Related
model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.
Scoped storage introduced in Android 11 is good, but RESTRICTED Storage would be an even better option.
On Android, at the moment, apps that have access to internal storage for their own files, also have access to every other file in the system. This is not only a privacy risk, but also a security concern. With the introduction of Scoped Storage, some of that is being addressed. Yet, there is still scope for misuse if apps have malicious intent.
I would like to have a system where every app that needs access to a file must go through the built in file manager to prevent misuse. What that means is no app has permanent access to files that are not created by them, and can only access files each time with explicit user consent and interaction. This would completely address the privacy concerns with regards to files.
This is how the Files app in iOS is designed and is an extremely well thought out one. Let me illustrate with an example:
We all know how Facebook is notorious when it comes to privacy. Let's assume you have a Facebook account and the Facebook app is installed on your phone. If you want to share a picture on Facebook, you have to grant the app access to your internal storage. On Android, this effectively grants Facebook access to every file on your storage. Given the reputation, it won't be surprising if Facebook app scans all your pictures/ videos for its AI/ ML, or even uploads them without your knowledge.
On iOS, the permission screen looks like this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You have the choice of either granting permanent access (Option 1), or limit the access to just the file(s) you want (Option 2). This permission can be set per app.
On Android, it is essentially Option 1 alone. You have to grant access to the entire file system for you to be able to upload your pics to Facebook.
On iOS, you have the choice of uploading just the pic you want, without giving the app access to any other file in your internal storage. This is a huge privacy boon.
In this case, Facebook app has to make a request to the built in file manager (which obviously has access to every file in the system), and you browse your media library using the built-in file manager (with which the built-in Photos app is integrated) to grant access. Facebook app sees absolutely nothing. It only makes a query, and everything else is handled by the built-in file manager. So even without granting blanket access, you are able to upload the file you want!
Same holds true for every app. An app should only have permanent access to its own files, and not any other file. For access to any other file, the app has to go through the built-in file manager route and access only the file that the user wants it to see.
Alternatively, ALL folders will be 'Restricted' by default. However, users will have the option to selectively relax the restrictions (per folder) for one or more apps (under folder properties) to give just those apps full access.
Hope Google (and custom ROM makers) can design something like this keeping in mind the privacy needs of its users, and the abusive intents of large corporations and malicious actors.
Here is an app that achieves the objective defined above:
Storage Isolation
Load trusted, vetted apps only; you are what you load. Don't allow apps to update; they may pass Playstore security only to update latter installing their payload. Firewall block all apps that don't need an internet to do their job. Most don't need access once activated.
Never load social media or shopping apps on the device, they are malware and an ongoing high security risk. If the social media site can't be fully logged onto and accessed by browser, ditch it.
Nothing can protect you from yourself, actions have consequences.
blackhawk said:
Load trusted, vetted apps only; you are what you load. Don't allow apps to update; they may pass Playstore security only to update latter installing their payload. Firewall block all apps that don't need an internet to do their job. Most don't need access once activated.
Never load social media or shopping apps on the device, they are malware and an ongoing high security risk. If the social media site can't be fully logged onto and accessed by browser, ditch it.
Nothing can protect you from yourself, actions have consequences.
Click to expand...
Click to collapse
The implementation suggested above would address privacy concerns related to user files and I'm not sure why Google hasn't yet done so.
Buying a smartphone and limiting it's usability severely as you say isn't practical.
TheMystic said:
The implementation suggested above would address privacy concerns related to user files and I'm not sure why Google hasn't yet done so.
Buying a smartphone and limiting it's usability severely as you say isn't practical.
Click to expand...
Click to collapse
Why has Google or Samsung not integrated a native firewall to Android? I use Karma Firewall, it uses almost no battery. Unfortunately it's valuable logging feature doesn't work on Android 10 and higher. Works fine with Pie though. I have apps like the 6yo free version of WPS office that wouldn't load on 11, pleasantly surprised it loaded on 10. It has no drop in replacement today that's not cloud or free. I simply firewall block it so it doesn't want to update to the current paid version. Doesn't effect usability.
What Google did with scoped storage kills a lot of useful and trusted apps while giving a false sense of security. Hackers never sleep and will always find workarounds to get your data.
Google is one of the worst data miners and purveyors of disinformation, trust them?
blackhawk said:
Why has Google or Samsung not integrated a native firewall to Android? I use Karma Firewall, it uses almost no battery. Unfortunately it's valuable logging feature doesn't work on Android 10 and higher. Works fine with Pie though. I have apps like the 6yo free version of WPS office that wouldn't load on 11, pleasantly surprised it loaded on 10. It has no drop in replacement today that's not cloud or free. I simply firewall block it so it doesn't want to update to the current paid version. Doesn't effect usability.
