Can any app be installed as a system app in android - General Questions and Answers

Hello everyone,
I just wanted to ask the following questions
Q1.Can any app be installed as system app without root in android?, and
Q2.Can any malware/spyware/infected file/app be installed as a system file/app without root in android?
I would really appreciate any help from you guys regarding my questions and more,
Thankyou

acegt8 said:
Hello everyone,
I just wanted to ask the following questions
Q1.Can any app be installed as system app without root in android?, and
Q2.Can any malware/spyware/infected file/app be installed as a system file/app without root in android?
I would really appreciate any help from you guys regarding my questions and more,
Thankyou
Click to expand...
Click to collapse
You can't add or remove anything from system without root.
Some malware has been known to install files/apps into system, but that is very specific and depends on the device having certain vulnerabilities.
Sent from my LGL84VL using Tapatalk

Sir, your quote "Some malware has been known to install files/apps into system, but that is very specific and depends on the device having certain vulnerabilities" i could not understand .
Could you please elaborate what kind of event you have come across regarding malware that can install files/apps into the android system and what kind of device it is , so i can understand better.
I hope someone will soon help me out .

acegt8 said:
Sir, your quote "Some malware has been known to install files/apps into system, but that is very specific and depends on the device having certain vulnerabilities" i could not understand .
Could you please elaborate what kind of event you have come across regarding malware that can install files/apps into the android system and what kind of device it is , so i can understand better.
I hope someone will soon help me out .
Click to expand...
Click to collapse
I can't give specific instances with specific specific apps on specific devices. It wouldn't matter even if I could because specific instances have nothing to do with understanding how or why malware gets into system.
It all depends on what is built into the malware and what vulnerabilities there are in the device's kernel.
A generic example is Kingroot, it's an app that is used to root devices, it is well known to install malware and extra apps into system when it is used.
Sent from my LGL84VL using Tapatalk

Related

[Completed] How to root an android device and get super su

Hi guys I know this is a very simple post but since I'm new to forums I thought I would just start with this.
So let's get straight to the point you will only need to download two apps to get root access and have ultimate control over your Android device these apps are all you need:
•Root all devices = I'm a new user and can't post links so just download in play store.
•Supersu =
I'm a new user and can't post links so just download in play store.
•And that's it all you need and if you guys want to help me code a exposed module contact me @0823254209 on whatsapp thank you.
Rootking101 said:
Hi guys I know this is a very simple post but since I'm new to forums I thought I would just start with this.
So let's get straight to the point you will only need to download two apps to get root access and have ultimate control over your Android device these apps are all you need:
•Root all devices = I'm a new user and can't post links so just download in play store.
•Supersu =
I'm a new user and can't post links so just download in play store.
•And that's it all you need and if you guys want to help me code a exposed module contact me @0823254209 on whatsapp thank you.
Click to expand...
Click to collapse
rooting any android device will be different than rooting a certain device. every device differs, and they are made by different manufacturers. rooting a nexus will be different then rooting any samsung, for example.
simms22 said:
rooting any android device will be different than rooting a certain device. every device differs, and they are made by different manufacturers. rooting a nexus will be different then rooting any samsung, for example.
Click to expand...
Click to collapse
Sorry I know I forgot to say that thank you for pointing that out
Sent from my GT-I9190 using XDA Free mobile app

