I just can't find the reason, hence my post. I suppose I asked this in the wrong section since I'm not seeking technical help.

Tronsmart TS7 (aka Glacier TS7) installs random apps without permission

I have a (4GB) Tronsmart TS7 (some times known as a Alps Glacier TS7). It's a Chinese MTK6589 based phone running Android 4.2 purchased from geekbuying.
For the most part the device is stock, there are next to no pre-installed apps apart from the usual, and the only additional apps I have installed are: Playstation, Steam, ColorNote, Shuttle+, Root Explorer DI Radio, Chrome & Gmail
The problem I have is that there are apps appearing on the device that I am not installing. So far it has been the same set of apps that appear:
Mobo Market
UC Browser
TrustGo Security
DU Battery Saver
337 Game Master
GameCenter
(there may be more)
These apps don't start appearing right after a factory reset, but start to arrive 1-2weeks later. They also seem to be packaged similarly; when I say packaged I mean opening them seems to prompt with the same menu & style (accept licence etc) before it gets to the main app. Also, after you open the app from the app drawer it then creates an icon on the desktop. Maybe opening it actually does the installing?
The apps themselves seem to be legit.
I have factory reset the device (twice), and changed my Google password but they are still appearing. They don't show up in my Play store history so they must be coming from elsewhere.
My main concern is that if it is downloading things without my permission, what might it be uploading ? Not to mention wasting my 3g data etc.
So I have a few questions:
Should I be (really) worried?
Is there a way to monitor this? eg connect to a wifi hotspot and packet capture the network traffic? or maybe use a process monitor (the ones I've tried so far haven't shown anything) to see if there is some sort of script in the background?
Can it be stopped?
Thanks in advance, I would be interested to know if anyone else has/had this problem?
I have the same problem.
I haven't tried flashing some other ROM yet, but I guess that is the only way to get it to stop installing those things.
Have you actually found any other roms to install?
For anybody's information:
You may have noticed how you always end up with a 'Tronsmart.mp4' video file appearing in your gallery app. This is damn annoying since it appears twice, once on the internal and once on the external SD card. There is an '\system\app\CopyTest.apk' file which creates both of these. Should be safe to delete it and thus prevent the file(s) appearing
I have actually decompiled this apk. It works as a service that runs when MEDIA_UNMOUNTED or MEDIA_MOUNTED is invoked, and does absolutely nothing else.
I have the same problem, those random apps installing and the video always in my gallery. I have managed to stop tge apps by using a firewall and allowing only my apps that i want to use the internet. I havent found a solution though to fix the problem. Probably tronsmart is spamming its customers...
mariosm1cy said:
I have managed to stop tge apps by using a firewall and allowing only my apps that i want to use the internet.
Click to expand...
Click to collapse
What Firewall did you use? I might be able to use something like that to pinpoint the app that's causing this.
Sory for the late reply. I am usin "android firewall" free from google play store.
USB debugging disabled stopped it on mine
edit: not that easy, wasn't enough. made some cleanup by disabing/removing some system apps. seems to work so far although there are still some strange events like superuser crashing and right after that system downloader.apk reappearing. haven't seen any other junk coming back
these are the apk's i removed:
systemupdateassistant
systemdownloader
omacp
mtkbt
midtest
galaxy4
fusedlocation
engineermode
engineermodesim
cds_info
basicdreams.

[Q] Popup from Google asking to protect my phone?

I just got a popup, supposedly from Google, asking for permission to protect my phone in some way. I should have taken a screen shot. My back button would not work, and I had to choose between "accept" or "deny". I chose deny, and immediately an app started to automatically download and install. The popup came up again four more time, and I chose deny each time. And each time, a new app downloaded and installed. In order, the apps were S Note, SNS Provider, Flipboard Briefing, Hancom Office 2014, and Evernote. Shortly after that, I got a text message from 6583 stating: "FREE MSG Your Mobile Locate app is configured to record your Location History; info may be viewed at http://mymobilelocate.com Open app Settings to change."
What the hell just happened to my phone?
wel.. the site leads to at&t and the apps you installed are official apps (the names atleast). As far as I can tell you are just fine, wonder what the popups looked like though.
It's no big deal. A while back, Google started offering to periodically search your phone's installed apps to make sure there were no malicious apps you might not know are bad news. This started after they had a few apps in the Play Store that were malware, and Google went and forceably uninstalled those apps from people's devices. Since some people probably complained about it as some sort of privacy violation, now they offer you a choice (i.e. be stupid, or let them save your ass from malware). I always click "accept". It only asks once per set up, so either on a brand new phone or a factory reset.
Google already knows everything I do with my device(s) anyway, so why wouldn't I want them to monitor my apps for Malware? It is especially helpful if you install apps from other sources outside the Play Store, since you never know what you're really getting.

