Related
I'm using Modaco latest r8 rom with froyo 2.2. I noticed 2 things:
1. wave secure will not download my account data automatically when I factory reset. I need to register again which make it vulnerable. >> Anyone can disable wave secure
2. I don't even need to factory reset and I can reset wave secure by clearing the data in settings!!!!
I have tried in original HTC ROM 2.09(rooted) and flash in /system/app. same situation.
And I've tried that if wavesecure hasn't been register, you can't lock it from wavesecure.com or sms
I don't know if this is due to the nature of froyo or it's been like this since 2.1
wave secure is practically useless right now on my phone!!
Anyone can confirm this?
called them and they said they disabled the function for temp as they are working on some fix, it will be up again in 3 weeks as what they said
Yep, saw this on MoDaCo. Will not be renewing my WaveSecure subscription.
Lets be honest, it was a waste of money to begin with right.
This whole thing makes me wonder...can an Android phone REALLY be protected by these kind of softwares? Even assuming there are no security issues with the app..I mean,a lot of Android phones are rooted by their owners and all are rootable (?) without booting into the OS, so even if said apps are installed as system apps (just like wavesecure can be) what's preventing a "smart/geek" thief from pulling the battery, changing the simcard,(rooting a non-rooted phone), booting into recovery, mounting system and wreaking havoc through adb, including removing the security app?? Am i going on a wild goose chase or is all this sound??
MacCarron said:
This whole thing makes me wonder...can an Android phone REALLY be protected by these kind of softwares? Even assuming there are no security issues with the app..I mean,a lot of Android phones are rooted by their owners and all are rootable (?) without booting into the OS, so even if said apps are installed as system apps (just like wavesecure can be) what's preventing a "smart/geek" thief from pulling the battery, changing the simcard,(rooting a non-rooted phone), booting into recovery, mounting system and wreaking havoc through adb, including removing the security app?? Am i going on a wild goose chase or is all this sound??
Click to expand...
Click to collapse
Yeah, but I don't think the average mugger/thief is that smart
Sent from my HTC Desire using Tapatalk
So can I cancel my current subscription then and get a refund?
If you install wavesecure to /system/app and make sure its only there and not in /data/app as well then you should not have this problem.
Also wavesecure have gone through a rough month, got brought by Mcafee who in turn just got brought by Intel. They need to adjust to the new owners. They are (were) only a small company and lets face it their app is the best around by a long long way.
If you have any problems or suggestions on how to improve they usually listen (it was one of TeamVillain and a xda mod who suggested they make a update.zip for /system/app and a number of other improvements and they did it straight away).
Don't just say "oh no its not working" no app can protect your phone from the right people, if someone who knows all about rooting etc gets your phone then your screwed anwyay. But the average joe thug who steals your phone will get it, put in a new sim the alarm will go crazy then they panic, drop the phone and run. You can then use the tracker to find it, or give details to police.
Just put the apk in your rom next time before you flash in system/app and flash the rom. Restore data from a backup (but not the app) and you still get your market link too.
Lennyuk said:
If you install wavesecure to /system/app and make sure its only there and not in /data/app as well then you should not have this problem.
Also wavesecure have gone through a rough month, got brought by Mcafee who in turn just got brought by Intel. They need to adjust to the new owners. They are (were) only a small company and lets face it their app is the best around by a long long way.
If you have any problems or suggestions on how to improve they usually listen (it was one of TeamVillain and a xda mod who suggested they make a update.zip for /system/app and a number of other improvements and they did it straight away).
Don't just say "oh no its not working" no app can protect your phone from the right people, if someone who knows all about rooting etc gets your phone then your screwed anwyay. But the average joe thug who steals your phone will get it, put in a new sim the alarm will go crazy then they panic, drop the phone and run. You can then use the tracker to find it, or give details to police.
Just put the apk in your rom next time before you flash in system/app and flash the rom. Restore data from a backup (but not the app) and you still get your market link too.
Click to expand...
