I would like to start a forensics thread.
I am a securiry auditor ( pen tester) and good at reverse engineering.
*****UPDATE******
I have owned the application decomiled the entire thing. I have all the download scripts and the actual apk is it not mktcamera it is
com.example.cameraroot-325a203119a823aad9e160e729650fbb.apk
I have given chainfire the apk it is up to him what he does.
I will send an email to kingo and and see if they want to clean up there ****. if they dont. i will release everything.
If you do not beleave me pm chainfire and ask him yourself.
I can not spend anymore time on this.
Sounds interesting. Kudos to you for attempting something concrete.
If you want to do static analysis of the initial download ("android_root.exe"), see this post. The initial Kingo download is an Inno Setup self extractor that can be unpacked without running it using the InnoUnp extractor utility.
I'll see what I can do to help.
thanks
I am trying to download the latest kingo. There site is very very slow. Looks like it is getting ddos. That is really good. It might give me a change to hit the request with session splitting, so i can get the scripts manually.
I
can someone translate this
Getting closer to having this app owned
I need this translated thanks!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.
subbed for results. Thanks for taking the time to look into this and sharing with us, very intriguing
krazylary said:
I have decided to not release the source code publicly. I will be giving it to the rockstars in the android world so we can have a clean root.
Click to expand...
Click to collapse
Thank you. It would be much preferable to having a static ARM (not PC-based) binary that needs no network access to get it's job done. Open source would be even better - even in the case of a completely static binary with no need for network access, the device owner is still "turning over their device" to that program and trusting that it is not malicious. After all, if it succeeds, it pwns the targeted device.
Although, truth be told, that just makes Sammy's job of closing off the hole that much easier, but that's the nature of the arms race.
Q about your previously posted (and now redacted) summaries - what is typical for false positive detection rates for random executables submitted to those "all in one" virus scanning services? Seems like the candidate malware identified would have shown some evident symptoms (popup ads, site redirection, etc) on folks platforms - unless it just lies dormant for a while or has been subverted itself to serve other needs (bot, etc).
What was the nature of the .xml that was being downloaded - did you have a look?
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Sent from my SM-N900V using xda app-developers app
dead batteries said:
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Click to expand...
Click to collapse
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Opps!
Yes
bftb0 said:
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Click to expand...
Click to collapse
What he said
I would like to add that the coders of kingo have gone above and beyond trying to hide there exploits methods and everything around it. i would do the same if i had a exclusive exploit like this... Exploits cost money if you want to use them. nothing is free nothing. They get something out of it. Or they would not return emails or update the software Would you? It sure as **** is not advertising on there site.
fyi one of the files that is download from kingos servers is called root_kit_base.sbin
Why blur out the program you are using?
personal
here are the programs
colasoft caspa enterprise 7
ida pro 6.5 arm hex rays
wireshark
cascade pilot enterprise
burp suite pro
just like to not have personal info exposed.. habit i guess.
christianpeso said:
Why blur out the program you are using?
Click to expand...
Click to collapse
Thanks for the info guys, that was a well thought out Super long answerand I read it all. ..twice. It doesn't "seem"like I need to worry though. My root with kingo went well, took less than 5 minutes if I remember and my device seems better because of it. Is There anything I should keep an eye out for?
Sent from my SM-N900V using xda app-developers app
I'm confused, did you actually find something malicious or is that where chainfire comes in?
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
bftb0 said:
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
Click to expand...
Click to collapse
Is it possible that information is needed on a per device basis in order to implement the exploit? Thus network connectivity would be essential for a universal rooting tool?
Sent from my SM-N900V using Tapatalk
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
bump
Sent from my SM-N900V using Tapatalk
kenneu said:
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
Click to expand...
Click to collapse
Kinda wondered that myself. Nothing materially changed on the device end of things for the VZW GN3 ... and all of a sudden a bunch of new reports that Kingo no longer works on that (unchanged) device... ?
Could be mere coincidence ... or could be that Kingo didn't want folks looking under the hood... hard to know.
Related
Sometimes I come across an app thats not on the Android market and you have to install it manually. Has anyone come across a virus/trojan on Android yet? Im curious how easy or hard it is to modify a legit applications and put a virus/trojan in it?