Custom ROMs - Device Security

Hi Guys,
I am new to Android (a noob) - Started with flashing some custom ROMs on my devices and i am bothered by the security of my device, although android is open source, is it possible that a custom ROM is bugged to steal your personal or financial information? I don't have any experience with android development and i don't have time to jump into Android development so even if the ROM is open source i wont be going through the code to check for leaks or potential built-in hacks.
Basically my question is, is it safe to install Unofficial ROMs such as CM unofficial? I understand, the majority of apps store sensitive data on device in encrypted way but still, i don't think it will be hard to just modify the ROM to develop a built-in key-logger OR read username/password from a username/password fields while user is typing using an on-screen keyboard, save it as LOG file and when connected to the internet, send it to the 'unknown' source. I can see so many possibilities, the user wont even have a clue that they are sharing data. it is like Microsoft making windows Open Source and people making their own versions of Windows and users installing them on thier PCs.
Please help me understand - How safe are our devices when running on custom ROMs from developers we don't even know (no disrespect to any dev, all this amazing work is appriciated, I just want to understand the security of android - Please help me understand as after flashing custom ROMs on my devices i am avoiding installation of sensitive apps or even using chrome to type my passwords) - am i paranoid ?
Cheers
It's entirely possible that a malicious custom ROM could steal your data (or worse), and there's really no technical way to mitigate it. You're implicitly trusting the developer of a ROM by flashing it. All you can really do is make sure that whatever ROM you choose is from a well-known, trusted developer.
aliusman999 said:
Hi Guys,
I am new to Android (a noob) - Started with flashing some custom ROMs on my devices and i am bothered by the security of my device, although android is open source, is it possible that a custom ROM is bugged to steal your personal or financial information? I don't have any experience with android development and i don't have time to jump into Android development so even if the ROM is open source i wont be going through the code to check for leaks or potential built-in hacks.
Basically my question is, is it safe to install Unofficial ROMs such as CM unofficial? I understand, the majority of apps store sensitive data on device in encrypted way but still, i don't think it will be hard to just modify the ROM to develop a built-in key-logger OR read username/password from a username/password fields while user is typing using an on-screen keyboard, save it as LOG file and when connected to the internet, send it to the 'unknown' source. I can see so many possibilities, the user wont even have a clue that they are sharing data. it is like Microsoft making windows Open Source and people making their own versions of Windows and users installing them on thier PCs.
Please help me understand - How safe are our devices when running on custom ROMs from developers we don't even know (no disrespect to any dev, all this amazing work is appriciated, I just want to understand the security of android - Please help me understand as after flashing custom ROMs on my devices i am avoiding installation of sensitive apps or even using chrome to type my passwords) - am i paranoid ?
Cheers
Click to expand...
Click to collapse
You are paranoid but that's good!
Yes we are trusting the devs (or Samsung et al with stock) AND hopefully smart coders who regularly check the code (but I suspect checking doesn't happen a lot!). You can use a firewall/packet sniffer to check what servers your phone is connecting to and see (some) of the data being sent to reduce your risk and put your mind at ease. But still it's no guarantee, as I understand it (I'm no expert!).
---
trainsuit said:
If you get a stock android you are also trusting the developer. Just look at these lenovo laptops which had malware served on their stock windows versions. Best is to always start clean when buying any form of product.
Click to expand...
Click to collapse
That's true, but how do you define ”clean”? In theory, you could build AOSP for your device yourself so you're only trusting Google, but that's completely impractical for most people. If you just switch from stock to someone else's custom ROM, you're just changing who you're trusting.
---
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Bach_J said:
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Click to expand...
Click to collapse
Another question for you: if a ROM has malicious code that send personal information to unknown servers, is using a firewall like AFWall+ twhich blocks all system apps sufficient to prevent this malicious ROM to stole data?
Thanks
Bach_J said:
Perhaps it's a silly question but I do it: do you think that a XDA Senior Member with one or two thousand of thanks is reliable?
Click to expand...
Click to collapse
Probably.
Bach_J said:
Another question for you: if a ROM has malicious code that send personal information to unknown servers, is using a firewall like AFWall+ twhich blocks all system apps sufficient to prevent this malicious ROM to stole data?
Thanks
Click to expand...
Click to collapse
No, a custom ROM could make data look like it's coming from any app it wants, or just bypass the firewall completely.
josephcsible said:
No, a custom ROM could make data look like it's coming from any app it wants, or just bypass the firewall completely.
Click to expand...
Click to collapse
