I have many times found devices or ROMs that have malware installed as system apps. This thread is intended to define a recurring problem and discuss and determine solutions.
Background:
In many cases malware apps can simply and directly be removed with root privileges. A complication, however, arises when the app to be removed is: a rather important app, necessary to run or boot the operating system, or an app of its kind is necessary to run or boot the operating system. Only removing such apps may resolve the malware problem, but creates other major problems such as an inability to meaningfully operate the Android environment or an inability to boot the Android operating system. A few typical examples of such apps are the Settings app and the Package Installer app.
Wherefore, to perform a proper repair, a malware app must instead be patched to remove the malware or replaced with another clean and compatible app.
For basic Android apps, such as the Settings app and Package Installer app, that are malware infected, I would think that the best course of action would be to replace the infected app with a clean AOSP version or clean OEM version. Using the OEM version of the app would only be acceptable if the app were available and the OEM is believed to not have or be the source of the malware.
The Problem Being Considered:
For a malware infected system app to be replaced with a clean AOSP version, my impression of the most obvious option that would be most likely to work would be to build Android from source against the target device and for the same architecture and Android version as the malware-infected system, and then donate its apps as replacements for the malware-infected apps and replace the malware-infected apps. Unfortunately, while the method should be effective, it comes with considerable costs. The sizes of the various Android source codes are quite large and it can take a rather long time to acquire and process it. It is worth considering other options.
Questions to Resolve Problem or Are Related to Problem:
Instead of building Android from source against the target device and for the same architecture and Android version as the malware-infected, AOSP-based system to use as a source for donating replacement apps:
Should it be sufficient to use apps from a pre-built AOSP or AOSP-based build of Android, such as LineageOS, with the same Android version and architecture as the build of Android of the infected device?
Should it be sufficient to use apps from a pre-built AOSP or AOSP-based build of Android for a different device, but with the same Android version and architecture as the infected device? Is the matching of the SoC or processors of the donating Android build and the target Android build important for donation app compatibility purposes?
Is it acceptable to use a build of Android of a different minor version to acquire an app for donation to the malware-infected app build? (For example, malware-infected build may be of Android version 7.0, but other, clean Android build may be of Android 7.1.2)
Can just single Android system app be compiled? If so, would it still require acquiring the source code for the entire Android version?
Are there any generic, pre-built offerings of Android that may be used to acquire the replacement apps for donation to the malware-infected Android build? If so, where?
Any other recommendations or things I may not have thought of?
Related
Hello,
First off, apologies if I have posted this in the incorrect forum.
The company I work for is looking to update one of it's product lines and has been toying with the idea of using Android as a development platform. Up until now the philosophy has always been to develop simple, bespoke embedded software that provides only the functionality that is needed at the time. The device itself will be a medical device, and as such will have no telephony requirements (and associated things like contacts, calander and the large majority of the pre-installed Android apps).
I have read, and understand it is possible to re-compile Android from source and remove all of these non-required functionality. My question is really if that is worth doing? i.e. stripping out all un-needed applications that get build into a stock ROM. Or would it be a more efficient to use some form of OTS embedded Linux platform?
Something in Android 4.0 that does seem to be useful is the support for Bluetooth HDP.
Kind Regards,
Simon
Well there are other devices that aren't phones that use Android. Take the motoactv for example. It's a fitness watch that runs a stripped version of Android, but it's still Android and applications can still be programmed and installed to it.
Original Post : linkedin.com/pulse/google-android-guys-here-idea-you-prashantha-mundkod
Today, I have some business ideas for Google Android guys..
Idea
A tool (a desktop tool and/or android app tool ) for creating ROM and installing stock android.
This tool basically does 3 major tasks.
1. Reads hardware information of an Android device through the desktop/android tool and creates a stock android ROM for that device.
