Possible tampering or what? - General Questions and Answers

Ok. Last year someone was able to tunnel into my network at home. Alot of crazy s*** went down. Long story short, I think there's something fishy going on again.. let me explain.
Everytime I get a new phone, laptop, desktop, etc. I start finding a ridiculous amount of hidden files and folders. The PC side is no longer the issue, now its moved to Android, I think?..
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far. I also found that there is a partition of the internal storage, completely hidden and inaccessible. Like.. I can't see anything. Add that with permissions being changed randomly so I'm not able to take full control over these pesky little buggers.
In short, I'm either wayyyy to high off that last dab, or my phone is being tampered with. What can I do? Here's what I'm working with.
Samsung A21 (SM-S215DL) using Straight Talk. Attached is a screenshot of the SW mumbo jumbo. I really hope someone can help. TIA!

namdrop22 said:
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far.
Click to expand...
Click to collapse
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.

jwoegerbauer said:
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.
Click to expand...
Click to collapse
No no. You're missing the question here.

namdrop22 said:
No no. You're missing the question here.
Click to expand...
Click to collapse
May be.
A Factory Reset doesn't install anything, it wipes all user apps and data. A Factory Reset never touches Android OS itself.

Look at the running apps and services, anything utilizating root or kernel or system privileges will not be in that list unless it's using a app to bootstrap but if you have a weird duplicate system app or an app with a strange name could help you narrow it down. if you have usb debugging enabled you may be able to run a logcat as well to see what messages the system is generating.
Does samsung offer any tools to read the boot log? You might find something In that too. Lastly, well you should do this first, check if there are any exploits or vulnerabilities with your phones software and hardware. Google search " chipset-or-software-name-here + escalate vulnerable cve exploit "
Check past software versions too, you could get hit while the vuln is unknown or lesser known then it patches the manufacturers patches.
Can u elaborate on these file systems or folders you say you have that are invisible?

Unless you loaded malware, a trojan etc on to the phone either in data from the PC, email download, an app you installed or a download from the internet.
Even so it would die with a factory reset... so do another factory reset so if you think so.
Then be careful what you allow into it.
Don't let anyone use your phone or access any of your devices ie flashcards, PC etc.

Run
SafetyNet Test - Apps on Google Play
SafetyNet device compatibility test
play.google.com
to check whether phone's Android got tampered or not