Click to collapse
While i agree with you that a witch hunt isn't the proper response and that it is unlikely that the average thief will know his way around adb, i have personally tried to remove wavesecure from /system/app...it works...i did it without breaking a sweat. I intentionally triggered the lock by attempting to uninstall the uninstall-protection, pulled off the battery, booted in recovery and got rid of wavese cure with a single command. Reboot and presto! A free phone . So it is true that there is no full-proof way to be safeguarded, at least using this software, and in my humble opinion the guys over at wavesecure should clearly state so on their website. And they don't always listen..there is a long story of noisy silences concerning op's issue...omissions, censorship etc etc. I got a free lifetime subscription so i'm not particularly yelling at anyone, just making hypothetis, but wouldn't you be quite pissed off if someone stole your phone and rendered it's security software (for which you payed) impotent just because he knew "SU"?
MacCarron said:
While i agree with you that a witch hunt isn't the proper response and that it is unlikely that the average thief will know his way around adb, i have personally tried to remove wavesecure from /system/app...it works...i did it without breaking a sweat. I intentionally triggered the lock by attempting to uninstall the uninstall-protection, pulled off the battery, booted in recovery and got rid of wavese cure with a single command. Reboot and presto! A free phone . So it is true that there is no full-proof way to be safeguarded, at least using this software, and in my humble opinion the guys over at wavesecure should clearly state so on their website. And they don't always listen..there is a long story of noisy silences concerning op's issue...omissions, censorship etc etc. I got a free lifetime subscription so i'm not particularly yelling at anyone, just making hypothetis, but wouldn't you be quite pissed off if someone stole your phone and rendered it's security software (for which you payed) impotent just because he knew "SU"?
Click to expand...
Click to collapse
The thing is though, if they knew SU and other commands chances are they will get around any protection whatever it would be.
But Wavesecure offers you a way to track the phone, you can still contact your carrier and get them to IMEI blacklist it, then track the handset down via wavesecure.
hi - just check out secrep5265.blogspot.com - thats interesting information concerning your discussion.
Today, I turned on my phone to discover a strange new widget/icon on my homescreen that looked like a blue magnifying glass and was labelled 'Search'.
Of course, being suspicious I removed the widget. I then looked through the list of installed widgets and apps, but nothing unusual was there.
Later when I opened the internet browser, the usual google homepage looked a bit different - identical, tabs and all, except for the search button appearing the same as in the widget and the Google logo missing (as if it hadn't loaded yet).
I've reset my homepage to Google, but in my history the bogus sites are:
start.infospace.com
searchmobileonline.com
Scanned with both AVG and Avast, but neither picked anything strange up.
I have since found out that this is adware that some free apps on the Market are using to generate revenue. In my case I have since confirmed it came from Brightest Flashlight Free, an app with over 1 million downloads and 5 star average.
Here's an article explaining it *http://www.pcworld.com/article/245305/sneaky_mobile_ads_invade_android_phones.html*
Just though I'd warn everyone, as I'm a very careful / savvy user and only use very popular, respected apps, but still got it. Personally I think adding phantom widgets and hijacking your browser homepage with a fake google look-a-like is disgusting and bordering on criminal, as no warning or notification is made that this is going to happen, where it came from and how to remove / fix it.
AXIS of Reality said:
Today, I turned on my phone to discover a strange new widget/icon on my homescreen that looked like a blue magnifying glass and was labelled 'Search'.
Of course, being suspicious I removed the widget. I then looked through the list of installed widgets and apps, but nothing unusual was there.
Later when I opened the internet browser, the usual google homepage looked a bit different - identical, tabs and all, except for the search button appearing the same as in the widget and the Google logo missing (as if it hadn't loaded yet).
I've reset my homepage to Google, but in my history the bogus sites are:
start.infospace.com
searchmobileonline.com
Scanned with both AVG and Avast, but neither picked anything strange up.
I have since found out that this is adware that some free apps on the Market are using to generate revenue. In my case I have since confirmed it came from Brightest Flashlight Free, an app with over 1 million downloads and 5 star average.
