Question System protection compromised - Samsung Galaxy A53 5G

Hi guys.
I tried to use online foreign banking. I only see a warning screen, “you are using a device with removed system protections” (on Cyrillic), and if I press OK, it closes. The UBB mobile app is on the Google store. I called the bank’s customer service, and they could not explain what that exactly meant. I put a lock screen and turned on the device protection – no security issues. The last time I spoke to technical support, she recommended buying another phone, but not A53 5G, saying it is compromised. Very frustrating!
Today, contacted Samsung tech support. She logged in to my phone and didn’t find any issue. She recommended doing a factory reset, assuming some incompatibility with another app.
I tried it on my old Pixel 1, with no problem – no warning screen and I could see the home page.
Guys, please do me a favor to install this app and see if you will see the same warning screen. Do you have the same issue? So I will know if only my phone has this problem or all A53s.

Is your phone rooted?
Or is knox tripped, when you go to the bootloader, does it say that knox warranty is void?
Usually says Knox WARRANTY VOID: 0x01 in the bootloader

It is not rooted. I don't know what Knox tripped is.

Related

S6 shop unlock, and now 'unauthorised actions detected' warning (+ forgets WiFi pwds)

Hi
I've had a good look around the forums, but would appreciate a pointer if anyone can help...
I have a new EE Samsung S6 (SM-G920F, Android 6.0.1) which I needed to be unlocked for O2. Rather than contact EE, I spent £20 in a shop advertising unlocking, and it appeared to work. However, I now get the 'Unauthorised actions have been detected. Restart your device...' warning, even immediately after a factory reset (and the Knox counter on the Odin screen says '1'). The other issue is WiFi passwords aren't remembered, meaning I have to log in to my home Wifi every time (I've read about this here)
I've read the 'unauthorised actions' warning is Knox related, and there are apps that can suppress the warning, but the reason seemed to be a bad batch of phones in 2015, and the issue was apparently fixed in 5.1.1 which doesn't seem to be the case here...
Was I foolish to get it unlocked by a shop?
Is there anyway to reverse whatever they've done?
Now that the Knox counter has been tripped (and I've supposedly invalidated the warranty), should I go about rooting the phone with stock 6.0.1 in the hope that I can install an app to suppress the warning, and try editing the files that might be causing the Wifi password issue?
Presumably I can't go back to EE to ask for advice now?
Many thanks for any suggestions!

G920P Impressively Resistant FRP, looking for new methods.

Device: G920P
Binary: Samsung Official
Unable to bypass FRP, and I have attempted flashing every stock firmware via every Odin release from 3.10 to the most current update, to include a rather desperate shot in the dark where I checked the nand erased, efs, and bootloader options, all to no avail.
To assuage any misgivings, I am quite well aware of the moral quandaries associated with this sort of issue. As it happens, I share them. This phone was found in a friend's storage locker, among her (admittedly shady) ex-husband's effects. I have checked the IMEI status (clear,) and made repeated attempts to contact the current owner of the phone number I found on the SIM card. Nothing. So, I am at a loss for what to do next.
wisdom131577 said:
So, I am at a loss for what to do next.
Click to expand...
Click to collapse
Sell it on ebay "for parts or repair, wont turn on, good LCD".
P.S. "FRP" means reactivation lock, right? Samsung account? Or Google account?
FRP is an acronym for "Factory Reset Protection," and I've only ever encountered it with Google accounts. Samsung claims to have the ability to bypass it on their support page, but I'm taking this as a challenge.
wisdom131577 said:
FRP is an acronym for "Factory Reset Protection," and I've only ever encountered it with Google accounts. Samsung claims to have the ability to bypass it on their support page, but I'm taking this as a challenge.
Click to expand...
Click to collapse
Ok, then it's simpler.
Google for the "frp via adb" and read, find and flash a combination rom for your device and do the job.
Not a bad challenge. You'll have some fun.
But I've had much more when disabling reactivation lock (Samsung account) on SM-G920V bought on ebay