Related

[Q] Factory Data Reset after Root

Hello everyone. Please let me pre-apologize if I'm posting this in the wrong forum. I have spent much, much time reading similar posts on this question, and I am a newbie, but very quickly learning.
I'm only asking this just to be absolutely safe before I do it. -I am very New to android phones and have managed to Root my phone 1st try and have no issues, everything is fine, and I love the phone and this site.
=-QUESTION-=
I want to do a Factory Data Reset (settings/privacy/Factory Data Reset), and the phone is rooted (used KMS One click Root)
1.Is it safe to do this.
2.Should I do anything before I attempt it.
3.Should I expect the phone to be back to it's "factory" state afterwards.
xtra info:
I base my questions off of what I have already read/learned, I have a bunch of programs I installed for testing purposes (1st time android user & all free versions), now that I know what I want installed, I want the phone to start Fresh (I just like the way it runs after a factory reset) and after that, I am going to buy$ all the programs, which are mostly utility programs from the android market.
I already bought App2SD Pro, and want to buy many, many more. I have installed on my pc Eclipse and the full Android-sdk-Tools. Although I am not a Programmer, my intentions is to become one, if I can learn it all .....lol
There are no Mods or anything like that installed and nothing was removed by me. (system apps, etc.)
Bottom Line: - As a "Newbie", as You call it, I don't yet know enough to remedy any serious problem if one was to happen after doing this, the "factory reset after rooted already", So I want to be sure before I attempt anything. So I came here to ask the opinion of the experts, you.
...and on a last and somewhat unrelated issue, after rooting the phone using the KMS thing, I don't even know what it installed or what it did'nt at the time of rooting, and I state this out of confusion due to part of the Readme file stating afterwards on your phone goto the android market and download busybox - but it seems it was installed by the rooter (as far as I could tell) and Superuser.apk as well, since it was there after rooting. -But I know nothing of what these apps do, still trying to understand them.
...So this is where I'm at educationally with my phone, and ALL Respect to all of you.
Thanks for Reading.
My PHONE:
Samsung Galaxy Prevail
Model# SPH-M820-BST
Android Version 2.2.2
Build# FROYO.EE14
Kernel version: 2.6.32.9
Hardware version: M820.07
current added software:
ATK, App2SDPro, Astro, CacheMate for Root, DroidWall, ES File Explorer, LCDDensity, OperaMini, PdaNet, QuickBoot, RomManager, RootCheck, SD-Booster, SpareParts+, SuperManager, SuperUser, Titanium Backup.
(These are the utility programs I mentioned above), I currently only purchased the full version of App2SDPro, and want to purchase/reinstall all the rest at their paid full versions, but only after the factory reset is completed.
Also, after the phone was rooted, I tried to uninstall Superuser (I was trying to update it at the time) and from what I remember, it would not un-install, and still won't. (possibly some need to know xtra info for you)
I use XP-Pro/sp3, tweaked by me, and I am pretty familiar with it, but Linux is new to me, and I am just getting started on learning/using that in Oracle VM VirtualBox for educational reasons for now.
-THANKYOU, Again.-
I'm guessing this question is not interesting enough for an answer.
A factory reset should reset your phone to how it was when you got it. You will lose your apps, but any purchased apps will be remembered so you don't have to worry about that. Superuser is essential on a rooted device to grant apps SU permissions, so don't try to remove it.
k_nivesout thankyou. I have been sitting idle waiting to find out what to do, now at least I understand what Superuser is for and how important it is. -I understand what a Factory-Reset will do, as I have done it a few times already messin' around with it since I bought the phone 2 months ago., ..but.,...
You Stated:
You will lose your apps, but any purchased apps will be remembered so you don't have to worry about that.
Click to expand...
Click to collapse
You mean I will lose the apps I installed myself, not the system pre-installed stuff (i think you guys call it bloatware) CORRECT?
AND
How will the system remember that I bought an App such as the one I did buy, App 2 SD Pro, I ask because I want to know if it's stored on the phone somewhere (meaning it's not a total reset/wipeout --my thinking is still in windows mode) or on the 16GB memory card I have in there, because I was planning on wiping that to start fresh as well, or does the market read/remember my phone id/login email, etc. when I connect and try to redownload/re-install it. ?
-In fact I would like to know that anyway for future reference before I start laying money down on lots of apps I want.
Hope you understand what I'm asking here.
ThanKyou.
Yes, you'll lose the market apps with the factory reset, but your paid apps are tied to your Google account. So whenever you set up the phone again with that account, it will associate those apps, even on a new phone.
I can't remember if its just on gingerbread roms, but the last few times I've done a factory reset, Google has remembered my free apps too, and started redownloading them automatically from the market.
I'm no expert. but here's what I have experience.
If you'll do a factory reset. All will be gone, your settings, apps etc but you the phone will retain its root.
Cool.
I got what I needed to know. Just wanted to go with the experience of others before I do anything involving systemwide things, don't want to wind up with a dead phone that will take weeks of trial and error to fix, especially as I'm new to the whole android thing/programming/linux, and also 'cause boost's customer service is chock full of lazy "I hate my job and don't want to be here" type tech support.
This is all I can afford at the moment and it is fine, and I'm glad I'm able to make it better and mess around and learn from using it. And this site too of course.
Thanks guys

Please help! Phone being remotely accessed and controlled by unauthorized 3rd party..

Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer

Security Issues. a must see and read

Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.