What Google did with scoped storage kills a lot of useful and trusted apps while giving a false sense of security. Hackers never sleep and will always find workarounds to get your data.
Google is one of the worst data miners and purveyors of disinformation, trust them?
Click to expand...
Click to collapse
This is why I prefer Oxygen OS, Colour OS and MiUI, all of which offer a native firewall within their OS. Since OOS 12, Oxygen OS is now showing a popup everytime a blocked app is launched. This is extremely annoying.
Karma Firewall appears to be an abandoned project with no update. It isn't working properly on Android 12 and newer. Netguard is currently the best.
Giving the user ability to setup which folders/ files each app can access would greatly enhance privacy. Scoped Storage is a half baked implementation, even though something is better than nothing. The implementation suggested above will address many of the current shortcomings.
Nothing is foolproof or failsafe. But bringing in improvements is always welcome.
Google may be the biggest data miner, but unfortunately their apps and services do not have competing alternatives. Users have to make lots of compromises when choosing alternatives.
The other reason I prefer Google/ Microsoft apps is because they help me be platform independent, since their apps are also available on iOS, Windows and Mac.
Mind sharing that cloud free version of WPS?
TheMystic said:
This is why I prefer Oxygen OS, Colour OS and MiUI, all of which offer a native firewall within their OS. Since OOS 12, Oxygen OS is now showing a popup everytime a blocked app is launched. This is extremely annoying.
Karma Firewall appears to be an abandoned project with no update. It isn't working properly on Android 12 and newer. Netguard is currently the best.
Giving the user ability to setup which folders/ files each app can access would greatly enhance privacy. Scoped Storage is a half baked implementation, even though something is better than nothing. The implementation suggested above will address many of the current shortcomings.
Nothing is foolproof or failsafe. But bringing in improvements is always welcome.
Google may be the biggest data miner, but unfortunately their apps and services do not have competing alternatives. Users have to make lots of compromises when choosing alternatives.
The other reason I prefer Google/ Microsoft apps is because they help me be platform independent, since their apps are also available on iOS, Windows and Mac.
Mind sharing that cloud free version of WPS?
Click to expand...
Click to collapse
Developers come and go. Karma Firewall is great app. After what Google did with scoped stoirage I don't blame them for bailing.
I have nothing against added security per se but it should be an option if it causes loss of functionality or uses resources. Knox is another one I hate. Gmail is the only Google app I regularly use. All my apps are backed up as installable copies on the data drive so no Playstore needed to reload. Completely self contained and self sufficient.
Make sure you firewall block it. It may not load on 11 or higher. To save docs you may have to play with it a bit but it will create, modify and save Word (doc x too) documents. More versions are found on APKmirror. About 81.37mb installed.
blackhawk said:
Developers come and go. Karma Firewall is great app. After what Google did with scoped stoirage I don't blame them for bailing.
I have nothing against added security per se but it should be an option if it causes loss of functionality or uses resources. Knox is another one I hate. Gmail is the only Google app I regularly use. All my apps are backed up as installable copies on the data drive so no Playstore needed to reload. Completely self contained and self sufficient.
Make sure you firewall block it. It may not load on 11 or higher. To save docs you may have to play with it a bit but it will create, modify and save Word (doc x too) documents. More versions are found on APKmirror. About 81.37mb installed.
Click to expand...
Click to collapse
I was using Karma, until it stopped working reliably. So went back to Netguard which is really good, and with some very useful feature not available in Karma.
Where do you install new apps from? APK backups help in going back to an older version. But for newer versions, you need Google Play Store, unless you are happy with apkmirror or similar.
I have a MS 365 subscription, so this is just a backup of a clean version of WPS, whose newer version destroys all context menus by showing up everywhere. I wish Android provided a way to customise context menus as well as share menus.
Thanks for the apk though.
TheMystic said:
I was using Karma, until it stopped working reliably. So went back to Netguard which is really good, and with some very useful feature not available in Karma.
Where do you install new apps from? APK backups help in going back to an older version. But for newer versions, you need Google Play Store, unless you are happy with apkmirror or similar.
I have a MS 365 subscription, so this is just a backup of a clean version of WPS, whose newer version destroys all context menus by showing up everywhere. I wish Android provided a way to customise context menus as well as share menus.
Thanks for the apk though.
Click to expand...
Click to collapse
That's one reason this N10+ is still running on Pie. I've been wanting to try out netguard.
Rarely from Playstore. I try not to same apps as they can potentially damage the system or worse. Some of my copies date back 6 years, most 2-3, many over the years from Playstore. They run well. Playstore also uses battery, every bit counts.
I do a few side loads that are always scanned with online Virustotal. If they look even a little iffy I don't install them. I use F-Droid too. No issues with the side loaded apps, yet...
You're welcome. I get tired of renting apps and a capable office app is absolutely essential.
blackhawk said:
That's one reason this N10+ is still running on Pie. I've been wanting to try out netguard.