Here's an article explaining it *http://www.pcworld.com/article/245305/sneaky_mobile_ads_invade_android_phones.html*
Just though I'd warn everyone, as I'm a very careful / savvy user and only use very popular, respected apps, but still got it. Personally I think adding phantom widgets and hijacking your browser homepage with a fake google look-a-like is disgusting and bordering on criminal, as no warning or notification is made that this is going to happen, where it came from and how to remove / fix it.
Click to expand...
Click to collapse
Good call mate! I downloaded the AirPush Detector, AdFree Android, and Addons Detector thats mentioned on the post, and they found some on my SG2.
I will give all offending apps a one star rating, and this will get these dev's to act!!
Thanks
If you're going to give these apps one star ratings, don't forget to put a very scathing review up as well. A single star rating either way isn't going to bother these people much, but if you put a really negative review up as well, it adds a little impact.
In my experience, a brutal review tends to get devs attention fairly quickly, especially those who care about the rep of their apps
... and I wondered from where that magnifying glass appeared on my homescreen.
By the way, the icon sucks
I installed one crappy app from the market but unistalled everything fishy in the moment I saw that icon ...
This has happened to me 2x wish I knew what app it was. I normally only download popular ones too.
Sent from my GT-I9100 using XDA App
I have the magnifying glass too. I didn't notice it at first because I use TWLauncher 4.5 and it only added itself to the stock launcher. I guess its time to do some forum searching or uninstall all my add based apps.
You guys (especially OP) need to use programs like Lookout or ESET and stay away from ****ty apps like AVG (Which is also **** on PC).
GRiM-UK said:
You guys (especially OP) need to use programs like Lookout or ESET and stay away from ****ty apps like AVG (Which is also **** on PC).
Click to expand...
Click to collapse
Lookout doesn't find the search adware widget.
I had that icon too.. it even changed the default search engine on my browser..
Sent from my GT-I9100 using xda premium
AXIS of Reality said:
Today, I turned on my phone to discover a strange new widget/icon on my homescreen that looked like a blue magnifying glass and was labelled 'Search'.
Of course, being suspicious I removed the widget. I then looked through the list of installed widgets and apps, but nothing unusual was there.
Later when I opened the internet browser, the usual google homepage looked a bit different - identical, tabs and all, except for the search button appearing the same as in the widget and the Google logo missing (as if it hadn't loaded yet).
I've reset my homepage to Google, but in my history the bogus sites are:
start.infospace.com
searchmobileonline.com
Scanned with both AVG and Avast, but neither picked anything strange up.
I have since found out that this is adware that some free apps on the Market are using to generate revenue. In my case I have since confirmed it came from Brightest Flashlight Free, an app with over 1 million downloads and 5 star average.
Here's an article explaining it *http://www.pcworld.com/article/245305/sneaky_mobile_ads_invade_android_phones.html*
Just though I'd warn everyone, as I'm a very careful / savvy user and only use very popular, respected apps, but still got it. Personally I think adding phantom widgets and hijacking your browser homepage with a fake google look-a-like is disgusting and bordering on criminal, as no warning or notification is made that this is going to happen, where it came from and how to remove / fix it.
Click to expand...
Click to collapse
personally i feel you should report this app to Google straight. No chances should be given for developers of such nasty lowdown apps.
I personally dont use any of the antivirus stuff but have my host file update for removing ads and use LBE security to block applications access to the internet.
Thanks
Thanks... very usefull information
Installed LBE and now monitoring apps
Thanks for the heads up and the useful apps recommended.
All clean here, but glad I checked.
Further good reasons not go down the pirate route kids - get that Blackmarket and Mobilism app off ya devices
Mobilism app isn't malware.
I use Avast and adaway and they seem to be effective enough although no doubt malaware is a cause for concern.
666fff said:
Mobilism app isn't malware.
Click to expand...
