System Input Method's playstore link
[Playstore link: https://play.google.com/store/apps/d...ster&hl=en_GB]
Application Process: System Input Method (Process Name: com.ss.android.secure.cleanmaster)
listed as a system file.
Installed APK: /data/user/0/com.ss.android.secure.cleanmaster-1/base.apk
/data path: /data/user/0/com.ss.android.secure.cleanmaster
Version: 1.05
Target SDK: 22
Permissions:
Have full network access.
View WiFi connections.
View network connections.
Download files without notification.
Read phone status and identity
Modify or delete the contents of your usb storage.
Read contents of your Usb storage
Prevent phone from sleeping
Retrieve running apps
Draw over other apps
MainService: ime.mobile.ime.main
NOTE: This app written for older Android OS. So if installed in newer android versions, all permissions will be allowed even if you blocked it.
Last edited by SniperAlert2046; Today at 09:27 PM.
Malwarebytes classified it as riskware.
But after uninstalling it, the app came back again at random hours. seemingly downloading and installing other apps (like Haike News - communist news; and Ireader)
Drains battery and used data (to download files and maybe mine for crypto)
tried using ADB to remove it but as the base.apk is stored in root folder, the app can reinstalls itself when triggered (by the programmer / hacker or randomly)
Rooted phone and then installed Afwall+ firewall. But the firewall steathily disables internet filtering at odd hours. (or maybe the firewall is bugged).
So decided to deactivate Updater app (linked to redstone) and the OTAupdater... system app since phoine already rooted and that the Leagoo company does not provide regular OS updates. (except pushing Haike News, System Input Method and H5plugins riskwares to phone).
Well, although AFwall+ firewall did not work, thereby exposing my phone to the internet without filtering IP traffic, the riskwares did not return. So uninstalling Updater (the one with the com.redstone.ota.ui pathname) and the System Update (com.sprd.systemupdate) works for me.
Netguard firewall managed to blocks internet access by system apps. The Leagoo's Built-in Weather app created Baidu folder in root folder (collecting many encrypted log files probably for sending back to Baidu servers in China.). Would be better to uninstall Leagoo Weather app and install a 3rd party one.
Related
Here i present the Mother of All Hosts file out there for you to prevent Stupid ADs, Crazy Malware and Spyware and other Nonsense Unwanted Parasites in your SGS2 Baby.
NOTE: This 'hosts' file is compatible with any Android Operating Environment. Everything Is Linux
> What is a 'hosts' file? What it Does? Whats in it for Me?
The 'hosts' file contains the mappings of IP addresses to host names and loaded into memory (cache) at startup. Android OS checks the 'hosts' file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the localhost (127.0.0.1), which is a loopback and traffic is dropped instantly (saving your millions of money used my network traffic 2G/3G/4G). Another feature of the 'hosts' file is its ability to block other applications (bogus applications) from connecting to the Internet, providing the entry exists.
'hosts' file is used to BLOCK ADs, BLOCK Banners, BLOCK 3rd Party Cookies, BLOCK 3rd Party Page Counters, BLOCK Web Bugs, BLOCK Web Hijackers, BLOCK Phishing Sites, BLOCK Malwares, BLOCK Spywares, BLOCK Trackers, BLOCK Unauthorized Application connections to web and BLOCK other Malicious activities...
This is not 100% Protection but atleast it takes care of MOST OF THE SECURITY ISSUES.
For full Security, Use Antivirus or Security Suite from Android Market.
> Performance Issue? Will my device run SLOW?
I am using this 'hosts' file from my chilhood days and never had any performance issue to date, Although you might have a little delay in startup (boot cycle) and then everything will be cool in standby and active mode. I say "Little delay is better than ADs, Malwares and Spywares..."
> Compatibility?
Any Android Release.
> How to install?
You have to be ROOT to copy the 'hosts' file to '/system/etc' and setting the permissions to 'root:root' and '0444' or 'r-r-r'. Reboot SGS2 and That It. ENJOY.
> What is the Updated Cycle?
'hosts' file is updated every 3 months.
> Any Qyeries?
Ok. I am Ready.
Tried it, seems to work fine so far, even blocked an advert in Astro file manager, adfree tends to miss this, so thanks.
Good share. I am going to use it.
How about making a list of all the ip addresses in Google docs and share it. We can update it based on others feedback. A similar approach (in a stone age way ) like adblock plus addon available in browsers.
I think users capable of understanding hosts file, can also modify it
I love this, I didn't expect the banner boxes to disappear too, thought it would just be white.
isn't there a version without adblocking? I don't like removing ads.
virtualflyer said:
isn't there a version without adblocking? I don't like removing ads.