Rarely from Playstore. I try not to same apps as they can potentially damage the system or worse. Some of my copies date back 6 years, most 2-3, many over the years from Playstore. They run well. Playstore also uses battery, every bit counts.
I do a few side loads that are always scanned with online Virustotal. If they look even a little iffy I don't install them. I use F-Droid too. No issues with the side loaded apps, yet...
You're welcome. I get tired of renting apps and a capable office app is absolutely essential.
Click to expand...
Click to collapse
Netguard is very good, actually much better than Karma (it will reactivate itself if the OS kills it, automatically blocks new apps, etc). The one very good thing about Karma is that it has no internet permissions. But Netguard says it doesn't collect any data or track anything.
Personally, i prefer to have the latest versions of both OS and apps, so I'm surprised that you are not updating the OS just to use an app, especially when a better alternative is already available.
I too have sideloaded a few apps (after checking them on VirusTotal), but i stick with Google Play Store mostly. It is rare that an update breaks something or takes away a useful feature, so this works for me. Besides, i do keep a backup of the important APKs with me, should it be required.
TheMystic said:
Netguard is very good, actually much better than Karma (it will reactivate itself if the OS kills it, automatically blocks new apps, etc). The one very good thing about Karma is that it has no internet permissions. But Netguard says it doesn't collect any data or track anything.
Personally, i prefer to have the latest versions of both OS and apps, so I'm surprised that you are not updating the OS just to use an app, especially when a better alternative is already available.
I too have sideloaded a few apps (after checking them on VirusTotal), but i stick with Google Play Store mostly. It is rare that an update breaks something or takes away a useful feature, so this works for me. Besides, i do keep a backup of the important APKs with me, should it be required.
Click to expand...
Click to collapse
Rule #1 - if an OS is fast, stable and fulfilling its mission, let it be!
Upgrades/updates can and do break things. It's mostly all play time with this old load. No surprises, it just runs. I spent a lot of time optimizing it and changing the firmware or updating apps changes my manicured playing field into a sinkhole of trouble.
Android 11, 12, and 13 bring nothing I want to the table and are trying to steal the silverware. Google seeks to stay relevant like the lame big sister it is. Their improvements don't make my device run better or even any more secure but they do waste my time. Plus I don't like the way it looks. It's the smell.
TheMystic said:
Scoped storage introduced in Android 11 is good, but RESTRICTED Storage would be an even better option.
On Android, at the moment, apps that have access to internal storage for their own files, also have access to every other file in the system. This is not only a privacy risk, but also a security concern. With the introduction of Scoped Storage, some of that is being addressed. Yet, there is still scope for misuse if apps have malicious intent.
I would like to have a system where every app that needs access to a file must go through the built in file manager to prevent misuse. What that means is no app has permanent access to files that are not created by them, and can only access files each time with explicit user consent and interaction. This would completely address the privacy concerns with regards to files.
This is how the Files app in iOS is designed and is an extremely well thought out one. Let me illustrate with an example:
We all know how Facebook is notorious when it comes to privacy. Let's assume you have a Facebook account and the Facebook app is installed on your phone. If you want to share a picture on Facebook, you have to grant the app access to your internal storage. On Android, this effectively grants Facebook access to every file on your storage. Given the reputation, it won't be surprising if Facebook app scans all your pictures/ videos for its AI/ ML, or even uploads them without your knowledge.
On iOS, the permission screen looks like this:
View attachment 5183183
You have the choice of either granting permanent access (Option 1), or limit the access to just the file(s) you want (Option 2). This permission can be set per app.
On Android, it is essentially Option 1 alone. You have to grant access to the entire file system for you to be able to upload your pics to Facebook.
On iOS, you have the choice of uploading just the pic you want, without giving the app access to any other file in your internal storage. This is a huge privacy boon.
In this case, Facebook app has to make a request to the built in file manager (which obviously has access to every file in the system), and you browse your media library using the built-in file manager (with which the built-in Photos app is integrated) to grant access. Facebook app sees absolutely nothing. It only makes a query, and everything else is handled by the built-in file manager. So even without granting blanket access, you are able to upload the file you want!
Same holds true for every app. An app should only have permanent access to its own files, and not any other file. For access to any other file, the app has to go through the built-in file manager route and access only the file that the user wants it to see.
Alternatively, ALL folders will be 'Restricted' by default. However, users will have the option to selectively relax the restrictions (per folder) for one or more apps (under folder properties) to give just those apps full access.
Hope Google (and custom ROM makers) can design something like this keeping in mind the privacy needs of its users, and the abusive intents of large corporations and malicious actors.
Click to expand...
Click to collapse
So lol
blackhawk said:
Rule #1 - if an OS is fast, stable and fulfilling its mission, let it be!