File Manager Bloatware Removal

Has anybody deleted some of the bloatware apps, more specifically the stock File Manager?
com.jrdcom.filemanager
/data/app/com.jrdcom.filemanager-2/base.apk
Wondering if anybody tried and had any ramifications from it.
This thing just all of a sudden activated itself and runs in memory, and there is no Disable for it. I could install an app to freeze it, but that defeats the purpose.
Moscow Desire said:
Has anybody deleted some of the bloatware apps, more specifically the stock File Manager?
com.jrdcom.filemanager
/data/app/com.jrdcom.filemanager-2/base.apk
Wondering if anybody tried and had any ramifications from it.
This thing just all of a sudden activated itself and runs in memory, and there is no Disable for it. I could install an app to freeze it, but that defeats the purpose.
Click to expand...
Click to collapse
Im runnin lineage on mine and doesnt even have it on there.
I would freeze it. Make sure your downloads and such still work ok.
Give it a few days if good then remove.
TheMadScientist said:
Im runnin lineage on mine and doesnt even have it on there.
I would freeze it. Make sure your downloads and such still work ok.
Give it a few days if good then remove.
Click to expand...
Click to collapse
Thanks, I deleted the culprit. No issues so far.
LOL...after 3 or 4 days the lovely File Manager App magically installed itself. Looks like a more indepth investigation is forthcoming.
Obviously there is another app that re-installs it.
Stinkin thing.
I switched over to the xperia rom on idol 3 And it got rid of a load of crap, Bunch of xposed is working.
I just dont care for the stock rom on this thing at all, Even debloated it runs like crap,
Ive had this device now over a week and cant find any sort of setup I like, I am used to lgs UI.
Even tried t get touchwiz ui and grace to run but nogo.
Did you remove the system update apps too by chance?
TheMadScientist said:
Stinkin thing.
I switched over to the xperia rom on idol 3 And it got rid of a load of crap, Bunch of xposed is working.
I just dont care for the stock rom on this thing at all, Even debloated it runs like crap,
Ive had this device now over a week and cant find any sort of setup I like, I am used to lgs UI.
Even tried t get touchwiz ui and grace to run but nogo.
Did you remove the system update apps too by chance?
Click to expand...
Click to collapse
Haven't really had a chance to look deep into it yet. I've disabled auto updates, so pretty sure it's not getting it from the netz.
Funny thing, I tried running a 100mb system update and i failed to completely install. Havent thot about it much since then, But I suspect it was in that update somewhere, as I had never seen nor had an issue with it before.
Will strip down that update and see when I get a chance.
It comes pre installed as 'files' app, auto updates to "file manager" to then run this 'boost' branded adware. I call it adware because it does not adhere to the android force stop, disable peeking or any other android OS settings and automatically regenerates itself despite the OS not allowing auto updates.
Android should never allow provider apps to have a higher privelage that renders the OS setting useless, bundled apps should also not disable the uninstall and disable functionality of the OS.
I have spent weeks in settings to find out it is allowed to act like a virus and do what ever it wants being rewarded with ad revenue.
Thanks Google for allowing me to purchase hardware pre loaded with junk ads by default with no way of opting out, it's not only a privacy and security concern, it's a consumer complaint.
adware/spyware
Not happy said:
It comes pre installed as 'files' app, auto updates to "file manager" to then run this 'boost' branded adware. I call it adware because it does not adhere to the android force stop, disable peeking or any other android OS settings and automatically regenerates itself despite the OS not allowing auto updates.
Android should never allow provider apps to have a higher privelage that renders the OS setting useless, bundled apps should also not disable the uninstall and disable functionality of the OS.
I have spent weeks in settings to find out it is allowed to act like a virus and do what ever it wants being rewarded with ad revenue.
Thanks Google for allowing me to purchase hardware pre loaded with junk ads by default with no way of opting out, it's not only a privacy and security concern, it's a consumer complaint.
Click to expand...
Click to collapse
Yes , this lovely new addition to the file manager is actually the "Hawk Super Cleaner/ antivirus" seen here: https://play.google.com/store/apps/details?id=com.apps.go.clean.boost.master&hl=en
You can see my complaint(s) here: https://forum.xda-developers.com/idol-3/help/joy-launcher-joy-t3628670
I just installed TWRP and SuperSU on the stock Marshmallow following this guide:https://forum.xda-developers.com/idol-3/general/twrp-custom-recovery-idol3-6045-t3162608 and will be removing this cancer for good!