Click to expand...
Click to collapse
A hosts file IS adblocking, so no there won't be
Sent from my ice cream powered Nexus S
About to give this a try, is there an update due as been 4 months since last release?
Is there an Xperia S version?
Oh and an Optimus Me version? I HATE ADS.
Is there any update about this!? Sir?
Bump! [emoji4]
Swiftkeyed from my OPO A0001
many apps require too much permissions that they do not need to function
most apps needs internet connection to talk to some API (let's say updates checking or notifications ..etc) and need to access SD Card (for buffering/caching)
it would be great if the OS is structured in a way so that we can grant apps access only to specific directories that only belong to it (think of browser cache, youtube buffer ...) and when the user promptly and consciously want to pass files (eg. upload file throw a web browser) they get stagged/promoted/linked to that area accessible by the app.
till that happens, we have SELinux in many android phones can we use it to sandbox apps (the idea is there since 2009 see http://danwalsh.livejournal.com/28545.html)
can we define a policy that
1. those apps are not allowed to access my gallery directory (DCIM)
2. those apps are allowed to access my gallery but are not allowed to use network connection
in desktop linux it was successfully applied (here it was applied on firefox http://danwalsh.livejournal.com/31146.html)
In any ROM (even without gapps) there will always be automatic connections with Google(captive portal mode, ntp) and Qualcomm (ntp, gps) The theory says that we have to deactivate automatic date and time and use only the integrated GPS (or otherwise contact Google / Qualcomm) but in practice these hosts will connect to the internet when they can ... The file in a LineageOs ROM is usually in /vendor/etc/gps.conf. On the other hand, there are geolocation alternatives, such as theUnifiedNIp project. Later, we can use other servers such as Mozilla. For this purpose we need to have MicroG installed, although I leave the information in case you are interested in.
The exception would supposedly be Replicant, but it supports few devices.
To avoid the espionage of Google we need the following:
-Before installing / formatting / flashing, we export our contacts in .vcf format and then recover them by importing the file from the Contacts application. If you want synchronization you can use, for instance,DAVdroid in Nextcloud / Ownclowd. This file and our photos / videos are taken to the PC and viceversa using a wire. We also download F-Droid, Afwall firewall and Adaway apks. We do not connect to the internet till I say even we have to avoid mobile data or wifi in the setupwizard.
-We flash a LineageOs ROM, without gapps and without MicroG(because it generates too many connections with Google). In your options we will uncheck Automatic Date / Time. We become root with Magisk or su.
-The next step is to deactivate the captive portal mode. All Android phones send a ping to Google to verify that the internet works. In Development Options we will enable the Local Terminal / Shell. Afterwards, we look for the new app and we open it.
In order to have root access we write:su
Then we will put:settings put global captive_portal_mode 0
And finally:reboot (also in the terminal, because if we restart manually it will be activated again)
-We disable "Intent Filter Verification" system app. It connects to Google and Amazon to verify the net. It is not necessary to be root. We force stopping and afterwards we disable it.
-If we use Android Pie we change Private DNS from automatic (default) to No.
-Install the firewall Afwall + We will give access only to the apps that interest us. However, there is a "bug" in Android that produces another inevitable data leak for any Firewall. This occurs at the boot of the system in which the program is incapable because it is loaded later, and the OS takes advantage to skip the locks. In its experimental options, there is one that controls this behavior. "Fix the data leak at boot" To let us mark the option, which by default will be gray, we must indicate in the immediately superior option "Path of the home directory for script", the first one that appears/sbin/.core /img/.core/service.d. Besides, we mark IPv6 compatibility. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
-AdAway. Now It is the moment to connect to the internet. We add the lists I put below, update the app and reboot. We are going to block Google servers (time.google.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date / time and using only the integrated GPS for time, they will try to connect to the time servers as soon as the phone connects.
To simplify, we added the host that I created for that purpose:
https://gitlab.com/Jorgu81/hosts/raw/master/HostsGoogle
Most recommended is Steven Black, although it is not essential:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- After that, we install the F-Droid store. We are going to avoid Yalp Store/Aurora because they generate too many connections with Google, but you can install / uninstall if you need any app.