Alternatively if the device is on your own network you could wireshark it using a computer and monitor IP addresses that the device attempts to connect to.
LyricalMagical said:
Alternatively if the device is on your own network you could wireshark it using a computer and monitor IP addresses that the device attempts to connect to.
Click to expand...
Click to collapse
This is helpful but not perfect. There's a bunch of ways to stealthily exfiltrate data over a monitored network, and don't forget a malicious ROM might only do its dirty work over cell and not Wi-Fi for this very reason.
josephcsible said:
This is helpful but not perfect. There's a bunch of ways to stealthily exfiltrate data over a monitored network, and don't forget a malicious ROM might only do its dirty work over cell and not Wi-Fi for this very reason.
Click to expand...
Click to collapse
I agree with you it's not a perfect solution; this question is sort of like asking if you can trust someone who has a root account to your computer when you cannot see what they are doing, it's an incredibly disadvantaged situation from the start.
LyricalMagical said:
I agree with you it's not a perfect solution; this question is sort of like asking if you can trust someone who has a root account to your computer when you cannot see what they are doing, it's an incredibly disadvantaged situation from the start.
Click to expand...
Click to collapse
I don't want to flash custom ROMs anymore! :crying:
It can be very dangerous! Or am I paranoid and I can trust xda developers?
Bach_J said:
I don't want to flash custom ROMs anymore! :crying:
It can be very dangerous! Or am I paranoid and I can trust xda developers?
Click to expand...
Click to collapse
Remember, everything I've been saying is reasons not to flash a ROM unless you trust the dev. None of it is saying that devs aren't trustworthy. I don't know of a single instance when a well-respected XDA member's ROM turned out to be malicious.
josephcsible said:
Remember, everything I've been saying is reasons not to flash a ROM unless you trust the dev. None of it is saying that devs aren't trustworthy. I don't know of a single instance when a well-respected XDA member's ROM turned out to be malicious.
Click to expand...
Click to collapse
Thank you for clarifying that but the question comes once more: how to recognize a well-respected XDA member? With the number of thanks? It is obvious that if the smartphone you are interested in is not so famous, there will be few comments on custom ROMs, too. So, how to evaluate the reliability of a xda dev who is developing ROM for not-well-known devices?
Are ROMs in Original development Section trustworthy?
Bach_J said:
Thank you for clarifying that but the question comes once more: how to recognize a well-respected XDA member? With the number of thanks? It is obvious that if the smartphone you are interested in is not so famous, there will be few comments on custom ROMs, too. So, how to evaluate the reliability of a xda dev who is developing ROM for not-well-known devices?
Are ROMs in Original development Section trustworthy?
Click to expand...
Click to collapse
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
billysam said:
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
Click to expand...
Click to collapse
Thanks for the complete explanation!
billysam said:
Number of thanks can hardly tell that a dev is reliable or not(in some cases it can), rather it's the quality of their work and their expertise on the related topics that could clarify their position a bit. the recognized contributors, recognized developers, recognized themers you should look at cause
these are given to a member after being checked and passed by moderaters here on XDA. So they are pretty much reliable guys. in cases where there are no recognized developers and hardly any comments. you will have to check and find out yourself
1. ask the dev if he has tested the ROM himself?
2. how did he compiled the ROM? is it a port or just a modified copy of another ROM or a build from source.
3. check the link of the download, if it's to some survey site or ask for a password, stay away from it.
4. if you trust the download link, then download scan with antivirus and unzip the file.
5. generally I look inside app if there are apps which I don't trust and I remove them, then check build.prop, init.d folders. basic things to look for is any references of some other website/ports in between codes. if you're more paranoid you can check bin folder as well and every other you want.
6.don't install the ROM simply Root and debloat.
Click to expand...
Click to collapse
I've just unzipped ROM but I can't find what you said. I've only found build.prop and nothing else!
Here a screenshot:
Bach_J said:
I've just unzipped ROM but I can't find what you said. I've only found build.prop and nothing else!
Here a screenshot:
Click to expand...
Click to collapse
That's because lollipop and marshmallow ROM files are further zipped into system.new.dat files which needs another method to extract, https:\\forum.xda-developers.com/android/help/extract-dat-marshmallow-lollipop-easily-t3334117
Just a small correction. When going to aosp you I ly are trusting yourself as you can inspect everything you add and remove what you don't.
Now to add to your paranoia. A custom rom could be made that allows all apps root permission without the users knowing. Add in a Key logger and have e it all headed without you ever knowing. This is common is xiaomi and other china based devices.
Heck there are a few key parts in the playstore with built in Key loggers.
Heck most of the go apps send all their data to China. Things like their Keylogger files, screen recording and device usage. But mind you it is all legal