Lol have not seen one yet. Android isn't that big yet so doubt hackers would really spend time putting trojans to get stuff like your email password lol.
Take everything you know about microshaft windoze and forget it. The system architecture of android is almost completely invulnerable to viruses/worms/etc.
In a typical unix system, hacks can take one of very few possible approaches;
1) service bug targeting, i.e., if one were to discover a security vulnerability in the Apache HTTP server, one could theoretically compromise it. That particular service I mean.
2) user account targeting, i.e., one could convince a user to run something dangerous, which would infect that specific user's account, of course, this attack would limit itself to damaging that user's personal data and would not be able to take down the whole system unless it also targeted a kernel or X-server exploit.
Note specifically regarding #1, that in a well configured system, that targeting a particular service would be restricted to a specific user account just as in #2 since each service runs as its own username.
3) Targeting KERNEL defects; this is perhaps the most frightening possibility. It is also the least likely since it would also require #1 or #2. Any particular kernel attack, particularly in Linux is also very unlikely to work for long due to the open sourced nature of Linux. There are a LOT more people involved in monitoring the fundamental securities of the Linux kernel than any other OS because of its open nature. It is also a source of PRIDE for kernel HACKERS that they ALSO be responsible for openly providing the SOLUTION to any exploits that they discover. And they usually do this with their REAL NAME since it basically immortalizes them. The end result is that every time a kernel exploit is discovered, it tends to be patched within hours of its first application.
Now of course you want to know how this affects Android, since by all appearances, there is no user-level security. WRONG. The Android security level is actually on par with service level security on unix servers. EVERY SINGLE application installed is granted is own user account, which means that if any particular application is dangerous, its range of damage is restricted to that particular application's private data, as well as any permissions that the application is explicitly granted (i.e. when you install an application, it gives you the required security list). There is also the very slim possibility of a kernel exploit (though this is extremely unlikely), and it could damage the data on the sdcard (since it is an MS-crap filesystem with no security restrictions).
Of course you will note that older versions of the ADP1 system image came with an unregulated 'su' command (which you could also end up with using a "cat sh > su; chmod 4755 su" root approach) which basically can be used by any application to take over the whole system. Make sure that you don't have any such su command on your droid. Either use a password-protected su command (which will cause problems for trusted apps requesting root privileges), or the gui-supported su command. Subsequent ADP1 images came with an su command that was restricted to the debugging terminal user, which is fine.
In other words... you don't have much to worry about. Just don't do anything really stupid, like installing an untrusted application that wants a boat load of privileges that it shouldn't be asking for.
lbcoder said:
EVERY SINGLE application installed is granted is own user account, which means that if any particular application is dangerous, its range of damage is restricted to that particular application's private data, as well as any permissions that the application is explicitly granted (i.e. when you install an application, it gives you the required security list).
Click to expand...
Click to collapse
Might be worth pointing out that android apps are for the most part interpreted language apps, meaning the onus of security and stability (just from an apk standpoint) falls largely on the vm. All the lower level subsystems are pretty well protected by the Linux kernel, and these have been significantly tried in fire by decades of Linux server deployment.
lbcoder said:
The system architecture of android is almost completely invulnerable to viruses/worms/etc.
Click to expand...
Click to collapse
jashsu said:
Might be worth pointing out that android apps are for the most part interpreted language apps, meaning the onus of security and stability (just from an apk standpoint) falls largely on the vm. All the lower level subsystems are pretty well protected by the Linux kernel, and these have been significantly tried in fire by decades of Linux server deployment.
Click to expand...
Click to collapse
All the points about the protection offered from the Linux kernel and the VM are valid. Computer secuity is an ongoing battle between the software originators and the hackers trying to get in. I'm not saying it's remotely likely, particularly due to the market share, but rule one in my book is don't taunt the hackers.
lbcoder said:
Take everything you know about microshaft windoze and forget it. The system architecture of android is almost completely invulnerable to viruses/worms/etc.
Click to expand...
Click to collapse
Until the Android Dev team screw up again and lets any app run in the system process when requested (which was why cupcake was delayed in the US).
thanks for the post.