Cheers, I might have a look at rooting (pain seeing I bought 4 of these for myself and fam). I have reported the appin the playstore for being installed with root permissions bypassing the expected android user settings and will be following up with a complaint to the consumer watchdog.
I never bought hardware with the knowledge an innocent bloatware provider app would turn rouge with root permissions for ad revenue.
My phone will most likely be thrown at the wall so "File Manager" doesn't get another 1000 or so false positive downloads in the playstore from me.
Had 3 myself
Not happy said:
Cheers, I might have a look at rooting (pain seeing I bought 4 of these for myself and fam). I have reported the appin the playstore for being installed with root permissions bypassing the expected android user settings and will be following up with a complaint to the consumer watchdog.
I never bought hardware with the knowledge an innocent bloatware provider app would turn rouge with root permissions for ad revenue.
My phone will most likely be thrown at the wall so "File Manager" doesn't get another 1000 or so false positive downloads in the playstore from me.
Click to expand...
Click to collapse
I hear ya, I bought 3 of these.
I am very careful what I install on my device and read the manifest files on EVERYTHING so you can imagine how angry I was when my own phone manufacturer pushed unwanted adware/possible-probable spyware on to my device with no warnings or asking my permission.
Another odd thing is that after I uninstalled the Facebook app I had 2 apps appear (or were left over?) com.facebook.appmanager.apk and com.facebook.system.apk that were using up data and could not be removed until tonight after rooting.
Interesting article here: https://forum.xda-developers.com/tmobile-lg-v10/help/suspicious-apps-apps-section-facebook-t3415876
I have been studying computer and mobile security as a hobby for some time and have found that these "antivirus" and 'cleaner" apps on Android are the worst offenders of privacy of them all.
Scanning all your files, installed apps, contacts etc etc and sending all that data back to God knows where!
I have found that almost every single app that I have downloaded from the Play Store has some form of data mining and/or analytics.
Unfortunately, it's a catch 22 in Android..rooting your device breaks what little security is built into the system but it's the only way to remove pre-installed crapware.
---------- Post added at 06:02 AM ---------- Previous post was at 05:53 AM ----------
Also, good luck trying to get anything done with Google or Alcatel.
I battled with Google for almost 8 months straight trying to stop an unscrupulous advertiser that was using FAKE virus warnings to trick users into installing an "antivirus" app on the Play store and just got sent around in circles.
Google is complicit!
I was finally successful in stopping the fraudulent activity after I contacted the Federal Trade Commission.
http://smisecurity.altervista.org/DFNDR.html
Data mining is a given these days which is why I have Pi-hole for my home dns and ubuntu for my home box, gotta do what you can. As for this phone I wouldn't do much on it unless I re flash it which is why I am angry with it.
As for Android taking the normal software stance of do nothing unless legally required, this time is interesting to me because they are effectively allowing the bypassing of the playstore agree feature to Install an app, being side loaded from Alcatel like this one would think breaks the playstore terms so knowledge should be enough for action in this case from the android or playstore devs. Doubt it but.
Also apon sale did not mention android as being adapted software that over rides expected android and playstore behaviour but did advertise android and use their logo so most likely a trademark vialation also.
The problem is Alcatel are adapting android and side loading apps to bypass security and privacy user settings to double dip on the customer for income despite the final result, android and the playstore can bury their heads in the sand all they want but they have been made aware of the risks.
Went over it again for peace of mind (sorry) but I wish you the best in your education as we need more people shinning the light on privacy simply because we are in the rise of the machines, not long before people worldwide ask what happened to all the jobs and when did the need for conventional ID actually dissapear.
Not happy said:
The problem is Alcatel are adapting android and side loading apps to bypass security and privacy user settings to double dip on the customer for income despite the final result, android and the playstore can bury their heads in the sand all they want but they have been made aware of the risks.
.
Click to expand...
Click to collapse
Very well said!