i dont understand what this means

had this same problem now for a while but cant sort it . so i got in toutch with samsung. the problem is i have no play store on my phone . had to send samsung reports on my phone . and this is the responce i got as pictured below
tazzuk2020 said:
had this same problem now for a while but cant sort it . so i got in toutch with samsung. the problem is i have no play store on my phone . had to send samsung reports on my phone . and this is the responce i got as pictured below
Click to expand...
Click to collapse
Try using fdroid and aroura store
Nameless Foe said:
Try using fdroid and aroura store
Click to expand...
Click to collapse
yeah thats fine but i still want to know what the issue is
tazzuk2020 said:
yeah thats fine but i still want to know what the issue is
Click to expand...
Click to collapse
Tbh, im not sure about whats going on there... I have personally never seen that before. Hopefully someone will stumble across and have the answer. Good Luck!
Nameless Foe said:
Tbh, im not sure about whats going on there... I have personally never seen that before. Hopefully someone will stumble across and have the answer. Good Luck!
Click to expand...
Click to collapse
Ok thanks anyway
Someone here knows about this but not me. Couldn't find much about it;
App installation | Knox SDK
Samsung tech support sucks.
Sounds like a Knox issue. Somethings not configured correctly or got corrupted.
Did Playstore ever work?
Is the phone a carrier one? Carrier tech support can be much better than Samsung's if you get a knowledgeable tech.
Try deleting your Goggle account(s), full nuke them, then recreate your primary account.
Clear Playstore and Goggle Play Services app data.
Do not have any disabled or Firewall blocked, Android, Google apks for now.
Reboot and clear system cache on the boot menu (NOT a hard reset!).
Try again, reboot if it fails.
Make sure the Goggle account is working correctly; trying using gmail.
Reboots are generally needed after you correct the issue for Playstore, it's a pain.
You can try a hard reboot (NOT reset!) but doubt this will help.
A hard reset (factory reset) may get it but it could reoccur so try to find the root cause.
If it's a none stock configuration or rooted phone you'll need advance help from XDA members who play with these issues for fun, giggles and to learn new curse words. Lol, I haven't as yet... I already curse like a Nam Vet
If you don't find a solution bump this thread each day as needed. Be patient as their is a wealth of knowledge here within the site's members.
blackhawk said:
Someone here knows about this but not me. Couldn't find much about it;
App installation | Knox SDK
Samsung tech support sucks.
Sounds like a Knox issue. Somethings not configured correctly or got corrupted.
Did Playstore ever work?
Is the phone a carrier one? Carrier tech support can be much better than Samsung's if you get a knowledgeable tech.
Try deleting your Goggle account(s), full nuke them, then recreate your primary account.
Clear Playstore and Goggle Play Services app data.
Do not have any disabled or Firewall blocked, Android, Google apks for now.
Reboot and clear system cache on the boot menu (NOT a hard reset!).
Try again, reboot if it fails.
Make sure the Goggle account is working correctly; trying using gmail.
Reboots are generally needed after you correct the issue for Playstore, it's a pain.
You can try a hard reboot (NOT reset!) but doubt this will help.
A hard reset (factory reset) may get it but it could reoccur so try to find the root cause.
If it's a none stock configuration or rooted phone you'll need advance help from XDA members who play with these issues for fun, giggles and to learn new curse words. Lol, I haven't as yet... I already curse like a Nam Vet
If you don't find a solution bump this thread each day as needed. Be patient as their is a wealth of knowledge here within the site's members.
Click to expand...
Click to collapse
The phone is not rooted. I’m not getting options to factory reset . I’m not really clued up very much thf
tazzuk2020 said:
The phone is not rooted. I’m not getting options to factory reset . I’m not really clued up very much thf
Click to expand...
Click to collapse
Try what I suggested. Recreating your Google account will most likely fix it. Learn by doing.
Play with it. The stock Android OS are pretty much impossible to damage short of bad 3rd party apps. The more you play with it, the more you learn. Make sure all your critical data is completely backed up*; be prepared for a reload at any time to prevent data loss.
If you need to download apps from Playstore now and have a device that can connect to Playstore do this. Install the apps you want on that device then use ApkExport to copy those apps then transfer and install on the troubled device
APK Export (Backup & Share) - Apps on Google Play
Manage and extract your apps.
play.google.com
Google how to bring up the boot menu on your model. The clear system cache option is found there; it can cure many erratic behavior issues.
The hard reboot is a different key sequence, Google for that model.
Do not do a factory reset until you exhaust all other solutions if the load is still fresh and no viruses are present otherwise it's a waste of time.
If you feel you have no other solutions you can use it, but if it doesn't fix it or it reoccurs you'll be right back where you started.
Contact your carrier tech support, ask to talk to advanced tech support, escalate your case if need be. They will likely be more helpful than Samsung. Remember a tech that tells you nothing but to do a factory reset isn't giving you tech support. It's the easiest solution for them, not you!!!
Note: if it's an old OS load by all means punch in a fresh copy though; after a year or so, or any major firmware update a factory reload is good practice.
*back up to SD card if you have one and/or your PC. Back that PC copy up on at least one stand alone hdd. Develop a complete back up plan before you need it.