I was curious if someone could unpack a .apk file and modify a application easily, say have it send personal info to xyz server instead of the server the app was designed for or send it to both servers so the user doesnt think anything is wrong.
Are the files in the .apk editable, like an .exe is compiled for windows and the .exe cannot be edited (since its machine code).
androidmonkey said:
thanks for the post.
I was curious if someone could unpack a .apk file and modify a application easily, say have it send personal info to xyz server instead of the server the app was designed for or send it to both servers so the user doesnt think anything is wrong.
Are the files in the .apk editable, like an .exe is compiled for windows and the .exe cannot be edited (since its machine code).
Click to expand...
Click to collapse
Yes, apks are basically just zip files with cryptographic signatures. If you get your apks from Market then there is little to no risk of apks being tampered with. If you install your apks from any source other than Market, then you just have to trust the source that the apk hasn't been modified. Obviously if the apk itself doesn't ask for many permissions then it shouldn't be a problem. For example if you download a game apk from a developer's personal webpage and it asks for just permission to keep the screen alive, there's little risk to your data. However if you download an app that has read/write access to your contacts, or has root access, then you better be sure that the site you get it from is trustworthy.
jashsu said:
Yes, apks are basically just zip files with cryptographic signatures. If you get your apks from Market then there is little to no risk of apks being tampered with. If you install your apks from any source other than Market, then you just have to trust the source that the apk hasn't been modified. Obviously if the apk itself doesn't ask for many permissions then it shouldn't be a problem. For example if you download a game apk from a developer's personal webpage and it asks for just permission to keep the screen alive, there's little risk to your data. However if you download an app that has read/write access to your contacts, or has root access, then you better be sure that the site you get it from is trustworthy.
Click to expand...
Click to collapse
So the files in the .apk not executables, rather interpreted with the VM? Im curious if those files can be read and changed. For instance, can someone open the file in a Java SDK and change the code? Or are those files protected so they cant be modified? For instance, could you download soundboard app from the Market, "unzip" the .apk, and put your own sounds in it?
androidmonkey said:
So the files in the .apk not executables, rather interpreted with the VM? Im curious if those files can be read and changed. For instance, can someone open the file in a Java SDK and change the code? Or are those files protected so they cant be modified? For instance, could you download soundboard app from the Market, "unzip" the .apk, and put your own sounds in it?
Click to expand...
Click to collapse
Unless the classes are specifically performing security/sanity checks, there's nothing keeping you from replacing asset files (pngs, wavs, etc) and then resigning the apk with any key of your choosing. However, altering xmls and classes is more difficult as they are obfuscated/optimized by default.
For apps distributed officially through the Android market, the only way Google can provide assurance for the app producer against tampering is app-protected folder. Of course that assumes that root access is not provided, which is most likely a prerequsite for any phone to be branded "with Google" and have Market access. From the viewpoint of the consumer, apps are guaranteed by Google against tampering only if retrieved through Market. Once the app is on the device, it is protected via Android's use of Linux user access permission model (each app is its own user). The consumer may of course alter the file him/herself, unless it is a protected app, in which case root is required.
sounds buggy. i hope not. this reminds me of when Mozilla firefox became popular i slowly starte dto see code become available to make pop ups n my belloved browser
Virus found on Android phone...
Article 1:
NEWS
An employee at Spanish antivirus firm Panda Security received a new Android-based Vodafone HTC Magic with malware on it, according to researchers at Panda Labs.
"Today one of our colleagues received a brand new Vodafone HTC Magic with Google's Android OS," researcher Pedro Bustamante wrote on the Panda Research Blog on Monday.
"The interesting thing is that when she plugged the phone to her PC via USB, her Panda Cloud Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious," he wrote. "A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into."
Article 2:
Mariposa virus back on Vodafone Android smartphones
HTC Magic According to a Spanish blogger, around 3,000 memory cards supplied by Vodafone Spain were infected with the Mariposa bot client. The mobile network operator has now reportedly confirmed that these included HTC Magic Android-based smartphone models, as well as other devices. A spokesperson for the company has told CNET that it is a "local incident". Vodafone says it has identified customers that could potentially be affected and it will be sending them new memory cards. It has also offered to supply them with tools to restore the integrity of their devices.