The supervisor I spoke to at Alcatel tried to say that I/we agreed to the terms by using their devices which allowed them to push this on to our phones but I disagreed with him.
At one point I even thought of ditching my phone and getting an iPhone or an Android device that is compatible with the Replicant OS https://www.replicant.us/
I have a few Raspberry PI's laying around but never used one as an access point. (I'm assuming that's what your doing?)
I just sent a very nasty email to the developer "[email protected]" and referenced this thread.
Keep us updated if you get anywhere and I will be fighting this from my end and posting any updates as well.
Will do, I don't plan on not continuing with this one because my hardware and android do not operate as advertised.
The day I can rely on Linux for a phone OS is the day android gets ditched but will definatly check out your link also.
Pi-hole is basically a collection of hosts files that block ads and known bad domains on the DNS level, point the home router to it and bam the whole household gets an adblocker by default. Runs smooth but added a few commands to auto upgrade the lists with a Cron job.
Not happy said:
Pi-hole is basically a collection of hosts files that block ads and known bad domains on the DNS level, point the home router to it and bam the whole household gets an adblocker by default. Runs smooth but added a few commands to auto upgrade the lists with a Cron job.
Click to expand...
Click to collapse
Very cool!
I'll have to check that out.
I altered the hosts file on both my laptop and my other rooted phone to block ads and apps I used to have.
This is a small sample of IP's I blocked in the hosts file after running NETSTAT scans, there are a TON more that I added from MVP hosts (it is against MVP's EULA to post their blocked IP's)
http://winhelp2002.mvps.org/hosts.htm
127.0.0.1 localhost
127.0.0.1 search.vip.gq1.yahoo.com
127.0.0.1 a96-6-122-162.deploy.akamaitechnologies.com
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 yahoo.com
127.0.0.1 rtr3.l7.search.vip.gq1.yahoo.com
127.0.0.1 c.amazon-adsystem.com
127.0.0.1 yandex.st
127.0.0.1 mc.yandex.ru
127.0.0.1 c1.popads.net
127.0.0.1 c1.popads.net/pop.js
127.0.0.1 google-analytics.com
127.0.0.1 google-analytics.com/analytics.js
::1 localhost #[IPv6]
---------- Post added at 01:40 PM ---------- Previous post was at 12:54 PM ----------
Wow! that PI-hole block list on Git Hub is a LOT larger than the one I was using!
Him guys and thanks again for the thread. Anyone found a solution? This app is wasting 20 percent of my battery, which does not last me a whole day anymore, it's outrageous. I also sent a report to Google and the app developers.
Cheers
Guys, I found someone with a solution, just see this post: https://forum.xda-developers.com/showpost.php?p=73642381&postcount=4
Cheers
That is not much of a solution unfortunately. The REAL solution is to install TWRP recovery on the adware/spyware infested Alcatel phone and flash to a different operating system. There is an (unofficial) ROM of Lineage 14 Nougat that is pretty decent that can be found on the XDA site.
sloshnmosh said:
That is not much of a solution unfortunately. The REAL solution is to install TWRP recovery on the adware/spyware infested Alcatel phone and flash to a different operating system. There is an (unofficial) ROM of Lineage 14 Nougat that is pretty decent that can be found on the XDA site.
Click to expand...
Click to collapse
It solved my problems
It's easy to solve the problem. Just go to applications. Select file manager uninstall upgrades, it will revert it back to factory version, no more spam !
I was getting really annoyed by the app that stealthily installed itself and called itself File Manager for my Alcatel POP 4. It constantly wanted to clean, boost, virus-protect, be a flashlight and camera app with it’s own toolbar and playing an ad whenever you asked any of those actions to be performed. The beauty of it was that it could not be disabled or uninstalled. I was desperately looking for a way to get rid of it without drastic measures, like a full factory reset or rooting my device. I found a suggestion on the net to install AppMgrIII from the Play Store. I did it as I was determined to try anything at that point. It offered me to replace the app with a “factory version”. I accepted that and sure enough, a normal-looking File Manager with no ads or toolbars appeared, all the rockets, boosts, virus-protection, cleaning brushes gone! I hope it won’t reinstall itself magically. In a perfect world I would prefer to have no file manager on my machine at all and a choice of installing one that I prefer but at least the nightmare of this intrusive monster seems to be over. I hope it stays that way.
Update: reverting back to factory version stopped the spam but it all came back with the next update. Now I reverted it back again and stopped automatic updates on Google Play for all apps. I will pick apps to be updated manually.