blackhawk said:
Try what I suggested. Recreating your Google account will most likely fix it. Learn by doing.
Play with it. The stock Android OS are pretty much impossible to damage short of bad 3rd party apps. The more you play with it, the more you learn. Make sure all your critical data is completely backed up*; be prepared for a reload at any time to prevent data loss.
If you need to download apps from Playstore now and have a device that can connect to Playstore do this. Install the apps you want on that device then use ApkExport to copy those apps then transfer and install on the troubled device
APK Export (Backup & Share) - Apps on Google Play
Manage and extract your apps.
play.google.com
Google how to bring up the boot menu on your model. The clear system cache option is found there; it can cure many erratic behavior issues.
The hard reboot is a different key sequence, Google for that model.
Do not do a factory reset until you exhaust all other solutions if the load is still fresh and no viruses are present otherwise it's a waste of time.
If you feel you have no other solutions you can use it, but if it doesn't fix it or it reoccurs you'll be right back where you started.
Contact your carrier tech support, ask to talk to advanced tech support, escalate your case if need be. They will likely be more helpful than Samsung. Remember a tech that tells you nothing but to do a factory reset isn't giving you tech support. It's the easiest solution for them, not you!!!
Note: if it's an old OS load by all means punch in a fresh copy though; after a year or so, or any major firmware update a factory reload is good practice.
*back up to SD card if you have one and/or your PC. Back that PC copy up on at least one stand alone hdd. Develop a complete back up plan before you need it.
Click to expand...
Click to collapse
i cleared system cache. done a hard reboot. still the same . cant even find the option to do a factory reset. im not worried about backing phone up. the phone is a samsung a51. i have got another firmware downloading as we talk im not convinced its going to sort the problem
tazzuk2020 said:
i cleared system cache. done a hard reboot. still the same . cant even find the option to do a factory reset. im not worried about backing phone up. the phone is a samsung a51. i have got another firmware downloading as we talk im not convinced its going to sort the problem
Click to expand...
Click to collapse
Google it for that model. It's should be on the boot menu though. Also in settings as well.
I don't know what to say. This isn't that hard... small steps first.
I was completely PC illiterate 16 years ago. Was building up custom machines within the first year and probably crashed 50 or more XP loads, lol.
I was completely Android illiterate 6 years ago.
I'm 63 yo...
I have done little coding but you need to acquire a certain level of wherewithal to use PCs/Androids well, to keep them and your data secure.
You learn by doing and the Android OS is far easier to learn than XP or XPx64.
If you don't immerse yourself in it you will not learn.
It's fun to play with.
Explore it, play with it... you can't cause any permanent harm to a stock Android. You will occasionally need to undo a setting(s) change you made that may soak up a lot of time tracking it down but that's how you learn.
Go through all the settings and learn what they do.
Turn on Developer Options, play with it.
Google for the answers as your questions arise.
I'm constantly learning by doing that not just for Androids but a broad range of topics.
Lol, the internet is a whole pseudo library at your fingertips. Pretty cool.
blackhawk said:
Google it for that model. It's should be on the boot menu though. Also in settings as well.
I don't know what to say. This isn't that hard... small steps first.
I was completely PC illiterate 16 years ago. Was building up custom machines within the first year and probably crashed 50 or more XP loads, lol.
I was completely Android illiterate 6 years ago.
I'm 63 yo...
I have done little coding but you need to acquire a certain level of wherewithal to use PCs/Androids well, to keep them and your data secure.
You learn by doing and the Android OS is far easier to learn than XP or XPx64.
If you don't immerse yourself in it you will not learn.
It's fun to play with.
Explore it, play with it... you can't cause any permanent harm to a stock Android. You will occasionally need to undo a setting(s) change you made that may soak up a lot of time tracking it down but that's how you learn.
Go through all the settings and learn what they do.
Turn on Developer Options, play with it.
Google for the answers as your questions arise.
I'm constantly learning by doing that not just for Androids but a broad range of topics.
Lol, the internet is a whole pseudo library at your fingertips. Pretty cool.
Click to expand...
Click to collapse
No factory reset on boot menu. And nowhere to be seen on phone. I even typed it in to search bar on phone . Maybe this is all linked. Only option I have is to reinstall the firmware I have got downloading but that won’t be finished for a few hours
You should be able to factory reset from recovery. Google how to boot to recovery for your device
xunholyx said:
You should be able to factory reset from recovery. Google how to boot to recovery for your device
Click to expand...
Click to collapse
Nothing from boot menu.
tazzuk2020 said:
Nothing from boot menu.View attachment 5212005
Click to expand...
Click to collapse
Part of the reason I left Samsung years ago. They do stuff different than any other OEM. You can't even use fastboot commands ffs
xunholyx said:
Part of the reason I left Samsung years ago. They do stuff different than any other OEM. You can't even use fastboot commands ffs
Click to expand...
Click to collapse
i got a feeling its to do with knox. is there anything i can do about this . i brought the phone 2nd hand. the phone works perfect apart from play store