Click to collapse
I'll take your word for it. It allows you to test pro versions or other paid apps, and if you like them, you go to Android's market and buy the "proper" goods.... Sure. That's all right then.
How much does eset cost? Could only see free 30 day trial
Sent from my GT-I9100 using XDA App
B3311 said:
I'll take your word for it. It allows you to test pro versions or other paid apps, and if you like them, you go to Android's market and buy the "proper" goods.... Sure. That's all right then.
Click to expand...
Click to collapse
That's what I use it for. I like to trial an app properly. If I like, buy from the market, if it's crappy, delete.
The same happened to me, I only realised when a lot of my google searches were US based and not UK. When I clicked on the "privacy" link at the bottom of the Google page (or what I thought was google, it just had a different search icon) it brought up info about a different company, it wasnt the usual google privacy disclaimer.
In the end I think I had to uninstall all the recent apps because I wasnt sure which had done it and had to clear data on the browser to remove it.
My Samsung Galaxy Note has also been invaded by this searchmobile pest and I am looking for a lasting solution, or an app that can identify which app invited the malware. "free iPads" have also appeared annoyingly frequent.
I am on the March 5th build of ICS from Quarx, and have only experienced this issue on this ROM, however I have not tried going to another version to see if it's something I viewed/downloaded.
Every once in awhile I get a notification, it looks exactly like a smaller version of the Messaging app's icon. The title says something like "Faster, Better" etc. and once I click on it there is an image of an ad for UC Browser 8. It only happens when I have internet, but all I can do is swipe the notification and wait for it to happen again.
There is a folder in the root of my SD card called Joy. Inside are three more folders: Cache, PopAd, and config. Nothing in Cache, PopAd includes the ADucweb_en.jpg image that pops up. In config there is dk.pro, popAd.config, running.config, and sys.config.
When I delete the folder, it reappears once the ad pops up- which seems to coincide with why I always need internet when the ad pops up.
Any advice on how to handle this? It's annoying and could be simply malware (AVG finds nothing wrong) but it seems to be a total breach of privacy and security that a folder is able to redownload itself continuously against the user's wishes. I'm unaware if this has anything to do with the person/people behind UC Browser 8, but I feel I need to contact them as well for malicious advertising by someone.
I had these same notifications happening, and found those files too. After installing "Addons Detector" I found that these were coming from an app I'd recently installed called "Mission Impossible FREE" (com.letang.game109.en).
I wonder if there's a better way to identify the app that creates a notification. Nearly anonymous notifications seem like an easy spam vector. It'd be nice if a long press on a notification message gave identifying details about it's origin.
-Ben
problem solved
same problem here. thx to another member, i now know how to remove it permanently. when the ad pops up, take note of the game/app that it's advertising. go to market and find its developer. then check and see if you have any of their app/game installed in your phone. just uninstall them and you'll be able to delete the joy folder permanently. and the ad will never pop up again.
the developer that's making these ads in my phone is call LeTang, Inc. i think it's the same for you.
$$$$$$$$$
Actually find a new way wanted your opinion about.
I have my flag app with over 1M install called Signal Boosters (Fred Baker)
I was trying to monetize creating my own offerwall and taking offers from the networks, long story, that didn't really hit the jackpot for me.
I had a huge problem of uninstalls (70%) since the walls didn't really work so I got really interested in the uninstall event and how to capture it.
Over a year I was able to capture the uninstall event using and launch a browser at the moment of uninstallation without leaving any traces or processes running on the devices afterwards (no trojans or anything that gets you banned)
(I saw some very popular and known apps use this implementation to survey the users that uninstalled and that was my inspiration)
I wasn't sure how to use it without pissing off someone and if it's actually allowed so I integrated it in my app and never talked to anyone about it.
A month ago or so I came across a company called APPJOLT doing exactly that.
I registered and entered their dashboard and saw they developed a whole system around this technique with the purpose to offer your users an incentive to come back to your app or cross-promote to other apps.
They have an option for free cross-promotion campaign so it hit me right away I can use their system with a CPI offer I took for my offerwall from one of the networks, so at the moment of uninstall it will show the offer and I will get paid for it.