Upgrades/updates can and do break things. It's mostly all play time with this old load. No surprises, it just runs. I spent a lot of time optimizing it and changing the firmware or updating apps changes my manicured playing field into a sinkhole of trouble.
Android 11, 12, and 13 bring nothing I want to the table and are trying to steal the silverware. Google seeks to stay relevant like the lame big sister it is. Their improvements don't make my device run better or even any more secure but they do waste my time. Plus I don't like the way it looks. It's the smell.
Click to expand...
Click to collapse
Updates also bring in security improvements, along with the excitement of new and improved features. I always install them when available, with very rare exceptions.
Ideally, they shouldn't require users to make any changes to their setup, and that has also largely been my personal experience.
TheMystic said:
Updates also bring in security improvements, along with the excitement of new and improved features. I always install them when available, with very rare exceptions.
Ideally, they shouldn't require users to make any changes to their setup, and that has also largely been my personal experience.
Click to expand...
Click to collapse
Unfortunately that is more marketing hype than fact. One reason I run this N10+ on Pie with no updates is to test that statement. This 3yo device and firmware is a cleaner running and a more capable device than the S22U. How can that be? Poor design from both Samsung and Google Android.
I use to always buy new cars, but I learned better and the folly of my ways 25 years ago as new car quality steadily declined. Now Android is reminding me of that bs. For over a $1G it better out perform my N10+ in every especially with SOT and storage. It should be lighter and slimmer. Yes, well...
blackhawk said:
Unfortunately that is more marketing hype than fact. One reason I run this N10+ on Pie with no updates is to test that statement. This 3yo device and firmware is a cleaner running and a more capable device than the S22U. How can that be? Poor design from both Samsung and Google Android.
I use to always buy new cars, but I learned better and the folly of my ways 25 years ago as new car quality steadily declined. Now Android is reminding me of that bs. For over a $1G it better out perform my N10+ in every especially with SOT and storage. It should be lighter and slimmer. Yes, well...
Click to expand...
Click to collapse
There are definitive improvements in hardware: CPU, GPU, RAM, Storage, etc. And most importantly the Cameras. The cameras on the S22U are really very good.
I don't have too many complaints with this device, except for the recent battery drain which I hope to solve.
I don't agree with your used car statement, unless you buy one from someone you know has taken care of it very well. Newer cars are definitely more safe than the old cars, both in terms of material used and in terms of safety features. Lighter alloys can be stronger and safer than heavier metals, so don't go by how strong a material feels.
But it is also true that companies are increasingly designing products that would fail within a certain time period, and this applies to gadgets, consumer durables, components used, etc.
It comes down to your experience over the useful life of the product that the company designs them for. And this is the area where newer products usually excel.
TheMystic said:
There are definitive improvements in hardware: CPU, GPU, RAM, Storage, etc. And most importantly the Cameras. The cameras on the S22U are really very good.
I don't have too many complaints with this device, except for the recent battery drain which I hope to solve.
I don't agree with your used car statement, unless you buy one from someone you know has taken care of it very well. Newer cars are definitely more safe than the old cars, both in terms of material used and in terms of safety features. Lighter alloys can be stronger and safer than heavier metals, so don't go by how strong a material feels.
But it is also true that companies are increasingly designing products that would fail within a certain time period, and this applies to gadgets, consumer durables, components used, etc.
It comes down to your experience over the useful life of the product that the company designs them for. And this is the area where newer products usually excel.
Click to expand...
Click to collapse
The SOC is faster, has better bandwidth and is more capable as is the ram, but is only marginally faster by milliseconds for most tasks.
The battery is huge but it gets significantly less SOT
The display can run brighter, but because of variable refresh rate it lacks the color/gamma accuracy/calibration of the N10+. It's pixels will suffer if used at higher brightness levels, they aren't immune to that.
No expandable storage means no 1tb dual (data) drive and no onboard redundancy. 5G isn't as useful as it was hyped up to be in practice and is less efficient for many tasks. It's still power hungry even today.
Its all about balance, functionality and form factor, something Samsung has forgotten how to do. They are completely hype driven now and their insanity is showing. The components look like great but the result doesn't equal the sum of the parts. It even doesn't exceed the N10+/Pie is some important specs.
The N10+ running on Pie is snappy fast, get great SOT/screen off times, has maybe the best display there is in terms of color accuracy etc, more storage that doesn't get wiped in a crash or factory reset. It's a powerful but well balanced device that's a reliable joy to use and weighs 30gms less. The N10+ is also cool running, I can use it for web browsing at 98F ambient for hours with no cooling without it overheating. Upper operating range is 102F ambient at which point I either cool it or stop using it.
Steel is still the best crash material for absorbing massive amounts of impact energy and maintaining it's integrity. I take a 89 Volvo 240 wagon in a crash of any type vs a newer car.