2. Creates a super user , roots the device , installs the ROM created in step 1.
3. Provides an option to keep/remove the super user after the installation based on user sophistication.
(Alternatively, tool will install a generic stock android and then look for appropriate drivers for the device after the installation)
Why do we need a tool ?
Here is what I found while playing around with stock android.
1. Majority of handset manufacturers simply don't bother provide updates . Even if they do, its ridiculously delayed.
2. The UI created by most manufacturers is not innovative or user friendly. They are loaded with ridiculous amount of bloatware. Since they don't bother to provide timely updates either, end user is stuck with an older version of Android regardless of device's capability to support newer versions of android.
3. For an average user, there is no simple way to install a stock android . Users are in mercy of tech forums and developers who volunteer to create custom ROM. Expecting a ROM from volunteers for all devices out there is unrealistic . Trusting those ROMs is another biggest concern as well. Despite the volunteer efforts , installing a stock android ROM still needs some level of IT knowledge , not the cup of tea of an average android user.
4. There is no generic stock android ROM. Reason perhaps is that, creating a package with drivers for thousands of manufacturers would be practically not feasible as the package size would be enormous.
User Experience
An end user who wants a stock android doesn't need to be an IT guy and the tool should be simple to user. Example : Click a button that would read hardware and create the package, next user interaction is a prompt asking the user to install the stock android ROM. All other user interactions such as retaining super user etc is an an option for advanced users.
Manufacturers
Any custom UI or App package a manufacturer wants to push for their device should be updated as App package from manufacturer over a pure android . (Example : Once user install the stock android, manufacturers like Samsung, can push their app like Galaxy gifts etc as a package. )
This would shorten the development cycle for manufacturers as well. Thus updating Android for their device becomes purely a app package for an android version , rather than individual device.
Advantages
For users, clearly the benefit is the ability to have most updated software and experience of pure android and freedom from abandonment of device from manufacturers.
For Google (and Android as a platform ), one of the biggest competitive disadvantage is , its fragmentation. One of the reason for fragmentation is that, for a large number of devices, simply there is no easy way to update the software. The tool could help solve fragmentation issues.
The tool may be included as part of Google's attempt for Android One initiative. Certainly , no explanation is necessary on how it benefits Google from having one single version of android in all (or at-least as many devices as possible) android devices.
For now, that's it . When i am free, I will post the details on how exactly they should do it .
Experts... What do you think ?
Disclaimer : Views expressed are my own.
A ROM, for those who don't know, is an operating system build that runs on your device with basic applications such as an address book, calendar, camera, etc.
A major advantage of Android smartphones is that they can be operated by third-party systems and not only with the original ROM. Custom ROMs replace the pre-installed version of Android on devices. The substitution is made by a variation of the AOSP, adapted by volunteers with 'too much free time'.
These volunteers often work more frequently than the manufacturer itself – at least when it comes to updates.
AOSP?
AOSP means Android Open Source Program. It is a version of the open source code of Android, developed by Google in its consortium of brands to offer a pure version of the system, which is available to anyone. It can be modified by developers without the need to follow standards of Google applications.
Thanks to this project, the birth of custom ROMs like CyanogenMod, Paranoid Android, MIUI and others have come about.
Advantages of custom ROMs
System upgrade for older smartphones
Many Android owners already know this problem: the smartphone is already a year old but the manufacturer hasn't released updates to the device. The new versions of Android are not only interesting because they bring new features but also because they fill security gapps.
Third party firmware uses the official codification of Android as well as a compatible driver for smartphones. This keeps everyone up-to-date on the newest version of Android. And it's not difficult for a custom ROM to be more updated than the original firmware
The smartphone is faster
One of the biggest advantages of using custom ROMs is your smartphone will be faster. Themes and applications preinstalled by the manufacturer are reduced to almost nothing. This saves a lot of memory space and increases the device's performance.
Customization options galore
Custom ROMs not only bring the latest version of Android but also give you many customization options. The possibilities are almost limitless.
