Doogee T5 Lite Stock ROM Malaware, Adware and Viruses - Android General

It's well known now that some brands of Chinese smartphones come pre-packed with system adwares, malawares, spywares, etc. I even think of possibly starting a new thread where we could start a ranking of the worst Chinese brands with infected systems. So far, I have a couple of bad experiences with budget smartphones such as Umi London, Nomu S20 (problems were corrected by the developer though) and Doogee (T5 Lite).
From all them Doogee has been a nerve wrecking experience:
1) Stock Firmware was never updated. It's the same old one, full of viruses, malaware and adware. I posted a request on their forum for which I wait a possible answer: https://community.doogee.cc/forum.php?mod=viewthread&tid=4498
2) It comes prepacked with malaware such as adware and others which keep installing new ones and it's very annoying. I could not find any clean custom ROMs on this forum or at 4PDA. Other users report the same problems such as in this thread which I quote:
I was facing some issues with Doogee T5. Main problem was that some doogee phones came infected with malware (Caused by such apps as Xender or parallelspace ) and phone was downloading additional malware apps
Click to expand...
Click to collapse
Or this at 4PDA:
I think everything is climbing through google services and the Android system.
I block / delete Google’s trash services / applications for weeks, but the left traffic still flows through Android.
PS: while writing a new "virus" ...
Click to expand...
Click to collapse
3) OTA firmware update is fake (it will never happen).
So I start this thread so that you can also share your experiences and hopefully the developer will address and correct these problems. Who knows someone someone might even come up with a custom solution/ROM.
Also, please let me know what you think of this idea of starting some sort of public ranking of the worst (or best) Chinese smartphone brands with regard to firmware integrity/cleanness. Any ideas on how to implement it? Perhaps a public poll? Feel free to share your ideas or even take the initiative. I think this would be a good way to encourage accountability and good standards on the budget smartphones developers and industry with regard to firmware integrity and customer support.

Related

[Q] What If a malicious ROM came here ?

This Question may be belongs to all the ROM's.
Lot of "How to make your own ROM" tutorials available these days.
What if some programmer with great knowledge made a custom ROM which can take personal details of the ROM users ?
I mean If such ROM's are there , how can we find it ?
anybody ?
Please answer my question.
doperthancoke said:
I don't know. But what I already know is, the NSA is already spying on us regardless of what ROM you're using.
Google and Facebook are all suspected of doing the same thing. They are spying on me as I type this.
Also, a lot of popular ROM say they collect usage data for "development purposes"; to "improve the rom" (example: Cyanogenmod). How do you know they're not lying? For all we know, all CM users could've had their data stolen by the Cyanogenmod team themselves. A lot of OEMs ROM (stock ROMs by manufacturer) seem to also say that they collect usage data for development - HTC Sense for instance.
MIUI is another popular custom rom developed by Xiaomi company based in China. Recently, there are scandals about Xiaomi producing smartphones which collect personal details and send them to servers in China. This has been examined by network monitoring apps. They showed that Xiaomi phones constantly send data to Chinese servers. Note that Xiaomi phones run MIUI as stock rom. So the whole spying thing could happen to MIUI roms users as well.
All of the ROMs mentioned above are all really popular: they are being ported compiled and published on xda every single day....
What I'm saying is, we live in an era of technology, in which privacy is on jeopardy. There are already ROMs and Apps capable of collecting your personal data. Whether, they actually do it or not, who am I to say? But in my honest opinion, yes, they may very likely do that. The tragic part is, You and I can't do anything about it. Regular mobile users and consumers don't have power over affairs. It's the politician, the corporate shareholders who hold real power. They collect your personal data sell it for profit.
Sent from my C1605 using XDA Free mobile app
Click to expand...
Click to collapse
You can start by installing and configuring Xprivacy, Adaway, Minminguard, Greenify and Debloat the phone etc plus anything else to try and keep the data transfer down to a minimum but it becomes rather tedious and sometimes confusing when **** stops working properly.
I'd love a rom that is stripped to the bare essentials with these apps injected and configured ready to go. is there such a one?
Thank you !!
doperthancoke said:
I don't know. But what I already know is, the NSA is already spying on us regardless of what ROM you're using.
Google and Facebook are all suspected of doing the same thing. They are spying on me as I type this.
Also, a lot of popular ROM say they collect usage data for "development purposes"; to "improve the rom" (example: Cyanogenmod). How do you know they're not lying? For all we know, all CM users could've had their data stolen by the Cyanogenmod team themselves. A lot of OEMs ROM (stock ROMs by manufacturer) seem to also say that they collect usage data for development - HTC Sense for instance.
MIUI is another popular custom rom developed by Xiaomi company based in China. Recently, there are scandals about Xiaomi producing smartphones which collect personal details and send them to servers in China. This has been examined by network monitoring apps. They showed that Xiaomi phones constantly send data to Chinese servers. Note that Xiaomi phones run MIUI as stock rom. So the whole spying thing could happen to MIUI roms users as well.
All of the ROMs mentioned above are all really popular: they are being ported compiled and published on xda every single day....
What I'm saying is, we live in an era of technology, in which privacy is on jeopardy. There are already ROMs and Apps capable of collecting your personal data. Whether, they actually do it or not, who am I to say? But in my honest opinion, yes, they may very likely do that. The tragic part is, You and I can't do anything about it. Regular mobile users and consumers don't have power over affairs. It's the politician, the corporate shareholders who hold real power. They collect your personal data sell it for profit.
Sent from my C1605 using XDA Free mobile app
Click to expand...
Click to collapse
I know it about Xiaomi.
If I dont hit thanks , I wont be a human, very good explanation bro.