How to know if Android phone was flashed?

After paying to have my phone flashed (Honor 20e), how do I know if the person really did the agreed job or simply did a hard reset?
Flashed with what? Why?
With stock ROM, to eliminate spyware.
by risking more spyware ignoring that stock always has spyware?
my guy, flash it your self with an aftermarket OS like GrapheneOS, /e/OS or OmniROM.
you don't avoid espionage by walzing into the spymaster's den!
Ok… factory resetting would also remove bad software…
traman124 said:
Ok… factory resetting would also remove bad software…
Click to expand...
Click to collapse
LMAO no, Android (from google or honor or any other phone maker) comes with "bad software", a factory reset won't do anything!
again, get /e/OS or grapheneOS or OmniROM for your phone and flash it your self! get rid of anything that comes from Honor/Google like GMSCore that can be replaced by MicroGapps
though I very much congratulate you on wanting to escape the goolag! now get to hacking!
I think he was referring to bad software that he installed and wanted to clean wipe his phone.... I don't think he was trying to degoogle...
If you were, Lineage OS or /e/OS with microG and Aurora let's you get apps without Google services
@burbank_ what do you mean by bad software?
Yep, I meant spyware that the perpetrator installed on my phone, allowing them to monitor my activity, listen to my calls, and possibly even control my phone.
So yes, I want to clean wipe, and I don't think I can be sure to have removed the spyware with just a hard reset..?
There's no way I know of to check, but a factory reset would remove all the apps from the user partitions (including the spyware).
I looked for stock firmware for the 20e everywhere and found nothing (except a sketchy download link that downloaded some random firmware for the Honor 8X) so your person probably cheated you (unless he works for huawei/honor and has access to some files that the Internet does not).
A factory and cache reset from Android Recovery (press Power + Volume Up and select factory reset, cache reset, reboot in order) would remove spyware for the most part.....
Ok, thank you (and qwerty too)!
I'll probably install a custom ROM myself then, just to be sure. Can you recommend what to install, I'm interested in something with all the Android functionality I've gotten used to...?
It's a huawei... You can't unlock the bootloader
traman124 said:
It's a huawei... You can't unlock the bootloader
Click to expand...
Click to collapse
maybe only through the phone, I did a quick search and allegedly huawei maybe would allow you to unlock it, but as I suspected there is always a BROM exploit to be had: https://www.xda-developers.com/huawei-honor-bootloader-unlock-potatonv/
though the link is a bit dated, I do believe potatonv should support the Kirin 710F SoC
also, if you want to remove spyware, you remove anything that contains data collection I.E. google services and whatever the CCP mandates their OEMs install
Thnx, I'll look into it. What about other custom ROMs you've mentioned, though, would there be difficulties in flashing it with one of them?
Also, I've another question. I contacted another mobile repair service and they've told me they have special access to stock ROMs through "programmers they hire", so they can install a stock ROM for my Honor 20e. Is this possible/ unlikely/ trying to cheat me?
well I don't know about the other ROMs, ever since AOSP introduced Projet Trebble the promise was of Generic System Images, but they don't exactly exist because just like with UEFI, the OEMs implementation is broken so you still have to look for an aftermarket OS that is speciffically tailored for your device
that repair shop are likely trying to scam the heck out of you or actully know what they are doing and have a fresh image they pulled from a brand new phone and that "programmers they hire" thing that sets off alarms in my head is likely just them explaining it as simple as possible
burbank_ said:
After paying to have my phone flashed (Honor 20e), how do I know if the person really did the agreed job or simply did a hard reset?
Click to expand...
Click to collapse
Yes, it seems there is a way to find out about the last flashing date - provided it was followed by a Google account initialization:
Go to the Google Dashboard, login with your Google account.
Scroll to the section labeled "Android" and expand it (by clicking its title / the LGM [little green man])
Check for the device in question
Associated, you will find a date of registry. That doesn't reflect the first time a device was added, but the last time the Google account was activated on the device. So if you activate your Google account following a Factory-reset, this field is updated and thus reflects this point-in-time.
Additionally, if phone's Android is rooted, you always can check a directory's creation time below /data/data.
burbank_ said:
After paying to have my phone flashed (Honor 20e), how do I know if the person really did the agreed job or simply did a hard reset?
Click to expand...
Click to collapse
why pay for something you can do?
tutibreaker said:
why pay for something you can do?
Click to expand...
Click to collapse
because you dont want to

Categories

Resources