Even has no damage 5 mph impact no damage bumpers. Rock solid, reliable, easy to work on and gets at least 20 mpg no matter how you drive it. Best of all they're easy and fun to drive.
Or
A 89 F-250 Super Suspension 4×2 with a International naturally aspirated diesel with a C6. Fast off the line, minimum 20 mpg.
TheMystic said:
I would like to have a system where every app that needs access to a file must go through the built in file manager to prevent misuse. What that means is no app has permanent access to files that are not created by them, and can only access files each time with explicit user consent and interaction. This would completely address the privacy concerns with regards to files.
Click to expand...
Click to collapse
Glad to note that this is finally coming on Android 14.
I had made a post on this in Oct'20, and it is almost 2.5 years since then. Better late than never.
I get a daily "some processes are using cpu restart phone" prompt in my notification bar. I can't find what is causing the error. Dev options only shows ram usage. As the title says, what's up why did they remove this troubleshooting option for non root users? Any input on this error? Good to be back btw.
Meh, that's one reason I'm still running Pie on my 10+.
When it happens look to see what was cache last. I use Device Care for this but my version is the factory load one. The Developer options one may not be as useful as you can't clear them like you can in DC.
I've found the root cause for many nasties like this...
If you haven't done a factory reset after the 11 upgrade... it's time to.
Appreciate the advice. Will try what you recommend
demize! said:
Appreciate the advice. Will try what you recommend
Click to expand...
Click to collapse
This is one of the reasons I'll still running on Pie, I know 11 is a mess. Securing the phone from the user is bs... unless they're morons. No way to protect that sort of user anyway
Maybe you can use ABD to enable logging in Karma Firewall or other advanced features now blocked in other trusted apps.
You can use the trial and error approach, something which I use a lot in lieu of proper diagnostics. Be aware that dependencies can cause a ripple effect as well as false usage reporting. Especially with Google system apks
Disabling, firewall blocking, clearing their data, clearing system logs can be much more effective than rebooting the phone. I normally now keep Google Play Services package blocked except when needed; it's a known trouble maker to me.
All cloud apps, Google Transport/Framework*, all carrier/Samsung/Google feedback as well Google Firebase are package blocked or disable.
Use this Package Blocker:
Home - Package Disabler
The only NON-root solution that let’s you disable any unwanted packages that come pre-installed / installed with your phone / tablet.
www.packagedisabler.com
Block Android Systems UID 1000 with Karma Firewall as it's almost never needed. It's not neccessary to firewall block Google Play Services if it's packaged blocked otherwise try doing so. Both of the above apks needlessly ping the internet constantly sucking up resources.
Karma Firewall uses virtually no battery, it's a gem.
Karma Firewall - Apps on Google Play
Karma Firewall app lets you block internet traffic to and from specific apps.
play.google.com
*Framework's dependencies still run in the background or is falsely reported as Framework albiet at a greatly reduced usage level with Framework being blocked.
Awesome I'm dl'ing it now. It's just beyond me on an octacore cpu any process would cause this error unless it's erroneous. But than how can you tell when they remove such a basic ability like monitoring app cpu usage.
demize! said:
Awesome I'm dl'ing it now. It's just beyond me on an octacore cpu any process would cause this error unless it's erroneous. But than how can you tell when they remove such a basic ability like monitoring app cpu usage.
Click to expand...
Click to collapse
Google sucks elephant balls bad. It was hard with Pie but now it's even worse.
Google doesn't care because you aren't the customer, you're the product.
The lack of user monitoring makes Google's data mining easier than ever for them to do.
Makes MS look like saints... one look at the Google Firebase data on my Google account made me puke; all 6700 whatever of my songs -were- listed there. It just did it even though nothing on my device I use need it to function properly. Meanwhile it's sucking up cpu cycles to build and maintain it... or it was
Out of such frustrations comes WhatsRunning - my response to Android's denial of low-level access. See if it helps: https://mirfatif.github.io/WhatsRunning/help/cpu_usage_per_process_android
I am a brand new owner of a OP 8. First thing I did was flash it to OOS 11, then installed Magisk. The phone is now up and running and rooted.
I am coming from a galaxy S5 that I have owned and used for more than 7 years, and for most of that time it has been running Lineage OS. I am used to the control that Lineage gives me, and I would expect that I could exercise the same degree of control with a rooted OOS.
But, this appears to not be true.
On the S5, I had 3C System Tuner Pro which is now an obsolete app, so I have replaced it with the current variant; 3C All-In-One toolbox. This package should allow me to control which apps start at boot, but it seems I cannot turn any of the apps off; when I uncheck them, the app fails to actually remove them from the startup list.
Also, I expect the 3C tool to allow me to uninstall pretty much any app, but there are a lot of google apps that I just can't remove.