I couldn't believe it but it worked, I see almost 1K uninstalls a day and generate around 70 conversions which generates $30-50 a day.
Not sure if I hit gold or not, just wanted to ask the members of this forum how can I improve this flow? or am I missing anything?
$$$$$$$$$
Couldn't find that one listened anywhere here specifically. I'm pretty sure my phones compromised but I'll probably just get people telling me I'm being paranoid. Just notice a lot of weird stuff going on.
I'll give some examples, but it would be cool if someone else here has an A03s and could give me a full list of the system apps to know for sure if mine has some extra ones that aren't truly factory. Because I've restore it several times and they don't go away.
Like under the apps screen under the basic ones I got apps like Android auto, webview, configapk, customization service, and something called data restore tool, device health services, group sharing, meet, nearby device sharing, quick sharing, quick share, settings..etc. which to my knowledge are pretty normal apps to see on phones right? But I seem unable to control them, if I disable them and go back and check later they mysteriously reenabled again, or after that the permissions lists will be greyed out not being able to do anything. Also there is a app called "permissions controller", as well as ones called "apps", "apps update", "tools", "app recommendations", "settings recommendations"..etc. is that normal? I never noticed that with my old samsung. They are really small file size apps with pretty generic looking icons and they don't let me disable them.
What gets more weird to me though is when I enable the system apps too. I see all kinds of suspicious looking ****.
Like for the android setup, and android system apps there are two of each, and the other two have generic looking icons, also got stuff like configuration restore, audio mirroring, auto hotspot, automation test, bluetooth/bluetooth midi service, call & text on other devices, callbgprovider, camera extensions proxy, carrier login engine, sim tool kit, cell broadcast services, clipboardsaveservice, cmh provider, companion device manager (where I have no idea where my "companion is or how to control it so I must be the one being controlled?", configupdater, csc, dcktimesyncapplication, dynamic system updates, ipservice, enterprise sim pin service, external storage, like 10 different gestural navigation bars, group sharing, iaft, ims service, settings, and logging, input devices, iothiddenmenu, keycustomizationinfobnr, launcher, locale overlay manager, service mode and service mode ril, media and devices, mdmapp, vpndialogs, mmigroup,mmsservice, mobilewips, mtp host, nearby device scanning (2 instances), network diagnostic, nsdswebapp, one handed mode, osulogin, package installer, an app called "people", private share, proxy handler, quick share agent, samsung core services? (is that a real app even? I can disable it but who wants to disable "core" system apps, so touche there if it is a program deployed by a hacker on their app naming skills lol, smart switch agent, 2 instances of software update, system connectivity resources, system uwb/wifi resources, an app called "tasks", tethering, tethering provision and tethering automation, tfstatus/tffunlock always running when I never access them, usbsettings, and theres one called wallpaper services/wallpaper and style that looks really generic which is confusing because I assumed the samsung theme manager just handled all that stuff in one? We also got wearable manager installer running, and sometimes wificalling and wifi direct or work setup will be running when I don't have any of those configured.
Sorry for the huge block of text, I'm sure I missed a bunch i missed because there's some that don't show even when you tap "show system apps", like the skms agent as one example, so got a few general questions for you, so for the file/download system I got a bunch of default apps. There's two different files apps, there's a download manager and download app, and also a storage manager, and ALSO a app called the external storage that always wants to be running but can you explain that if I have no external storage? Is the built in storage space on the a03 called external storage? I even have my drive apps and stuff disabled.
Another things that's suspicious to me is secmediastorage, secvideoengineservice, secsoundpicker, secureelementapplication, media and devices + ext storage. Like why should there be a SECOND video or audio engine running when I'm old school and don't even use cast programs/features or anything like that? In fact it's usually one of the first things I just go ahead and try disable.