Strange "zygote" process root permissions request

Hello guys,
Yesterday this strange and unknown process "zygote" started asking me root permissions. Obviously I have not given them to it but I'm worried about because googling it I read that it could be linked with Triada malware, that exploits Zygote, this fundamental part of Android.
Anyone knows what the hell is it? Thank you.
dooz96 said:
Hello guys,
Yesterday this strange and unknown process "zygote" started asking me root permissions. Obviously I have not given them to it but I'm worried about because googling it I read that it could be linked with Triada malware, that exploits Zygote, this fundamental part of Android.
Anyone knows what the hell is it? Thank you.
Click to expand...
Click to collapse
A real zygote will never ask for root, as it has it anyway. You got yourself a virus...
optimumpro said:
A real zygote will never ask for root, as it has it anyway. You got yourself a virus...
Click to expand...
Click to collapse
I found the problem, it was WhatsApp Extension, a Xposed module. Just deactivated and removed it.
optimumpro said:
A real zygote will never ask for root, as it has it anyway. You got yourself a virus...
Click to expand...
Click to collapse
I found the problem, it was WhatsApp Extension, a Xposed module. Just deactivated and removed it.
dooz96 said:
I found the problem, it was WhatsApp Extension, a Xposed module. Just deactivated and removed it.
Click to expand...
Click to collapse
I am also using it and it is asking zygote and whatsapp root privilege.. It gives a decent privacy option so should I uninstall it..??
[email protected] said:
I am also using it and it is asking zygote and whatsapp root privilege.. It gives a decent privacy option so should I uninstall it..??
Click to expand...
Click to collapse
Try to check if there is a new update
I do not have Whatsapp and Xposed and phone is clean but have Zygote asking for supersu. Why?
kimiraikkonen85 said:
I do not have Whatsapp and Xposed and phone is clean but have Zygote asking for supersu. Why?
Click to expand...
Click to collapse
yeah Same for me :/
I just encountered zygote requesting SuperSU permission today. I have Xposed but not WhatsApp. Any help on this issue will be greatly appreciated.
mel2000 said:
I just encountered zygote requesting SuperSU permission today. I have Xposed but not WhatsApp. Any help on this issue will be greatly appreciated.
Click to expand...
Click to collapse
Gamekiller also has that
Just happened here: "zygote" requesting for root permissions. Have Xposed installed and barely one single module running (Xtoast) as of now. I've been using Xposed in several devices, ranging from GB to MM and I can't remember zygote asking for root permissions before. This one (Acer S57) is KK 4.4.4, though it's not pure Android and I must say that I actually have a red warning from Xposed installer (attachment), so yes, I've installed under my own "risk". After some research on the subject, I've found some people suggest it could be either a SuperSu (v2.82) bug, or some sort of malware... After checking via Apps2SD emulator (attachment) there's only one zygote process, so I'm almost concluding that most likely, this has everything to do with Xposed being installed on Acer's custom ROM. Whatever; meanwhile I decided to follow suggestions about not granting permissions to zygote since as a "general rule", this is not supposed to happen. I'll keep an eye on this and place this question on the proper Xposed thread, because I'm pretty sure this ain't no malware but something related to Xposed...
Sent from my acer_S57 using XDA Labs
I am fairly certain that no app will ask your root permissions. That's just ridiculous and also keep in mind, that applications are developed for locked phones, which means they naturally won't have access to root. There is no reason for them to be asking root permissions.
I also had this zygote pop-up in 2 of my devices and it appeared in both devices after i Installed hebf optimiser..can anyone confirm if it's a virus? I gave it root access to see what it does
warez, piracy, or enabling of them will not be discussed on XDA.
Many of us make our living off software, no matter your beliefs on it, piracy takes from our tables. Earning a living at 99cents at a time is HARD.
Don't be a thief, pay for the work that others do for you.
Came here for answers,i have the same question. This process just popped up, haven't installed anything recently but Google maps did an update so that might be a clue.
dooz96 said:
I found the problem, it was WhatsApp Extension, a Xposed module. Just deactivated and removed it.
Click to expand...
Click to collapse
I considered appropriate to share "WhatsApp Extensions" developer quote to rovo89's answer on this matter:
https://forum.xda-developers.com/xp...pp-extensions-add-extra-t3452784/post73993216
BTW, a few minutes earlier, I just denied zygote root permission request, this time on Moto G4 Plus... and I DON'T have "WhatsApp Extensions", but a nice amount of other Xposed modules installed. Must watch which one fails to do it's job, I guess... or just do what @rovo89 says.
Sent from my Moto G4 Plus using XDA Labs
Heyho,
just came across this thread and read about a similar issue earlier. So, just to leave another hint why zygote is maybe asking for root permissions.
Here is a nice explained article
https://securelist.com/attack-on-zygote-a-new-twist-in-the-evolution-of-mobile-threats/74032/
Regards,
Sebastian
Sent from my HUAWEI WAS-LX1A using XDA Labs
k1ll3r8e said:
Heyho,
just came across this thread and read about a similar issue earlier. So, just to leave another hint why zygote is maybe asking for root permissions.
Here is a nice explained article
https://securelist.com/attack-on-zygote-a-new-twist-in-the-evolution-of-mobile-threats/74032/
Regards,
Sebastian
Click to expand...
Click to collapse
Sorry to bring up an old thread, but that link you posted made my head hurt. LOL!
Actually, I took my time and read it slowly so my old brain could grasp how it was created.
Someone put a tremendous amount of work into that clever attack.
Thanks for posting that!