Spyware tracking software on the phone

So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
gesaugen said:
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
Click to expand...
Click to collapse
If the ex actually did something like that and embedded into the system partition on the device, a factory reset will not remove it.
You would need to flash the device with the firmware to remove it, you may even need to use the "re-partition" option in Odin when you flash the device.
It would also be wise to change the password on her Google account before flashing the device, to be thorough, change the password and maybe even the email/username while you're at it, then go to system settings and remove the account then sign back in with the new email/password, then flash the device, after flashing and booting, sign back in with the new account details.
I would also change passwords and account details for any other apps on the device, such as Facebook, Facebook Messenger, any other email addresses or other email apps and any other types of social media apps or other apps that require an email/username and password. Change any and everything on the device that the ex could have possibly had access to. If she also has other devices or PC's synced with her phone or email, I'd change the details on those other devices/PC's as well. If she has WiFi at home, change its password and maybe even see about changing the IP of her modem/router.
Then, after that, make sure she doesn't click on/open/download anything from anyone that she doesn't know, including multimedia texts/pics, it could be the ex trying to embed something again, opening it will just compromise the device again.
Sent from my LGL84VL using Tapatalk
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
VidJunky said:
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
Click to expand...
Click to collapse
As far as I know, Samsung does not have bootloader mode, it uses Download Mode, otherwise known as factory mode or Odin mode. It also does not quite display the information that you described as you described it. Some Samsung devices may or may not display bootloader status as "locked" or "unlocked", I've never seen anything about Samsung devices ever showing anything about *Tampered. I've seen devices show "custom binary" or "official binary" and show system status as "official" or "custom", some show info for secure boot, activation lock, kernel lock or Knox warranty void.
But, none of this necessarily has anything to do with whether something could have been embedded into system. You can push things to system even if the bootloader is locked and without "triggering" anything or being "flagged" by the system.
Plenty of Samsung devices have been rooted without unlocking the bootloader, without tripping Knox or Qfuse and will show binary status as "Custom"(the one thing that does show that the device is rooted/tampered but still doesn't necessarily indicate any malicious code that might have been placed by the ex, just rooting the device and nothing else would give the same result), all locks at default status as "locked"(non-tampered) and system status as "Official".
Given that the ex was the one that took care of and managed all devices that she owned, I would just take the thorough route just to cover the bases just because there are so many points of entry that the ex could have set up among all of the devices/equipment that she has.
Sent from my LGL84VL using Tapatalk
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
VidJunky said:
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
Click to expand...
Click to collapse
This tells me that you aren't familiar with Samsung devices because plenty of Samsung devices have been rooted without unlocking bootloader, I couldn't even begin to count them all. Unlocking bootloader is really only necessary if flashing a custom recovery or custom ROM. Not all Samsung devices are rooted by flashing a custom recovery to gain root. Most of the Samsung devices sold in the US have locked bootloader that cannot be unlocked by any means whatsoever, yet these devices can be rooted. Obviously, they have been rooted without unlocking the bootloader.
Yes, it may have the "reboot bootloader" option in recovery, if selected, that will boot you into download mode/Odin Mode. Typically, what you are describing with bootloader mode applies to devices that use fastboot, Samsung does not use fastboot, it isn't compatible with fastboot, adb works with Samsung but fastboot does not work with Samsung in any way, shape, form or fashion.
And it is possible to root a Samsung device, then install something in system and then remove root immediately after(which means that root checker will not see anything) and it won't show anything in Odin mode, won't trip Knox or Qfuse and still show Official in Odin mode. If it is rooted, then an app is pushed to system then root is immediately removed and this was all done without rebooting the device in the process, then the bootloader, Knox, Qfuse and all that never even detects that root was ever there because it was removed, which means it never gets loaded at boot for the bootloader and other security coding to see that root was there. Some can be rooted and then flash TWRP using Loki without unlocking the bootloader, which "shouldn't" be possible with a locked bootloader, yet, it is done.
I'm just saying, it isn't always as detectable as you imply.
Sent from my LGL84VL using Tapatalk

Samsung Reactivation Lock broken?

Hellow, I am the owner of a Samsung Galaxy S6 I think its Europe version because I bought it in spain.
In march 2020 I had decided to factory resset my phone because I had a lot of junk. To my surprise when the Welcome screen for a setup showed up and I was trying to set it up (I did this probably once a year) a message of "The phone was factory resseted on a anormal way please sign in to your samsung account to unlock the device". Keep in mind here in spain we were in a complete lock down. I did put my email and password it showed 2 messages and noething happned, and I know its not the wrong password because if i did type a random thing it will show "Wrong ID" so I tried contacting samsung but as we were on a lockdown it was imposible, I tried from find my phone (samsung version) and I clickcked on unlock phone (while the phone was connected to the inernet) but noething happned as a last resource I tried flashing a custom rom (I had Samsung Official Rom) but when I go to oddin mode or download mode it shows: Reactivation Lock: ON.
Is there any way to unlock it, my mothers phone is broken and she is in need of one.
I have attached some imagenes.
I hope I can find a fix, because the most anoing thins is that is supposed to be a mecanisim so if the phone gets stolen, but i have been the owner of it for 5 years
for starters, try the methods explained here
[Must-Read Tip] How to Bypass Samsung Account
Getting locked out of your Samsung after a factory reset and cannot bypass Samsung account due to reactivation restrictions? Read the article to know 4 best ways to bypass Samsung account lock without any difficulty.
www.tenorshare.com
i think that there are a couple more options if those are without success, but i'd have to research that a bit more at that point

Question Phone locked, can this one be saved?

Hi,
I can buy a phone which has the following lock. Can this one be resetted or is it hard bricked?
The translation for the lock sreen is:
the phone has been blocked due to unpaid invoices. in order to restore the ability to use the device, you must pay the outstanding invoices
Short answer. The only way you can legally unlock it is to pay what is owed. I hope you didn't pay that much.
Hard reset from recovery menu, do not connect to the internet, unlock bootloader, flash twrp. That will brick Knox which is used to block the phone. Then flash Samsung firmware again. You will loose Samsung pay, secure folder forever but phone will be usable. Warranty will be void. But the best idea is not to buy it at all.

Categories

Resources