Can i trust my chinese (Umidigi) phone for email, banking, passwords ? (Umidigi S2 Pr

Please help, I am unsure what to do now that I received my Umidigi S2 Pro unlocked phone that I purchased from GearBest and waited a month to receive-- booted it up and ran malwarebytes on it only to learn it has two adware programs built into the system. Norton did not find anything except a KRACK (some sort of Key reboot wifi vulnerability???) risk (not sure if it is on the phone or just an alert for my home wifi?). I thought I was getting a nice smartphone at a good price, but now I am very worried if I can trust such a phone from china-- would it be safe to set up the phone for online banking, for email with my email username and password? Should I just sell the phone on ebay and go back to using my ASUS phone that I bought in the USA where I live? The Umidigi is such a nice looking phone, but if it is a security risk I certainly will not use it, I would then sell it and take the loss and learn the lesson, ugh.
Quicktouch apparently contains the following adware as detected by Malwarebytes: Android/Adware.Xinyinhe.CJ
TouchPal 2017 apparently contains the following adware as detected by Malwarebytes: Android/Adware.Cootek
^^^They are both system apps so they are not so easily removed.
Thoughts, advice?
Midiman55 said:
Please help, I am unsure what to do now that I received my Umidigi S2 Pro unlocked phone that I purchased from GearBest and waited a month to receive-- booted it up and ran malwarebytes on it only to learn it has two adware programs built into the system...
Click to expand...
Click to collapse
Your best bet is to post this question within one of the following threads that is specific to your question.
http://forum.xda-developers.com/showthread.php?t=1846277
http://forum.xda-developers.com/showthread.php?t=1620179
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT PROVIDE SUPPORT VIA PM UNLESS ASKED/REQUESTED BY MYSELF.
PLEASE KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
I also have a similar issue,
Have checked the threads recommended and they are totally irrelevant to the question asked, so here goes:
I bought a new Umidigi phone from an online store, now turns out it seems to be rooted, should I just throw it away or is there any resoanable explanation to why it is like that. Is there anything I can do to be able to use this phone with safety.
Thanks
Shmool said:
I also have a similar issue,
Have checked the threads recommended and they are totally irrelevant to the question asked, so here goes:
I bought a new Umidigi phone from an online store, now turns out it seems to be rooted, should I just throw it away or is there any resoanable explanation to why it is like that. Is there anything I can do to be able to use this phone with safety.
Thanks
Click to expand...
Click to collapse
Did a root checking or antivirus app say it's rooted? I knew these phones have adware & questionable issues around personal data, but didn't think they come rooted. Though maybe some third party with access to phone rooted it, was it sealed when you got it? ( Could also have been installed in factory by unauthorised person or at instructions of Chinese government (though probably only if you or your company is a high value target))
Don't waste your money.
I have Umidigi S2 Pro.
It has very low quality.
The touch screen is very hard to use.
Cheap plastic material with very poor build quality.
The battery real capacity is not 5000mah. The battery is not detectable by battery software. Perhaps only 3000mah
The camera is so blurry. You just get fuzzy pictures.
Too many applications crashed instead of 6GB RAM.
The worst thing it come without any guarantee.
It' nothing but wasting my valuable money.
Can you imagine the fallout for a company, trying to compete in the International Marketplace if just ONE of their products was found to be phishing? In fact it would be commercial suicide in their own countries too.