Rooted Android Security Measures. What are they?

I've never rooted an Android. One of the warnings I see over and over is that rooted devices are more vulnerable to malware. I don't see any solutions for this though.
What extra measures will I need to take to keep my Android safe?
I use Norton 360 on my PC and Androids. Will this be of any help?
Are there any apps I can install to help with this issue?
Are there any system settings I should use for this particular problem?
Thank you
With stock or rooted the biggest threat is the user themselves. Most either install or download the malware themselves. A fully updated stock Android isn't invulnerable; there's no saving dumb bunnies...
Side loaded apps are high risk; at the least scan with online Virustotal and consider the results before installing. Keep email in the cloud and be careful if you choose to download anything.
All downloads stay in the download folder until vetted. Jpeg's and png's are suspect; open them there first before moving them and watch for strange behavior in that folder. Check the download folder daily for anything you didn't download, if found do not open, delete.
Keep thrash social media apps off the phone, all of them. They are targets and vectors for malware of all types.
Use a good firewall and police what apps are doing. Revoke internet access to all apps that don't need it. Know what apps have run at start permissions; do they need it? Updates and upgrades can cause more lost time then malware trying to find work arounds. Lock auto updates down, and download them only if needed. Updates and firmware upgrades can and do break things...
Most importantly cover your six and be prepared.
Critical data can not be lost, protect it!
Redundantly backup all critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Be ready to do a full reload if needed.
If malware is found or suspected, isolate the phone and if it can't be completely deleted in an hour or two, nuke that load. Be ready to change passwords and secure accounts.
Never trust antivirus apps to detect malware or save you, mostly they just waste resources on an Android.
Thank you!
I'm already doing a lot of those things, especially social media apps.
One of the reasons I want to root my phone is that I can't uninstall, force stop, disable or take away permissions for some apps, like Facebook, Facebook App installer, FB app manager Google, ad nauseum. The same goes for the millions of preinstalled Samsung bloatware apps. They dont stay disabled and routinely restore permissions. Im sick of having to routinely check them all. I'll never buy another Saamsung again.
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
blackhawk said:
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
Click to expand...
Click to collapse
The more annoying Samsung apps I was referring to are the Bixby apps, AR doodle, Smarter things... those kind of apps. If they didn't re-enable themselves restore permissions, I wouldn't mind them so much. But they DO.
I won't be using that phone much longer anyway. I'm going back to Motorola.
I always buy factory or globally unlocked phones. That helps some. But Motorola recently started forcing FB. I can uninstall it, however I have to review updates to make sure it doesn't end up on my phone again. But then I review all updates before installing them anyway..
I always look up the system apps before making any changes. Like Google Easter Egg. Everything I could find says it's unnecessary.
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
blackhawk said:
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
Click to expand...
Click to collapse
I actually already ordered a new Moto. It will be here tomorrow. Well, it's after 1am, so I guess it'll be here later today.
I've disabled multiple Samsung apps, restricted data and battery, taken away permissions, not just in app settings, but in permissions setting, special access permissions... And all the other weird ways I keep finding out about that you wouldn't think would be a place to remove permissions. When my phone starts to slow down, or the battery isn't lasting very long, sure enough, Samsung has gone behind my back and reset my preferences again. I never had issues like this any of the Motorola phones I've had.

Categories

Resources