-IceCat web browser. Startpage, Qwant or SearX search engines. The reason, here:
https://spyware.neocities.org/articles/browsers.html
First of all we disable its addons because they break the webs. Afterwards, we put the ublock addon Origin.. If you want to avoid Google webcrawling we must block its domains with the aforementioned add-on. These are some of its trackers:
adservice.google.com
admob.com
adwords.com
adservice.google.es
adservice.google.com
doubleclick.net
googleapis.com beware! Some forums will not load correctly if we block ajax.googleapis.com
google-analytics.com
googletagservices.com
googleusercontent.com
googletraveladservices.com
googlesyndication.com
googleadservices.com
gstatic.com (it tends to break many websites, so use it manually where possible)
-SD Maid. This program is very complete and with it we can disable system applications or avoid autobooting them. But what interests us is to remove tracking permissions of the apps, specifically those referred to Google. These are boot (auto-start),analytics, tracking, firebase and in general those that refer to google. If the apps contain any of them, we will remove them. We look for "Application Control" (previously we can mark it to indicate also those of the System in Settings) and after selecting them, we select the app and choose "Permission Manager". Do not forget to give the 3 points above (Other) to see all of them. Example with Whatsapp. Uncheck "com.whatsapp.Bootreceiver","google.android.gms.measurement.AppMeasurement Receiver","com.google.firebase.iid.FirebaseInstanceIdReceive r","com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver"
https://sdmaid.darken.eu/download/production/
If we want to avoid its automatic connections we could disable the options in Settings, General Settings, Bug reporting.
Do not forget Trust in LineageOs in order to change, deny or allow permissions of our installed apps.
With this we have finished the initial configuration to avoid, as far as possible, the espionage of our system.
----------------------------------------------------------------------------------------
Applications / recommended settings (from F-Droid, as usual):
-Beta Updater for WhatsApp. To update the well-known application.
-XprivacyLua. We need Xposed:
Xposed (not Android 9)
https://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
EdXposed (Android 9, alpha)
https://forum.xda-developers.com/xposed/android-9-0-xposed-solutions-t3889513
It will block all the information from our terminal that apps can takefor their indeterminate purposes. Few of them will make an incorrect use of it because they come from F-Droid. If we use WhatsApp we have to leave at least permission to clipboard and Contacts. In IceCat only for clipboard.
Removed old info.
Updated info:
-Disabling Intent Filter Verification due to its connections with Google, Amazon, and so on...
Another update and I hope the last...
We mark IPv6 compatibility in the firewall. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
Nevertheless, if we do not apply this, we could see data leak (AdAway, wireshark, tcpdump)
Now, there is no automatic connections at all.
On the other hand, I will install Pie soon so I will hope not to find too many problems...
Last update with Pie.
Only strange connections between mobile and router with Private DNS that is in automatic mode by default. We change it and select No.
-Added more hosts
-Changed hosts from GitHub to GitLab.
Now, we have 0 automatic data again when we turn on/off wifi or mobile data.
Hey I have multiple Android devices 10 at the least. They have all been hacked. I found .dload and .config folders on all of them. Also when I went to remove memory and sim from one it automatically began uploading a custom rom. Of course I've reset them all but not sure how many already have been rooted by someone else. I'm a little familiar with the process so I picked up on some of the signs. My dns has been switched to automatic. My developer options have been configured to the t. It's also configured to infect any other devices near by. I have no idea where to start
Markowski82 said:
Check system.
Bitdefender Mobile Security - Apps on Google Play
Powerful Antivirus Protection, Mobile Security & Virus Cleaner for Your Phone
play.google.com
Click to expand...
Click to collapse
Do u know how to permenitly delete .dwnld and .chat_temp files. They just keep coming back
Markowski82 said:
chatTEMP folder may be created by the SnapChat application.
.dwnld android - Google Search
Click to expand...
Click to collapse
This phone was just purchased with nothing but what came pre-installed. I checked hidden files immediately and it wasn't there. Shortly after I noticed my inability to remove location access from numerous system apps and the inability to configure call forwarding. Checked files again and show hidden files had been switched . When I turned it back on .Chat_temp and .dwlnd were now in my files directory. The files are used to gain administrative privileges and remote access.
This was built using Tasker but I'll share the extracted APK from App Factory below so it can be used without Tasker.
This is similar to ADB App Control for PC in its functioning. It has several executable commands that can be performed on applications in batches. Current commands are: Install, Enable, Disable, Uninstall, Uninstall Updates, and Reinstall. Requires ADB WiFi access to use. ROOT NOT REQUIRED. Can perform all commands on system applications.
In a nutshell, it makes debloating and re-bloating automated and quick. Can filter applications to show: System, User, Enable, Disabled, and Uninstalled. Also can combine filters and color code applications by their current state. Recently added the ability to save custom lists for quick recall of certain applications.
No experience with ADB necessary.
If you're not sure what uninstalling or disabling system applications can do to your device, you should probably not use this. I take no responsibility for any software issues that occur as a result from using this tool.
TaskerNet Task Import: CLICK HERE
Direct APK for use without Tasker below