I have a Umidigi A3, bought for a third of the price of my similar spec Samsung, and I also found that certain apps stated the phone was rooted, but root checkers and superuser software all found this not to be the case. I always rooted my early phones to play around under the hood, but lately certain establishment apps would refuse to work stating security issues with root so I haven't rooted my last couple of phones.. I have had no such problems with my A3. My establishment apps check and wave my little A3 through with a smile. False positive? I'd say likely. The cost of the license to use the latest Google Android OS kind of negates the reasoning behind 'the phish' . I believe the tweaks needed to customise the OS to Umidigi products is what causes these false posies.
And the build quality is superb!! For the price I paid, it may be akin to a Mini in the vast world of mobile communications, but it's deck out with the shiny walnut dashboard and plush seats of a Mini Rolls Royce. Time will tell about it's reliability but so far I don't think I'll ever pay hundreds of pounds for a mobile phone again.
My whole take on this Chinese security question is this.
1st, Google is a bigger (biggest) privacy risk. They can access your phone anytime without you knowing (if they wanted to). But yet no one thinks twice about trusting them, plus most people allow them to save all their passwords and info. But yet it's no concern to most.
2nd, A lot of other phone companies have their internal chips produced in China. And if the Chinese really wanted to spy, it's gonna be built into the hardware.(backdoor) Heck the US government was doing this. Everyone forget?
A lot of these proprietary chips even have access to your internet so they can download their proprietary drivers in the background without your knowledge.
There is no true security. The backbone of the internet was built to share information not secure it. Security starts with you. Everytime you choose to have private information at a convenience, you sacrifice security.
And as far as post 1 which I know is a year old, but for anyone that stumbles across this. The adware that was detected was probably all from TouchPal keyboard. That app is so junk, it even installs apps on your phone. It's always preinstalled on provider phones and such.
Google shouldn't allow these apps to be approved and these companies need to be held accountable for allowing these practices.
Good luck and safe browsing!
aaron74 said:
...Security starts with you. Everytime you choose to have private information at a convenience, you sacrifice security.
...
Click to expand...
Click to collapse
Absolutely concur. Thanks very much for the very true statement. And I think especially that what I partially quoted above can't be stressed enough.
Maybe this falls into the same context?
thanks for your reply
IronRoo said:
Did a root checking or antivirus app say it's rooted? I knew these phones have adware & questionable issues around personal data, but didn't think they come rooted. Though maybe some third party with access to phone rooted it, was it sealed when you got it? ( Could also have been installed in factory by unauthorised person or at instructions of Chinese government)
Click to expand...
Click to collapse
HHi, thanks for replying. The bitcoin wallet app said it was rooted, so yeah. But there were other strange things, like the draw lines security lock already is set so that I can't change it or use it. I bought it on aliexpress "new". It came it its' package and everything in it only it had been opened. It was stuck at costumes for a while so it seemed as if they opened it and play with it a bit there, but then after I saw the rooted thing everything us looking phisy.
Honesty, regardless, having this device made me understand once and for all where all the money goes to with those top dollar phones and why it is so worth it. Cause yeah, you kind of have everything... But it all sucks. Screen sucks, camera sucks. Multitasking sucks. Battery sucks. Radiation feel sucks, and seems pretty sure security sucks. So yeah, you kind of have efrything, but the low quality is felt. Daily.
Chinese brand phones cannot be trusted. It's best to buy Japanese or American ones, at least they're more secure in terms of malware and Trojans.

