Built-in Trojans vanishing when installing LineageOS? - General Questions and Answers

Hello!
I'm new to this forum as you can see and also dont know much about IT, except that I installed Lineage since years on my phone.
Now my Aquaris X is gone and I need a new phone and I heard that the Xiaomi Redmi product line would be quite good regarding Lineage usage and pricing.
Now when following the news there are permanent new evidence that China phones are loaded with Trojans by default and even if this is not confirmed for a company already it just makes sense that any chinese developer might have all of these inside ...
So my question is:
By replacing a stock ROM with LineageOS will I also get rid of all possible trojans inside of a Chinese Phone or might they be still existing afterwards?
THXXX

Good question. But I think manufacturers can put anything they want into their hardware, so it probably depends.
Btw, why do you "follow" the news? Can't you form your own opinions? You know who owns the news? It's a centralized source and not as individual and separate as they want to appear with their different outlets.
Speaking of built in trojans and "hacking your human OS": you can change a line of code, just like in Xposed. But not with Android phones but humans. Of course it needs a great excuse to install xposed into every human, but that's what the media of the owners is there for. (that's a more persistant trojan.) Watch first 2 minutes of this if you don't understand

Well so it means it cannot be said for sure?
Yeah I know these arguments with media control. But why complain about someone who is afraid of a company from a country which is everything but a democracy? There is no multiple ways of interpreting the policy of China which is the exact opposite of anything where I would like to live. Any reasonable criticism is illegal and results in a ban for marriage or transportation or leaving the country. Any company is intruded by the government and therefore it just makes sense to me that they take any opportunity to use this power that they have over the economy to use it for their own advantage.
So I am living in a quite liberal country in Europe and I dont get arrested for anything I say against my government. Thats quite cool even if I dont use that privilege quite often.
Also I ****ing hate what they do against these Uigur people in Xingiang, sterilizing them against their will or keeping them in prisons just for their religion.
Same as taking the freedom of an athlete who speaks out justice against some high-ranked scum from the government.
Thats just a few examples, but because of this and many other stories I dont really trust these chinese companies. I have Xposed (edit: and Xprivacy Lua) on my Aquaris X but by making this thread I want to understand if it will also protect me against the Chinese Trojans just confirmed by the Lithuanian cyber security etc.

In contrast to so-called Western states China is a central state with 33 administrative units ( without Taiwan ), his political system is a one-party socialist-authoritarian one. You may not like it, but that's the way it is.
I don't think XDA is the right place to discuss whether this suits a user here or not.
BTW: We all know that even in Western states, ethnic minorities are unpopular, persecuted and sometimes exterminated.

*BTW: We all know that even in Western states, ethnic minorities are unpopular, persecuted and sometimes exterminated.*
True but nobody beats the situation in Xingiang (alone writing this word would put me on a blacklist living there) and their suppression of free speech.
*I don't think XDA is the right place to discuss whether this suits a user here or not.*
Ok yo understand, but I just want to know whether replacing a ROM would also eradicate any built-in trojans, thats just a 100 % technical question and I have nothing to do with coding and stuff so I hope to get an answer here, but so far it's not clear.
Does it mean as long as you are not the manufacturer you will never know and hence probably still have any trojans after replacing?

AFAIK Trojans never are part of any pre-installed Android based OS, but exclusively imported to Android OS by user of Android device. That's also TRUE for phones manufactured in China.
BTW: It's easy to find any Trojan on an Android device.