Reports of an HTC Magic smartphone carrying the virus were first published less than two weeks ago, however the malware is not able to harm the Android smartphone itself. The bot only attempts to contact a command & control server when connected to a Windows PC. The virus should be detected by most up-to-date anti-virus solutions.
Personal take:
Interesting to note that the virus being carried on an Android phone and was used to infect PC's NOT other Android phones. It came straight from manufacturing with the virus on, so as of yet I still haven't heard of a virus that can infect an android phone.
Further more, I have seen Anti-virus software on the market place AND being offered by Norton. What do they protect against if there are no known virus threats? Do they just draw a nice pretty anti-virus logo on the screen to make you feel comfy? hehehe.
Trojans in the hacked up ROMs people are distributing
androidmonkey said:
Sometimes I come across an app thats not on the Android market and you have to install it manually. Has anyone come across a virus/trojan on Android yet? Im curious how easy or hard it is to modify a legit applications and put a virus/trojan in it?
Click to expand...
Click to collapse
I've found a trojan in at least one of the ROMs being distributed on here. Even reported directly from the developer's own file sharing site.
"Stock" ROM http://forum.xda-developers.com/showthread.php?t=2066023
Attached is a photo of the file scanned from the linked file sharing site for the KERNEL he wants you to INSTALL!!
Click the link to JB_KERNEL_3.17.841.2_EVITA_Init.d_Support_Installer.zip - 8.54 MB in that thread and see for yourself.
Be careful what you install on your device. ANDR.Trojan.GingerBreak takes full administrative control of your device and downloads more trojans to siphon out your private personal data.
Hello,
Recently is heard that "The Mother Of All Android Malware Has Arrived" (march 1st). Although I love to install all kinds of new roms, i'm aware my knowledge in the smartphone-world is limited to installing roms and following step by step instructions to the letter. Is someone willing to explain, or give some heads-up, if you want to avoid your phone being infected with something like the kind of malware described in the articles you can find recently on the web?
Reading the article you stumble upon things like: root the user’s device via rageagainstthecage or exploid, yank IMEI and IMSI, another APK hidden inside the code, steals nearly everything it can like product ID, model, language, country, and userID, and that it has the ability to download more code.
Yes i understand: don't install apps from suspicious websites or the usenet and read before install. But obviously nowadays you can get infected from downloading a (on first glance) legit app from the market. Maybe there are things you can do to decrease the chance you get infected with something you don't want?
I also read that the firewalls and/or anti-virus programms u can find on the Market, don't anticipate on these kind of threads the way firewalls and anti-virus programms do on my desktop. Is this true?
Simple and obvious as these heads-up may be, someone like me might not be aware of it.
Thanks.
Hello XDA
I've written a security guide I have posted to quite a few Android communities/forums. This guide is intended for new users to Android so probably doesn't apply to anyone here. But I do think Android users deserve solid advice from the experts and with all the media scare tactics going around, now more than ever.
However, I was hoping that if some Devs had the time, they could give some of it a quick read. I'm hoping to get a more informed developer opinion on whether I missed anything or am mis-representing something or another. I'd like to make sure that my information is as accurate as possible, and since Android is a community thang, I figure why not ask some other devs if they want to have a look and chime in.
The one topic I havent really yet covered is rooting, so I know at least that much is missing.
Thanks in advance and please feel free to post all feedback -- positive/negative/or your favorite cheesecake recipe.
=================================
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
The reason that this is important to know is that it means Android is very unlikely to ever get a 'virus' in the traditional sense. Part of the reason why is because Linux is a fairly secure operating system that protects various parts of itself from other parts. This is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later. Also due to some bad choices by Google, there are a few exceptions to this rule that we'll talk about in the permissions section.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Types of Dangerous Programs
Probably the biggest/most common threats from applications on Android are:
1) When the developer/app tricks the user into giving the app permissions it does not need to do its job
2) When the app hides malicious code behind legitimate permissions.