Who is Nokia?

https://medium.com/@roundedeverett/who-is-nokia-cb24ecbc52a9
Very interesting article (and related links in it) about how shady and deep could be the world behind the brand Nokia (or what it was).
As Nokia consumer, aficionado to the actual Brand, I'm feeling a little betrayed. Yesterday I spent the whole evening uninstalling through ADB all the Evenwell apps, but in my mind it's not the same as it was.
You guys have any thoughts?
Really scary stuff in this article... But how on earth Google allows Nokia to have their phones with Androidone label?
Sent from my Nokia 7 plus using Tapatalk
azizmulhim said:
Really scary stuff in this article... But how on earth Google allows Nokia to have their phones with Androidone label?
Click to expand...
Click to collapse
does Google really know?
What’s new!! Most phone manufacturers do things with their phones, if its not their own skin on top of Android it is make no them look faster than they are when using benchmarks or if of Chinese origin then possible spyware to monitor usage etc.
Sent from my iPad using Tapatalk
Stransky said:
What’s new!! Most phone manufacturers do things with their phones, if its not their own skin on top of Android it is make no them look faster than they are when using benchmarks or if of Chinese origin then possible spyware to monitor usage etc.
Click to expand...
Click to collapse
yeah, of course, but I feel like it's slightly less "legit" than some offboard-crappy-chinese brand. It's not Cubot, UMIDIGI, or Chuwi, I mean, we're talking about Nokia, it has heritage.
taldeital said:
yeah, of course, but I feel like it's slightly less "legit" than some offboard-crappy-chinese brand. It's not Cubot, UMIDIGI, or Chuwi, I mean, we're talking about Nokia, it has heritage.
Click to expand...
Click to collapse
Yes, but then Foxcon makes the innards, so Chinese are involved.
Sent from my Nokia 7 plus using Tapatalk
I read that article yesterday. It confirmed what I had suspected all along. I had a nice chat in a telegram group about this. I'll post my side of conversation here, they contain my opinions. I'm sorry I'd love to type all that but it's very late here and I'm already getting a bit of headache [emoji14]
TL;DR - Google needs to look into this and also clarify how much "freedom" OEMs get to play in the Androidone ecosystem. And HMD should have their own software division as it'll also help people directly connect through their forums.
Gravemind2015:
Well it needs to be said now, more than ever. I had my suspicions from day one, and now it's clear that 2 of their 3 promises are based on thin air.
As evenwell isn't part of either AOSP or androidone, the "pure" tag deserves to be used on pixel phones more than HMD phones.
And, as the company evenwell, if it even is a company, or rather a division inside FIH to handle software; is shady enough. Even the MIUI and other Chinese ROMs have clear development divisions inside their company and the software are at least handled by the phone company themselves.
Another interesting thing to note is if FIH makes the hardware and ships the software, what is the role of HMD in the making of phones? Only designing sketches I guess. They're more interested in selling the stuff, rather than making it. This is what makes the key difference between HMD and Nokia. Nokia made the phones, innovative or not. HMD is just selling customized generic phones, although the hardware has quality.
I know it might hurt to read this, and I'm aware as I've two Nokia smartphones in my house too, but the sad truth is they are not what they advertise they are, people buy the phones thinking they are Nokia, we buy phones thinking they are HMD consisting of people who worked at Nokia, but they are just like every other phone that was built by a single manufacturing company.
Although the hardware manufacturing is understandable as the company is relatively new and is building a sustainable business before diving into a DYI approach, the least they could have done is to invest in an in-house software development division to handle the software component.