I also use greenify (the paid version) and mostly it seems to be working OK, except that I cannot seem to access system apps from it, which makes it very hard for me to shut down things that I don't want running.
I also use afwall (the paid version) and it seems to work as expected. Which is good.
My focus is security and privacy, and my mantra is: "on android, the app that is not running is the app that is not spying". Thus, I want everything that is not needed to satisfy my purposes to not be running, and I only want apps running when *I* say that they can run.
Now, my S5 was running Lineage 17.1 which is android 9. I did not update it past that. And now I am running android 11, and I note that there is a lot of new hardware-based validation in android 11. So possibly I can't remove some things without disabling this validation (which I would prefer not to do). But even if I can't remove, I can disable (which, fortunately, I AM able to do). But I should be able to remove things from the startup list so they don't get started automatically at boot time. Right now, the way it works is they all start, then greenify shuts them down (and that isn't always completely reliable). I need more to make this phone genuinely secure and private.
So.
Does anyone here know how I could gain the capability to remove apps (including system apps) from the startup list and have it stick? Does anyone know what I need to do to get greenify to recognize system apps so I can shut them down when they are not needed, or failing that, can anyone steer me to a different app than greenify that will do that?
Perhaps I would gain by adding the xposed framework? I have not used it in a very long time (since I move to lineage) and I recall it being a bit of a pain.
I suppose I could move to Lineage from OOS, but I would prefer to not do that because of the camera software. This device seems to have a fine camera and not a lot of bloatware, so I would much prefer to stay with OOS for as long as the device is supported by the manufacturer.
But I do insist on being able to completely control it, and disabling apps that I can't stop from running is a much bigger hammer than I would like to use; some of those apps I might actually want to use from time to time.
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
jiml8 said:
OK, after some work I have successfully taken full control of the OnePlus 8 and have been able to configure startups as I want them. I installed xposed through Magisk.
I also installed the latest greenify (3.7.8) and afwall, and have those set up too. Since I did purchase greenify, I am able to greenify system apps as well. So, generally, I have full control over the device.
But there remains a problem.
I have disabled wifi and data connections in settings for all apps that I don't want to have accessing a network. I have also blocked those apps in afwall. And yet, my pihole DNS server that services my LAN shows me some of my apps are trying to call home, even when their capability to talk on the internet is denied.
Specifically, greenify is denied network access and is firewalled off, yet there is an attempt to connect to oasisfeng.com.
Also, I use an old version of ES File Explorer (from before it was sold and turned into something very like malware) and it is allowed LAN access but denied any access beyond the LAN...and I see it trying to call its old home domain (estrongs.com).
Similarly, I use an old version of UB Reader (later versions again approach malware status), and it is completely denied network access. But, I see a connection to mobisystems.com.
This clearly indicates that there is a proxy in use somewhere in the system, that is allowing these guys past my blocks. I am using adaway to block these specific domains, but it would be far better to just block that proxy.
However, I don't know where the proxy is and what it is called. Can someone here tell me?
If not, it will be trial and error, which is painful because functionality will break when I turn something off to see if this is it.
Click to expand...
Click to collapse
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
optimumpro said:
If you are concerned about security, you should stay away from Xposed.
First of all, Xposed requires disabling Selinux, otherwise, it won't work. So during the installation, your Selinux status is turned to 'permissive'. That, coupled with the fact that almost every custom rom sets 'ro.secure to Zero', exposes your System partition to third party apps. So, basically, anything can exploit your phone.
Second, Greenify, with all due respect to its great developer, is not needed anymore, since Android 10, because now we have builtin sleep mode that does the same thing as Greenify.
Third, even if Xposed didn't require disabling Selinux, it is still an exploit that creates a back door to your system.
Click to expand...
Click to collapse
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
jiml8 said:
Device security is only one aspect of security, and I handle that mostly through device configuration and usage policy anyway.
Overall security involves many other factors, which include maintaining full privacy and control over all data that gets out of the device and goes...elsewhere. To maintain this level of privacy requires reconfiguring any android device to prevent the release of that information. If this requires setting Selinux to permissive, then that tradeoff is quite acceptable. I might prefer it not be the case, but so long as all android devices sold into the marketplace represent the interests of google, the manufacturer, and any third-party that pays the manufacturer ahead of my interests then I will make that tradeoff.
As for Greenify, I have not found the sleep mode that is available in Android 11 to be adequate because it does not allow me to control system apps. You can take it as a maxim that the only android app that does not spy is the android app that is not running - and this includes lots of system apps that I might not want to delete or disable but also don't want running unless I say so, and then only while I am satisfying MY purpose for them.