So you mean real Trojans only come on board by wrong user behaviour and cant be part of the system already?
That would be of course good and I have no idea about all of this stuff, it's just that it sounds like many Chinese Phones spy on their user with some default built-in *trojan* - maybe you may call it differently.
Here was a mention of many chinese phones with built in Trojans:
Android: Über 40 China-Smartphones mit Malware ab Werk
Bei über 40 chinesischen Smartphones haben Experten einen vorinstallierten Trojaner gefunden. Welche Geräte betroffen sind, erfahren Sie hier!
www.computerbild.de
Still it is not with Xiaomi ;P
But our German department for Cyber Security (BSI) told that there would be indeed some *additional functions* also in Xiaomi which also pose security / spy issues:
Chinesische Smartphones: Behörde warnt vor Sicherheitslücken
Die Nationale Cybersicherheitsbehörde in Litauen warnt davor, chinesische Smartphones zu kaufen. In zwei Modellen fanden sich eklatante Sicherheitslücken.
www.basicthinking.de
Xiaomi-Smartphones spionieren Nutzer aus: So können Sie sich schützen
Schwere Vorwürfe gegen Xiaomi: Der Hersteller soll das Verhalten von Nutzern aufzeichnen und an eigene Server zur Auswertung weiterleiten. Insbesondere die Internet-Nutzung der User soll genauestens dokumentiert werden.
www.chip.de
But in the first link on top they say:
"Die einzigen Mittel im Kampf gegen den Trojaner sind die Installation einer „sauberen“ Android-Firmware oder ..."
Which means they say installing a clean Firmware would at least resolve the issue in situation 1. So is Firmware = ROM? So installing LineageOS would then remove these spyware at least in the first link example?
Here I found another example:
How to find and remove malware from some chinese smartphones?
I am planning to buy a chinese smartphone. However, I've read that some come with extensive spyware straight from the factory. Will I be able to detect such malware (Android.Trojan.Uupay.D and the...
android.stackexchange.com
*If you want to be 100% sure that the device is clean, then you must remove the OS that came with it and flash a trusted(opensource) ROM like official CyanogenMod*
So IF the Trojans are only inside of the pre-installed Apps, then I should completely remove them by flashing LineageOS?

My understanding of a Trojan is it's a door-opener for malicious softwares packed in an Android app, it in generally does the following:
Download and install other malware, such as Viruses or Worms.
Use the infected device for click fraud.
Record keystrokes and websites visited.
Send information about the infected device to a malicious hacker including passwords, login details for websites, and browsing history.
Give a malicious hacker control over the infected device.
But I may err, as always ...
Reflashing a ROM OEM-pre-installed by a Custom ROM IMHO is an overkill: simply remove Trojans found.

Spassd said:
Hello!
I'm new to this forum as you can see and also dont know much about IT, except that I installed Lineage since years on my phone.
Now my Aquaris X is gone and I need a new phone and I heard that the Xiaomi Redmi product line would be quite good regarding Lineage usage and pricing.
Now when following the news there are permanent new evidence that China phones are loaded with Trojans by default and even if this is not confirmed for a company already it just makes sense that any chinese developer might have all of these inside ...
So my question is:
By replacing a stock ROM with LineageOS will I also get rid of all possible trojans inside of a Chinese Phone or might they be still existing afterwards?
THXXX
Click to expand...
Click to collapse
If you install a custom ROM, your stock operating system(along with any potential trojans that were included in your stock operating system) will be replaced by the custom operating system.

I now bought a Sony Xperia XZ2 Compact for really cheap ... less than 200 € so I guess its fine now.
But when unlocking the Bootloader I get problems.
The Device is listed in *Fastboot Devices* so everything is working correctly, but when I do the unlock command
fastboot oem unlock 0x [... my code]
I just get
FAILED (remote: 'unknown command')
fastboot: error: Command failed
Now I tried the *Sony Flashtool* like in this video:
He has a Button called BLU and just enters IMEI and Unlock Code to unlock the Bootloader. But I dont have this button WTF ?? Just the Flash Icon Button and then the Lock Icon Button.
So any ideas what to do?
THXXX

Related

Public Beta for Norton Smartphone Security Premier Edition

Anyone interested
http://www.symantec.com/home_homeoffice/beta/overview.jsp?pvid=nssp1beta
Thanks, I needed a laugh.
I am particularly curios as to how they identify SMS as SPAM (with no subject or formatting to rely on)...
I'd say a few words on the antivirus part too but I don't want to give them any ideas ;-)
Oh almost forgot - it would be a super neat trick to hack in to smartphone via the internet (given utter lack of server components in the OS)!
i never heard about anybody who irl had a virus on their pda
much less of anybody who had a firewall
and yet plenty of people are willing to have both firewalls and virusscanners on their pda's
hope they overclock to make their pdas allmost as fast as if they dident
I read some news article (didn't save the link) about a very "good" spyware app for blackberry.
Not only could it monitor all mail and SMS on the device as well as phone calls but it could also turn on the microphone on without a call to turn the device in to a "bug" (as in surveillance device not the stuff MS software is full of).
One thing I couldn't figure out is how did this super dangerous program (which needed to be installed by user despite being referred to as a "Trojan") transfered all that data back to the source without the user noticing and without interfering with device operation.
How much upstream bandwidth does BB have?
Can it do data and voice at the same time (can it do voice at all?).
Any way I am sure that one of these days we will see a real virus for WM platform (a proof of concept file infection has been developed - that does not work with signed files of course).
But until than - if you have nothing better to do with your phone might as well keep the battery draining with a good antivirus / firewall.