Beginner question - flashing an application??

Dear all,
and sorry for newbie question but I was not able to find an answer on the internet - mainly due to lack of knowledge regarding the terminology - which words to use for search. Is it rooting, flashing?? Can anybody post a thread where this is solved?
The issue:
I have a chinese cellphone HOMTOM HT16 PRO, Android 6.0 and would like to install few applications (antivirus, tasker and other tools) which I want to be a fixed part of the system = even after the factory reset these applications are not deleted. How this can be done? Or at minimum how this technique is called?
Thank you in advance for any answer and thank you for pation with the lack of language as well technical skills. :good:
Zbrk
zbrk11 said:
Dear all,
and sorry for newbie question but I was not able to find an answer on the internet - mainly due to lack of knowledge regarding the terminology - which words to use for search. Is it rooting, flashing?? Can anybody post a thread where this is solved?
The issue:
I have a chinese cellphone HOMTOM HT16 PRO, Android 6.0 and would like to install few applications (antivirus, tasker and other tools) which I want to be a fixed part of the system = even after the factory reset these applications are not deleted. How this can be done? Or at minimum how this technique is called?
Thank you in advance for any answer and thank you for pation with the lack of language as well technical skills. :good:
Zbrk
Click to expand...
Click to collapse
What you're asking is quite simple
What you need is root access, and a root app manager such as Titanium Backup.
Methods of gaining root access is device dependent so you'll have to check Google or YouTube for the tools and tutorials for your phone.
If you're able to successfully root your device, then the rest is easy.
I'd advise you to go and do a bit more research on "rooting" though before you proceed. As you can potentially render your device a "brick" if you mess something up.

[Help] New to root, Is this app safe?

I'm new pretty new to rooting and the XDA community, so I two questions.
The first question Is this app safe to use and is it open source?
It's called EmojiReplacer (Link to XDA thread)
The second question would be how can I determine for myself if apps are secure?
I ran the APK on virus total and it came back clear but I'm unsure if root access could bypass any of this, thanks in advance for the help!
Apps what require root-access generally are unsafe, IMO.

Categories

Resources