You have root access (administrative)
With root access, you have control over all of the functions of your device. With the original Android, some functions are hidden. Now the modified firmware gives you unlimited access to all the features of your smartphone. Furthermore, backups are performed more easily.
Ideal for purists
Since custom ROMs are based on the 'Android Open Source Project' they are enriched with more functions and the appropriate driver by the team behind the community firmware. So if you bought a less stocky Android device like a Sony or Samsung you can still get a stocky experience.
Disadvantages
Custom ROMs are wonderful but before you decide to change your device's original firmware you should familiarize yourself with the disadvantages of the process.
They void the warranty
If your phone is still under warranty, you could have the possibility of voiding it if you decide to install a custom ROM. There are just a few manufacturers that will tolerate changes to the device system. Xiaomi is one of them.
They're a lot of work
Custom ROMs are perfect for those who love a good challenge. But if this doesn't sound like you then you won't like custom ROMs. Between updates, the system root and unstable versions of a device, your patience could reach its limits.
The lack of Google applications
Third-party firmware comes with very few Google apps. The Play Store applications have to be installed again. The Google apps that you will need to install again can be found on the site.
Credits @ SHAHJADE ALAM
Devendar Reddy D said:
A ROM, for those who don't know, is an operating system build that runs on your device with basic applications such as an address book, calendar, camera, etc.
A major advantage of Android smartphones is that they can be operated by third-party systems and not only with the original ROM. Custom ROMs replace the pre-installed version of Android on devices. The substitution is made by a variation of the AOSP, adapted by volunteers with 'too much free time'.
These volunteers often work more frequently than the manufacturer itself – at least when it comes to updates.
AOSP?
AOSP means Android Open Source Program. It is a version of the open source code of Android, developed by Google in its consortium of brands to offer a pure version of the system, which is available to anyone. It can be modified by developers without the need to follow standards of Google applications.
Thanks to this project, the birth of custom ROMs like CyanogenMod, Paranoid Android, MIUI and others have come about.
Advantages of custom ROMs
System upgrade for older smartphones
Many Android owners already know this problem: the smartphone is already a year old but the manufacturer hasn't released updates to the device. The new versions of Android are not only interesting because they bring new features but also because they fill security gapps.
Third party firmware uses the official codification of Android as well as a compatible driver for smartphones. This keeps everyone up-to-date on the newest version of Android. And it's not difficult for a custom ROM to be more updated than the original firmware
The smartphone is faster
One of the biggest advantages of using custom ROMs is your smartphone will be faster. Themes and applications preinstalled by the manufacturer are reduced to almost nothing. This saves a lot of memory space and increases the device's performance.
Customization options galore
Custom ROMs not only bring the latest version of Android but also give you many customization options. The possibilities are almost limitless.
You have root access (administrative)
With root access, you have control over all of the functions of your device. With the original Android, some functions are hidden. Now the modified firmware gives you unlimited access to all the features of your smartphone. Furthermore, backups are performed more easily.
Ideal for purists
Since custom ROMs are based on the 'Android Open Source Project' they are enriched with more functions and the appropriate driver by the team behind the community firmware. So if you bought a less stocky Android device like a Sony or Samsung you can still get a stocky experience.
Disadvantages
Custom ROMs are wonderful but before you decide to change your device's original firmware you should familiarize yourself with the disadvantages of the process.
They void the warranty
If your phone is still under warranty, you could have the possibility of voiding it if you decide to install a custom ROM. There are just a few manufacturers that will tolerate changes to the device system. Xiaomi is one of them.
They're a lot of work
Custom ROMs are perfect for those who love a good challenge. But if this doesn't sound like you then you won't like custom ROMs. Between updates, the system root and unstable versions of a device, your patience could reach its limits.
The lack of Google applications
Third-party firmware comes with very few Google apps. The Play Store applications have to be installed again. The Google apps that you will need to install again can be found on the site.