Another interesting thing to look here is the role of Google and to know if addition of core system level applications as well as usage of substitute system apps in place of the AOSP/Google implementation are allowed in phones under the Androidone program; and if so, the definition of "pure" android that Google true to relate it's Androidone term to. If androidone is advertised at is best and Android as how Google sees it; then maybe they consider evenwell a part of androidone, and maybe consider that FIH division to be very good and competent. I doubt if Google actually admits to it, but the statements I told here in the previous sentence are the common sentences being used to describe androidone; at least in Nokia events."
Another thing to add: If they really can't have their own software team, they can at least ensure transparency and Google should check the Android software and block the usage of the power.g3 sort of applications at minimum. And give public a clear and easy to understand definition of androidone, what the OEMs have freedom to choose from etc.
And one benefit of HMD having their own software division would be that they could directly connect and take feedback from the users and then work on them. They've got their own forum, they've got Twitter too. Am in-house division would help them supervise on the "secure" part too.
Broadcasted from Zeta Reticuli
taldeital said:
https://medium.com/@roundedeverett/who-is-nokia-cb24ecbc52a9
Very interesting article (and related links in it) about how shady and deep could be the world behind the brand Nokia (or what it was).
As Nokia consumer, aficionado to the actual Brand, I'm feeling a little betrayed. Yesterday I spent the whole evening uninstalling through ADB all the Evenwell apps, but in my mind it's not the same as it was.
You guys have any thoughts?
Click to expand...
Click to collapse
thanks for the info.
have you noticed any weird behaviour after removing the evenwell packages? Would you be interested in creating a guide on how to remove them?
jv.batista said:
thanks for the info.
have you noticed any weird behaviour after removing the evenwell packages? Would you be interested in creating a guide on how to remove them?
Click to expand...
Click to collapse
so far, no weird behaviour. I just lost two VPNs but I already set them up again, so no trouble.
I used this guide: https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/ to uninstall most of the Evenwell packages, g3powersomething among them.
a Nokia 2 user (@jcd000) did a great job naming all the shady packages safe to be uninstalled: https://forum.xda-developers.com/general/general/nokia-2-apps-safe-to-delete-t3783158
there are also several Google packages among them, just use your rule of thumb to know what do you actually need and what not, using descriptions of the packages.
If you think a whole comprehensive guide would be useful, I'll write it, no problem.
jv.batista said:
thanks for the info.
have you noticed any weird behaviour after removing the evenwell packages? Would you be interested in creating a guide on how to remove them?
Click to expand...
Click to collapse
probably somebody more experienced than me could write a batch with adb commands to batch uninstall all the packages in once!
I could probably do it too, but it'll take a couple of months :laugh:
in the meantime, nobody answers from HMD/Nokia HQ: https://twitter.com/taldeital/status/1090322409704603649
I tried to stimulate a conversation or at least I was looking for some answer, plausible or not.
I was able to disable a lot of apps from evenwell in Android Pie 9.0.
So far I do not see any impact on my phone.
same here, after few days everything smooth.
device seems also less laggy.
Well that's an interesting article.. I just disabled like 16 evenwell apps and left 12 enabled.. let see if anything change
I am running the phone with all the evenwell apps disabled. There is slightly higher drain in idle, but the notifications arrive properly...
From the performance and functionality, nothing is impacted...