As for the problem I was asking about, I added the specific URIs to the adaware blocklist and that suppressed them. Prior to that, I was seeing the DNS requests on my LAN DNS. I suspect the network utility I am using to monitor the phone's traffic is reporting requests ahead of the iptables FILTER table, and the packets were being suppressed prior to leaving the device, but I am not certain of that. The only way I could tell would be to monitor the device traffic as it went through the upstream VPN gateway on my LAN, and I did not do that.
Adaware works adequately for this, and I am not seeing any other unexpected/unacceptable traffic from my phone. The one remaining thing I need to check for will involve monitoring from the VPN gateway, as I look for any DoH or DoTLS traffic. I hope I don't find any; that will be a ***** to block. I do block it on the IOT VLAN on my network, but it requires a separate device running a script I wrote. To block DoH/DoTLS on my phone, while allowing appropriate DNS will be...fun.
Edit: And, actually, I just took a quick look. The sestatus command returns that my selinux status is "enforcing". The xposed framework I installed, actually, is lsposed, which is a systemless install using magisk. It implements the xposed framework but in a systemless way; I was just lazy when I wrote about it in my previous post.
Click to expand...
Click to collapse
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
optimumpro said:
I have been building Android roms for multiple devices for 9 years. When I started, I also gave a significant positive weight to Xposed, etc... . But the more I learned Android code, the more I became convinced that all those 'privacy' layers are mostly useless and even harmful, because they create a false sense of security.
Vanilla Android roms, actually, contain very little advertising/spying, and it makes a perfect sense: why would Google open-source their spying/advertising machine?
The only thing that might be considered spying (in vanilla Android) is captive portal detection that checks the internet connection and a few other network tools/tests that periodically connect to the internet, but not necessarily with nefarious purposes. But even these could be disabled or changed to other servers.
Android becomes an advertising tool only when you install Google Apps/Google Services Framework, register a Google account, etc. Once you have that, and 100% of stock roms do, no amount of tweaking can prevent spying, because these Google 'structures' sit lower than any systemless layer. In other words, they can go around Magisk/Xposed tricks. Moreover, on devices with stock roms, one doesn't even need encryption and the use of apps like Signal/Telegram/Silence etc.. Google Services Framework can see your outgoing messages before they are encrypted, and incoming messages after decryption. In other words, they can see what your eyes see on the screen.
So, the only way to prevent Google interests from taking over your phone is never install Google 'things', which is the case with my rom and my phone.
Click to expand...
Click to collapse
I don't really program Android, though I am a kernel developer in both Linux and Freebsd. I also am one of the principal architects of a network infrastructure appliance that is getting a lot of attention in the industry.
So, while I do not know android in detail at a low level, I know linux thoroughly and I am fully equipped to completely monitor and control what access that android (or any other computer) has to any network. And that has been my dilemma; I can see what my device is doing and I am determined to stop it.
I agree with you about vanilla Android, absent all the google stuff. It is just linux with a different desktop on it, and the connections it makes to google are just for network management functions; the network device I have built also contacts google (and a few others) for network maintenance only and not any information transfer.
Unfortunately, the google apps infrastructure is required for some things that I use the phone for. Google maps is required by both Uber and Lyft; without Maps, I can't use those apps - and there are times when I am traveling where I really need to be able to use those apps.
Also, unfortunately, the company I am contracted to (where I am part-owner) for which I have built this network appliance makes heavy use of google tools. I have not been able to convince my partners to move away from google, and they can outvote me.
I have to allow Meet, and Chat to run on my device; I don't have a practical alternative. So I have spent a lot of time determining exactly which google components are the minimum required to allow those apps to run, and I have disabled or blocked or restricted permissions for all other google components - and both greenify and afwall play key roles in this activity.
With my old Galaxy S5, I just would install the smallest google package that supported Maps onto my Lineage OS on that device, but on this OnePlus 8, I have elected to stick with OOS for as long as it receives updates. So, tying google's hands is a lot more work.
My monitoring tells me I have it now as good as it will be. There are a few connections to google, as expected, but the frequency of those connections is not high and very little data is being transferred in either direction. I believe most of the traffic is administrative. The only thing I have not yet checked is whether there is any DoH or DoTLS traffic. My IOT VLAN watches for and blocks such traffic (my IOT VLAN exists to isolate and completely control my Android TV), and I have connected the phone to the IOT VLAN for a short while to see if any DoH/DoTLS was detected and none was - but I really need to connect it to that VLAN for an extended period.
I do root around in the phone's databases (which reveals what Google is doing, and Google can't stop that...) and the result is that I know Google is not doing much.
So, it isn't perfect. I would be much happier if the company would move away from google. But it is as good as its going to get, and I don't believe google is sneaking anything by me; I would have detected it. I do block a LOT of google URIs.
Also, as far as google open-sourcing their spying machine...that, quite explicitly, is the purpose of Android. It is open-sourced spyware for google.