Credits @ SHAHJADE ALAM
Click to expand...
Click to collapse
A custom rom is anything that is not stock from a manufacturer first off, you can have modified stock rom and it is a custom one bc you modified it. What you are talking about here is a source built rom with heavy modifications. Secondly they do not void your warranty. Tripping knox or bootloader security voids your warranty. And this does not always occur when rooting and you can reset that flag most of the time and flash stock firmware before sending your phone back in for warranty.
I have the plan to get my fingers dirty with building Android ROMs for some older devices to provide them with security fixes and maybe new functions.
After looking around in XDA and AOSP, I think, I'll get a grip on the build process. However, I'm absolutely not clear what it means, if the device vendor has discontinued software updating and proprietary elements are available from an older version only. The example is the Nexus 5, where Google stopped software maintenance with Android 6. Would those older modules be still usable? Am I thinking too complicated?
Instead of upgrading the device to a new Android version, which apparently can bump into limitations like memory etc., would security fixes be backported to older Android versions?
Mainline it to the main Linux repo
Use mobian END or
If you want android Get the upgraded LOS port to your device and port it to AOSP using the android mainline kernel (now with the last Linux you can use any android version you want), with mainline drivers like freedreno etc... (You can use drm-hwcomposer) END or
If you want your stock rom like OxygenOS extract the GSI of the newer model of your phone, decompile apks, edit files etc... To match your hardware and reenable lost features or disable feature with hardware requirements. To make sure everything is working fork LOS and call it, merge it with the prebuilt GSI and modify it to work lawless with stuff like enforced selinux.
I'm doing this with my OnePlus 6T, my hope is to have the last OxygenOS that work flawlessly on mainline kernel and upgrade it until the hardware is not good enough, then I'll just use mobian or buy a new phone.
Given that Android is comprised of multiple disjoint components, about two dozen of which are encompassed in Project Mainline/Treble/Google Play system updates/etc., now mostly simply referred to as "Google System updates"...
"One of Google's biggest efforts for Android in recent years is to make updating parts of the operating system easier, cutting out the middlemen wherever possible to deliver updates directly to customers. Originally referred to as Project Mainline, the system is now called "Google Play system updates" or sometimes "Google System updates."
These updates are downloaded and installed automatically by the Play Store, with the installation finalizing whenever you decide to reboot your phone. Generally speaking, the system is designed to go unnoticed, a goal that Google has achieved with relative success."
Click to expand...
Click to collapse
I have asked this key pertinent question of everyone I can ever since project Mainline/Treble had been announced way back for Android 10 and have yet to get _any_ answer whatsoever that has any basis in published facts from Google.
The question...
For the two dozen core modules covered in project Mainline, for how long does Google update them over Google Play Update services on Android 10+ phones?
The answer...
Is it finite?
Is it forever?
Is it arbitrarily finite?
For how long are the two dozen core modules updated over Google Play for any given Android X+ device?
GalaxyA325G said:
Given that Android is comprised of multiple disjoint components, about two dozen of which are encompassed in Project Mainline/Treble/Google Play system updates/etc., now mostly simply referred to as "Google System updates"...
I have asked this key pertinent question of everyone I can ever since project Mainline/Treble had been announced way back for Android 10 and have yet to get _any_ answer whatsoever that has any basis in published facts from Google.
The question...
For the two dozen core modules covered in project Mainline, for how long does Google update them over Google Play Update services on Android X+ phones?
The answer...
Is it finite?
Is it forever?
Is it arbitrarily finite?
For how long are the two dozen core modules updated over Google Play for any given Android X+ device?
Click to expand...
Click to collapse
The "project mainline" is misleading. Here when I tak about mainlining I'm talking about running android with a generic Linux kernel instead of the fork. So you can basically update the kernel to infinity and so port every android version you like.
So basically now I'm porting the OnePlus 6t to aosp using android-mainline as kernel with drm-hwcomposer. So anything forked or something.