Installing KNOX

I purchased a Samsung GTi9505 S4 running Android 4.2.2 from Euope recently and can anyone explain to me on how to install this APP?
I have these on my phone (pls see attached pics).
http://www.engadget.com/2013/02/25/samsung-safe-with-knox/
There are NO instructions on installing it. I looked all over on the web and nothing.
Only downloaded the KNOX Whitepaper.
I presume, this only works for North American based phones. But can someone shed some light on this please?
Thanks
It'll probably require some form of MAM (Mobile Application Management) product to be able to manage the applications within this 'sandboxed' environment. Applications will probably need to be specifically written to utilise it so its probably early days yet mate.
Unless I've got it completely wrong of course!
Working for a large organisation that requires this level of security - I requested further information from samsungs website but havn't had a single response yet. I'm assuming its still in development.
zoomee said:
It'll probably require some form of MAM (Mobile Application Management) product to be able to manage the applications within this 'sandboxed' environment. Applications will probably need to be specifically written to utilise it so its probably early days yet mate.
Unless I've got it completely wrong of course!
Working for a large organisation that requires this level of security - I requested further information from samsungs website but havn't had a single response yet. I'm assuming its still in development.
Click to expand...
Click to collapse
I know that the DoD got it approved from DISA.
http://gcn.com/articles/2013/05/29/disa--ios-android-stig.aspx
But Im not working in that environment. Its more like I want to keep my personal data apart from the enterprise environment.So, I want to have my business data under KNOX and personal data on the normal Interface like shown on this video.
Thats all.
http://www.youtube.com/watch?v=t_jTit_RCdI
And on the box itself, it DOES have the "SAFE" on it. (Samsung For Enterprise)
That vid is a very brief overview mate. Looking at the feature list for knoxx it seems to me to be an enterprise level function. Integration with Active Directory, single sign-on and other MDM products sort of implies that, thats what it will work with and not just for normal end users.
For normal end users - it would just be 'another profile' feature which I don't see much benefit for, as android phones/devices tend to be personal devices. However for the enterprise where we regularly deploy BYOD solutions and corporate devices it seems much more fitting
Sorry bud - probably not what you wanted to hear but until we get further information from them theres not much we can do to utilise it (i'm sure i've seen a knoxx.apk on our devices already)......
If anyone else knows anything else it would be great to hear from them.....
PS - You might want to recommend either Excitors DME product or Good's BYOD one to your IT department
I also work at a large enterprise shop and we are looking at deploying Samsung devices with the Knox functionality. However, I read somewhere that the Knox software was not ready for the worldwide release of the Galaxy S4. It will be available later in the summer on the Galaxy S4 (later for other Samsung devices) on what I assume will be a firmware update. So there is no way to get it on your device right now. Hope this helps.
itsonlyme999 said:
I purchased a Samsung GTi9505 S4 running Android 4.2.2 from Euope recently and can anyone explain to me on how to install this APP?
I have these on my phone (pls see attached pics).
http://www.engadget.com/2013/02/25/samsung-safe-with-knox/
There are NO instructions on installing it. I looked all over on the web and nothing.
Only downloaded the KNOX Whitepaper.
I presume, this only works for North American based phones. But can someone shed some light on this please?
Thanks
Click to expand...
Click to collapse
zoomee said:
It'll probably require some form of MAM (Mobile Application Management) product to be able to manage the applications within this 'sandboxed' environment.
Click to expand...
Click to collapse
^^^^^
This.
And it offers no value to an individual user even if they managed to get it set up. For basic remote device management Find my Mobile (ex-Samsung Dive) offers what most users are looking for without all the complexity.
Ok, well thats that...
Anyway, even if I did have it installed and working on my phone, then I would be concerned of more memory use and more battery drainage with this KNOX feature enabled.
Think about it, its like running two versions of Android on ONE phone. So this might be draining even more battery.
Thanks guys.