Backdoor for hacking

I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
My 1+7P does not have the Engineering Mode app. Those articles are 2 years old, so my guess is they don't ship with that app any more.
jdhedden said:
My 1+7P does not have the Engineering Mode app. Those articles are 2 years old, so my guess is they don't ship with that app any more.
Click to expand...
Click to collapse
Its not an app, its behind the scenes, its located in system/app folder, which can be debloated with root. But I have had been using OnePlus devices since OnePlus One with no issues, Identity theft or hacking. Always had bootloader unlocked and rooted.
markmywordz said:
I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
Click to expand...
Click to collapse
Yes it's possible to hack. This is a serious Memory Leak vulnerability in the chipset, where a hacker can chain multiple hardware level exploits to leak sensitive information in your CPUs TLB cache.
Chill man, we're using android OS, with all sorts of components from different manufacturers, in a digital age where privacy is a myth. You can't do anything if Snapdragon has a backdoor in their chipset, or your NFC/Bluetooth chip might have. Google knows everything about you and what you do on the phone.
You can't do anything to save yourself from the components you use (Google's OS, Different vendors chipsets, OnePlus's Phone), they all collect certain amount of data from you, and that's expected, everybody everywhere does it. And there's always a flaw everywhere that hackers are constantly using to hack your device (recent WhatsApp's bug which was actually a flaw in the SRTP protocol itself), they're called 0-days when they're discovered. Unless they aren't, you won't even know how many hackers have access to your data and your device.
So either don't use smartphone or any sort of connected digital equipment, or use it and stop worrying about hackers.
rootSU said:
Yes it's possible to hack. This is a serious Memory Leak vulnerability in the chipset, where a hacker can chain multiple hardware level exploits to leak sensitive information in your CPUs TLB cache.
Chill man, we're using android OS, with all sorts of components from different manufacturers, in a digital age where privacy is a myth. You can't do anything if Snapdragon has a backdoor in their chipset, or your NFC/Bluetooth chip might have. Google knows everything about you and what you do on the phone.
You can't do anything to save yourself from the components you use (Google's OS, Different vendors chipsets, OnePlus's Phone), they all collect certain amount of data from you, and that's expected, everybody everywhere does it. And there's always a flaw everywhere that hackers are constantly using to hack your device (recent WhatsApp's bug which was actually a flaw in the SRTP protocol itself), they're called 0-days when they're discovered. Unless they aren't, you won't even know how many hackers have access to your data and your device.
So either don't use smartphone or any sort of connected digital equipment, or use it and stop worrying about hackers.
Click to expand...
Click to collapse
Privacy is not a myth.
Only for privacy reason many users falsh a custom rom, use microg instead of google.
But Snapdragons already have a backdoor, Just like intel management engine it has build in engine(2nd OS) inside chipset(intregrate with ARM architecture)
>https://thehackernews.com/2016/03/android-root-hack.html?m=1
>https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/
>https://www.androidauthority.com/qualcomm-critical-flaw-chipsets-979708/
https://wccftech.com/security-exploits-put-snapdragon-powered-devices-at-risk-of-hacking/
markmywordz said:
Privacy is not a myth.
Only for privacy reason many users falsh a custom rom, use microg instead of google.
But Snapdragons already have a backdoor, Just like intel management engine it has build in engine(2nd OS) inside chipset(intregrate with ARM architecture)
>https://thehackernews.com/2016/03/android-root-hack.html?m=1
>https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/
>https://www.androidauthority.com/qualcomm-critical-flaw-chipsets-979708/
https://wccftech.com/security-exploits-put-snapdragon-powered-devices-at-risk-of-hacking/
Click to expand...
Click to collapse
The debate on this is endless, but I'd just say that you contradicted yourself by first saying that Privacy is not a myth, and then saying SD has a backdoor inbuilt.
Nobody buys a $700 phone with the latest chipset and 4G/5G connectivity to debloat and not install anything on it. As soon as you're on the internet, no matter custom rom, no matter what apps you have installed on it, you're giving up your privacy one way or the other.
If you truly want privacy, live a life like Richard Stallman, look him up, and see how he accesses the internet to maintain his privacy: https://stallman.org/stallman-computing.html
Richard Stallman said:
I am careful in how I use the Internet.
I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see https://git.savannah.gnu.org/git/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).
Click to expand...
Click to collapse
markmywordz said:
I want to buy ONE+7 for flashing roms n rooting.But i recently faced some-fissy matters about Oneplus backdoor,According to this person Elliot Alderson, Oneplus r giving permissions to hackers by creating a backdoor on the chipset(probably).
>https://www.wired.com/story/oneplus-phones-have-an-unfortunate-backdoor-built-in/
>https://motherboard.vice.com/en_us/article/59y4vz/oneplus-backdoor-engineer-mode
guys i m very worried about this thing.Need help to investigate.is it possible to hack ?!?!?
Click to expand...
Click to collapse
Old articles that have nothing to do with the 7 Pro or any recently released OnePlus device.
If you are that worried, unlock the boot loader and root.
Then run an app that sniffs all traffic leaving the phone.
Moderator Announcement: Thread cleaned and closed as it developed into (nicely called) a political discussion and consparicy discourse.
XDA Forum Rules (excerpt):
...
2. Member conduct.
(...)
2.4 Personal attacks, racial, political and / or religious discussions: XDA is a discussion forum about certain mobile phones. Mobile phones are not racial, political, religious or personally offensive and therefore, none of these types of discussions are permitted on XDA.
...
Click to expand...
Click to collapse

Chinese phones and spyware - is rooting / custom firmware & ROM the answer?