I noticed a lot of weird things going on with the display though too, looking really sharp then suddenly almost looking like there's two layers of gui not exactly lined up, like off by a pixels making things look blurrier. Like the one ui home is the default factory launcher right? So why does my phone also have a app called "launcher", plus another hidden launcher or something running in the background? I can't remember the name of it offhand, something GUI..
And I understand the concept of android have a permission controller, and "core apps" but are there actually apps under the system apps named that lol? "permission controller", "samsung core apps" one called "device services"...
also is service mode suppose to be running in the background? I googled into it and know it's a genuine service, but I really don't understand why a lot of these apps are stopping and running or renabling themselves.. It's like I have zero control over my own phone and if I'm just paranoid and they are meant to be just seems like a waste of complete waste of ram/data to me.
****, I was just sitting here thinking for like a few minutes about to post and almost forgot the most suspicious ones I've noticed in last few days. all the "com." overlay apps. I guess I really saw the word "overlay" as something you should be suspicious about until the vpn I recently bought had a feature that is suppose to block web browser based overlays. Then I noticed that MOST of my com. apps are all overlay apps! Lol, ranging from google/samsung to mediatek.
I won't post all of them because there's probably 20 at least but here's a few.
com.mediatek.frameworkresoverlay
com.mediatek.settingsproviderresoverlay
com.mediatek.systemuiresoverlay
com.samsung.android.networkstaack.tethering.overlay
com.samsung.android.smartswitchassistant
com.samsung.android.wifi.p2paware.resources
com.sec.android.app.camerasaver and a camera.app.cameraapp one (camera always running in background even if background and battery saver with restricted settings enabled)
com.google.android.ondevicepersonalization.services (I never used any personalization service or see a personalization app for that matter)
com.google.android.networkstack.tethering.overlay
and there's a bunch of com.google.android.overlay.gmsconfig ones /common geotz/ gsa/ photos/
com.google.android.overlay.modules.captiveportallogin.forframework
plus a overlay broadcastreceiver, ext.services, documentsui, permissioncontroller, and sdksandbox one.. tetheringresoverlay, wcmurlsnetworkstackoverlay, locale overlay manager..etc.
Also I get my service through straight talk which I think uses verizon and I noticed when I go to connections/mobile networks and network operators and uncheck the box "select automatically" that for some reason it only wants to connect to a network operator called "Home". I just thought that was kind of a weird and generic name for a network operator. I tried to use a android hidden settings app to change that because it was blocked out and thought I messed up my phone because I no longer had data and couldn't access the menu through the app anymore, but luckily a reformat fixed it but I'm still dealing with all this crap haha.
Can someone tell me I'm not crazy and there's definitely someone that is accessing and controlling my phone without my permission and what would be the best way to go about dealing with this?
Thanks.
First things fist: Here on XDA we expect you to follow the Forum Rules:
2.5 All members are expected to read and adhere to the XDA rules.
Click to expand...
Click to collapse
If you haven't done that yet, click the link in my signature and do it now.
One of the rules you'll notice is this one:
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Click to expand...
Click to collapse
You've copied this post at least once. We'll be removing the duplicate.
Now on to your question...
It is my opinion that the problem may not be with what you are observing, but with your assumptions. In the duplicate thread, you assume two possibilities:
You're being hacked
Your paranoia is justified
Have you thought there may be a third or even fourth option? Such as, maybe you don't understand that much about Android, you don't recognize what you see, you're assuming it's malicious, which combined with your own confirmation bias, has led you to the conclusion that foul play is afoot?
Nothing you have described sounds in any way abnormal. You have a Samsung device running OneUI (Samsung's framework overlaid on top of Android) that is powered by a Mediatek chipset. Everything you describe sounds completely normal to me, with over 10 years of experience in Android, most of that with Samsung devices.
My conclusion, to be frank: You are not being hacked, and your paranoia is unfounded.
OP your post gave me a headache trying to read it.
So...
Have it reflash to the stock firmware if you really think it's behaving erratically and a factory reset doesn't work. Change Google password and all others.
Then be careful what you install.
Don't put in foreign thumb drives or let others use it.