[Q] Android drawText diacritics

I am helping 2 local school students to develop a graphing app.
They want to use drawText in different (European) languages.to include accented letters
1. Can this be done with standard Android software?
2. Where is there some useful information?
It must be a common requirement, but we have not been able to find any solution
Diacritic problem solved
David Butland said:
I am helping 2 local school students to develop a graphing app.
They want to use drawText in different (European) languages.to include accented letters
1. Can this be done with standard Android software?
2. Where is there some useful information?
It must be a common requirement, but we have not been able to find any solution
Click to expand...
Click to collapse
In case anyone else hits the problem - here's the cause and the solution:
Ensure that files containing text are created explicitly with UTF-8 encoding. We used save-as with word pad, and the accents appeared as intended.
We did not even realise that this was an option, or that our Android code would not make the conversion automatically.
Let us know if there is a better solution, since we have already inadvertently created new Ansi data files and our original problem recurred.
And just so that you know, what we have created is Entwickelt von Studenten für Studenten und ihre Lehrer, or, if you prefer, Conçu par les étudiants pour les étudiants et leurs professeurs
Be amazed at those accents

Time to stand together !!!

I am one of the unlucky who've bought a new phone, unaware that android 4.xx contained even major changes compaired to the earlier versions. My phone is a HTC DESIRE 816, bought only because of the 8 gb internal memory and the promise that the phone supported additional 128 GB of memory
This has resulted in many of my programs no longer work because Android now blocks the direct access to the SD card and to the system.
What I find reprehensible is that these phones are sold without the producers inform us about this limitation, and I actually find that we have taking a step backwards concerning user freedom.
Furtermore HTC expresses thet they are 'excited to see what you are capable of. HTC eagerly anticipates your innovations'and also containes a complet guide to how to root your phone.
This, I find is hypocritical as they at the same time refuses to give us S-Off or to edit the platform.xml giving us access to our self paid SD CARD, and at the same time in their AD's makes a big deal about the fact, that we can add 128 GB of additional memory, but doesn't mention that we have no say over it.
A few Of my paid programs that doesn't work anymore:
Navigon, because of the amount of data it require you to DL.
My expensive Firewall / Antitheft.
My GPS tracking App
Nandroid,
Callrecorder
several of my paid Backup programs
many Jrummy App
etc etc.
We have to stand together an demand that the prducers find a solution, and we have to face up to Google, their excuse that it has to do with security don't hold water in court, they must have had other choices, but they chose the easiest and the one which made most trouble for their users.
Maybe instead they could have chosen to have apps that needed the R/W to apply for a signed certificate to get access to this and as the experts Google is to gather information, it wouldn't have been hard to monitor those apps who was awarded with the certificat to control if thet was abusing this.
This is just one solution, but I'm no expert, but guaranteed, there must have been lots of ways to solve and to achieve their goal.
Regards Sc0rpio

My 1st HUAWEI

{create *.* m\aware.hex{}}
Getting [root] access on a mobile device is like going to a rave (without a pass-out)...
I hope that this thread will become more understandable as it progresses.
The aims herein is to seek, gain and give knowledgeable experience in the procedures of gaining [root] access to an
alien' phone a.k.a the HUAWEI Y3(30??)
So, it begins;
A fascinating device/phone. This Huawei has very limited memory. 6gb, I think..
Ofcourse, I intend to serve up a micro SD. But, Until root is established I hardly see the merit!
It is running a HUD called EMO (sic). Which is pretty darn cool, thanks in volume to the rainbow light!
Yeah, a rainbow light... It can be triggered to do morse code, and has a kindve 'laser-light' function when you play mp3s.
The stock display (mines simplified) looks like Windows UNO. You know, the unnoficcial bastard of Microsoft and Mattel?
BastAD isn't a swear right? I mean this is science, aftrerall..
This is such an alien device!
Or atleast it is very unique in comparison to all others that I have had.
Just acquiring the build model has been a trial of translation. LUA-***. I can't remember the last, it seems uninportant however because it's actually a Y3.
So, a few programs have been added to the traSHTOP (pc) for HUAWEI interface. Though I have not yet had success in Hsuite as of yet. I'm alerted to a MTK something something xx driver issue which will be homework. I'll be starting, here/
Why do today what you can do tomorrow?
Is there a logical reason this device is not included in search sitemap?
What button do I press for techcopy in blitzball? Blessings of Uevon be upon you!:cyclops:

Categories

Resources