So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
They could have embedded hidden backdoors in the hardware or worse.
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Fytdyh said:
Well, things are still the same, if not even worse. Beside security patches, Google has been cracking down on rooted users, so in the near future some features and some apps might stop working. Unfortunately users with just an unlocked bootloader might be caught in the crossfire. As for privacy, try Xiaomi. Sure, there have been rumors of Spyware on Xiaomi devices. Well, back in January some cybersecurity firm from Germany test that theory. Proved it was false.
Germany: No evidence of spying from Xiaomi phones
One point for Xiaomi
www.gadgetmatch.com
Thus Xiaomi might be one of the good ones. At least in terms of being spied by them. Sure, third party apps also spy on you, but for that you have adb.
Click to expand...
Click to collapse
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
steveyc2 said:
That's bad to hear that Google are trying to put the squeeze on and a deterrent to investing time and energy installing Roms that may only get worse with time in terms of G Apps and services.
Hmmm that article refers to an absence of censorship rather than not spying.
Here's an example of the story which I've seen repeated elsewhere on Xiaomi spying:
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
Xiaomi is collecting users’ browser habits and phone usage, raising red flags for privacy researchers.
www.forbes.com
Click to expand...
Click to collapse
Sorry about that.
At this point, I doubt there isn't a smartphone maker that does not track its users. From chinese makers to American makers, everyone tracks their users. Their data sells the best. At this rate, if you want to totally protect your privacy, don't buy a phone. Anything and everything can be tracked. Dumb phones and smartphones. So picking a smartphone isn't going to keep your privacy secure. You might have a say in how many people do you want to track you, based on phone's price.
steveyc2 said:
So I'm looking to buy a new phone and it seems that about 70% of the market share in the best buys is comprised of Chinese owned manufacturers.
There have been numerous reports of such manufacturers collecting user-identifable data and phoning home with it. I know that western owned phone companies collect data but believe that the rules /laws, ehtics and security are better followed in the west. I'm not trying to get into a debate of east vs west btw this is just my opinion. Yes I know that almost all phones are manufactured in China but I'm more concerned about who is influencing the companies themselves if they are Chinese.
So given that I value my privacy and want to keep personal data out of the hands of bad actors I'm left with a choice of buying a western owned phone which are generally much lower spec for a price point or perhaps buying Chinese and rooting.
My question is whether this is a practical answer given the need to use a phone as a secure device e.g. 2FA and internet banking apps etc and a reliable daily driver? Also my experience tells me that when one takes a custom ROM they take on responsibility for applying patches and updates which is something of an administration burden I probably don't have the time /inclination for.
For the record I've flashed and used custom roms on about 3-4 devices in the past so have some first hand experiance but wondered if things have changed for the better or worse?
Click to expand...
Click to collapse
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Be aware that no cell phone provides you with true anonymity.
xXx yYy said:
To be on the safe side, you can install an alternative ROM, such as LineageOS, instead of the preinstalled OS: requires phone's bootloader is unlockable.
Click to expand...
Click to collapse
yes i know i can do that- and the firmware too- my question was about the practicality of living with such a phone once done
xXx yYy said:
Be aware that no cell phone provides you with true anonymity.
Click to expand...
Click to collapse
Yes, aware of that, just trying to minimise exposure while still having a usable phone
blackhawk said:
They could have embedded hidden backdoors in the hardware or worse.
Click to expand...
Click to collapse
worrying but if one wipes the firmware and ROM then that would mitigate any hardware backdoor risks I would have thought?
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
sso003 said:
Has anyone actually tested a custom rom on a chinese phone that was known to send data back to chinese servers?
For example:
test with stock rom: wireshark shows phone sending information to chinese IP
test with custom rom: wireshark shows no packets sent to chinese IPs.
Click to expand...
Click to collapse
Some infos could go to an American proxy server then to Chinese. In order to be sure no one gets you data, learn to code and make your own rom and your own apps. Open source apps are an option if you know to check the source yourself.

Categories

Resources