They open-sourced it partly because they had to (the gnu licensing ties their hands) and partly to gain acceptance; its open source nature is why it is now the dominant architecture. It greatly reduces development costs for device manufacturers while providing a standardized framework upon which they can build.
Those of us who put in the effort to exploit that open-source nature to stop the spying are a small fraction of the total marketplace, and google can easily tolerate us.
Android has increased google's reach and ability to collect data about individuals to an enormous extent. From the standpoint of knowing everything about everybody (which is google's explicit goal) it is an enormous win for them.
I've never rooted an Android. One of the warnings I see over and over is that rooted devices are more vulnerable to malware. I don't see any solutions for this though.
What extra measures will I need to take to keep my Android safe?
I use Norton 360 on my PC and Androids. Will this be of any help?
Are there any apps I can install to help with this issue?
Are there any system settings I should use for this particular problem?
Thank you
With stock or rooted the biggest threat is the user themselves. Most either install or download the malware themselves. A fully updated stock Android isn't invulnerable; there's no saving dumb bunnies...
Side loaded apps are high risk; at the least scan with online Virustotal and consider the results before installing. Keep email in the cloud and be careful if you choose to download anything.
All downloads stay in the download folder until vetted. Jpeg's and png's are suspect; open them there first before moving them and watch for strange behavior in that folder. Check the download folder daily for anything you didn't download, if found do not open, delete.
Keep thrash social media apps off the phone, all of them. They are targets and vectors for malware of all types.
Use a good firewall and police what apps are doing. Revoke internet access to all apps that don't need it. Know what apps have run at start permissions; do they need it? Updates and upgrades can cause more lost time then malware trying to find work arounds. Lock auto updates down, and download them only if needed. Updates and firmware upgrades can and do break things...
Most importantly cover your six and be prepared.
Critical data can not be lost, protect it!
Redundantly backup all critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Be ready to do a full reload if needed.
If malware is found or suspected, isolate the phone and if it can't be completely deleted in an hour or two, nuke that load. Be ready to change passwords and secure accounts.
Never trust antivirus apps to detect malware or save you, mostly they just waste resources on an Android.
Thank you!
I'm already doing a lot of those things, especially social media apps.
One of the reasons I want to root my phone is that I can't uninstall, force stop, disable or take away permissions for some apps, like Facebook, Facebook App installer, FB app manager Google, ad nauseum. The same goes for the millions of preinstalled Samsung bloatware apps. They dont stay disabled and routinely restore permissions. Im sick of having to routinely check them all. I'll never buy another Saamsung again.
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
blackhawk said:
You're welcome. Welcome to XDA
I run 2 stock N10+'s, one on Pie, the other on 10.
I use package disabler to kill bloatware and services I don't want to run at bootup. You can also use a adb editing app to disable apks. Don't go too nuts; be wary of disabling any Samsung system apps. Most of these apps just sit unless needed. Dependencies... actions have consequences; understand what the app does and what other apps, services or UI functions are dependent on it!
Google play Services can be disabled when not needed; disable find my device as System Administrator first.
On Pie Karma Firewall is fully functional but not on Android 10 and up, although it will still block access. It uses virtually no battery.
Once you sort it out (learning curve ahead) stock Samsung's especially older ones like the N10+ are easy to run. They are the most customizable stock Android on the planet with an excellent UI. The current load on this one will be 2 yo this June; still fast, stable and fulfilling its mission. Security is simply not an issue.
Click to expand...
Click to collapse
The more annoying Samsung apps I was referring to are the Bixby apps, AR doodle, Smarter things... those kind of apps. If they didn't re-enable themselves restore permissions, I wouldn't mind them so much. But they DO.
I won't be using that phone much longer anyway. I'm going back to Motorola.
I always buy factory or globally unlocked phones. That helps some. But Motorola recently started forcing FB. I can uninstall it, however I have to review updates to make sure it doesn't end up on my phone again. But then I review all updates before installing them anyway..
I always look up the system apps before making any changes. Like Google Easter Egg. Everything I could find says it's unnecessary.
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
blackhawk said:
All those mentioned apps can be safely disabled.
Bixby Vision is used for barcode scanning though.
Try the free Galaxy store icon packs, themes and the Good Lock family of apps including One Handed Operation plus.
Chose theme>icon pack>whatever wallpaper you want. The native high contrast theme looks good.
Play with it...
Click to expand...
Click to collapse
I actually already ordered a new Moto. It will be here tomorrow. Well, it's after 1am, so I guess it'll be here later today.
I've disabled multiple Samsung apps, restricted data and battery, taken away permissions, not just in app settings, but in permissions setting, special access permissions... And all the other weird ways I keep finding out about that you wouldn't think would be a place to remove permissions. When my phone starts to slow down, or the battery isn't lasting very long, sure enough, Samsung has gone behind my back and reset my preferences again. I never had issues like this any of the Motorola phones I've had.