3) When the app tricks the user into entering in personal information or sensitive data (such as a credit card number)
There are various ways malicious developers (also knowns as hackers or crackers) accomplish this. We'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams (sometimes).
Spyware
Spyware is used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Often times this includes keystroke loggers to steal passwords or credit card information. Some people include certain types of Advertising tracking in this category (sometimes called Adware, see below). However that's a much larger debate we wont cover here.
Phishing
Phishing and spyware are closely related. They work on a similar principle: tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Contrastly spyware would try to hide itself from being known to the user. One way to think about the difference is that phishing is masquerading while spyware is hiding, but the end goal of stealing your data is the same.
An example of this would be a app or website pretending to be affiliated with your bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does, include any service where someone might want to steal your identity or password.
There have been known successfull phising attacks releated to at least one bank on Android.
Virus
The definition of virus used to be more all-encompassing. These days that term has been replaced by malware. Virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus send emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Trojan Horse
A trojan horse is really just a specific type of virus. It merely refers to the idea that the app pretends to be something useful or helpful or fun for the user while actually causing harm or stealing data. This term is often used to describe spyware and phishing attacks as well.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service to the user of dubious quality. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
Warez
This is a term you'll sometimes hear referring to 'pirated' or unlicensed software. Often times warez forums and websites will offer "free apps" or "apks" (Android Package).
Don't be fooled by these sites, and do NOT download these files and load them to your phone. These files are stolen from the real developers by unscrupulous people who have no regard for the work put into apps by the developers, or the law. Often times they will even try making money off of the advertising on their "warez" forums. They are profiteers that do the entire Android community a great disservice, and hurt the developers. Furthermore this is very often the most popular 'vector' (method) of attack that malware writers use. Some go as far as stealing apps and putting them on the Android Market itself under different names.
If you are a user that cannot access the paid Android Market, there are alternatives these days. The most trustworthy markets (in my opinion) are the following:
- Android (Google) Market
- Amazon Appstore
- SlideMe
- Archos AppsLib
- AndAppStore (possibly)
- AndroidTapp (possibly)
- Verizon's Market (not sure if this is live yet)
- Motorola's Market (not sure if live or where, might be focused on Latin America?)
Other than these markets, I would not advise anyone to download and install an app from anywhere else.
However there are a few exceptions related to open source. These are places that independent developers can upload free and/open source apps. They don't guarantee your safety (nothing does) but they are not warez sites and are much more likely to be safe.
Open source or free apps: (very likely safe, not warez)
- XDA Developers
- Googlecode
- GitHub
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world, but any sane person with a reasonable head on their shoulders knows that a few good habits can keep you safe for a long, long time in whatever you do. Here are a few tips I have learned from many years as a professional software developer and from reading these forums that have many people smarter and more knowledgeable than I about Android
Read the comments in the Market
This should go without saying. Before you download any applications, be sure to read the comments. Don't just read the first three either, click through and see what people are saying. This can also help you understand how well an app work on your particular phone or your particular version of Android. Comments should also be read EVERY time you update an app.
Check the Rating
Any app that fails to maintain abpve 2.5 stars is likely not worth your time. If you are brave enough to be one of the first few to download an app, this does not apply to you. Nevertheless almost all good apps have between 3 and 5 stars. To me, this is just a general rule to help find quality apps.
Check the permissions
There are many things an app can do to, and for, your phone. But anything an app can do is told to you when you download and install it. Before you download and install an app, you will be shown a list of permissions the application is requesting. Read them. Try your best to understand them in terms of what the application is supposed to do for you. For example, if you download a game of checkers, and the Market warns you that it wants to be able to read your contacts, you should think twice and probably not download it. There is no sane reason a game of checkers needs to know your friend's phone numbers.
To see the permissions given to an application after installation, go to the Market, press [menu], then [downloads] or [my apps], then select the app, press [menu] again, then press [security].
Below I have a list of some of the most commonly used permissions. The list has explanations of how important they are, what they do, and what types of apps might legitimately need them. This should help you get a basic understanding of what to allow and when to skip an app. Please feel free to ask about a permission or let me know if I have missed any.
Check the developer's website
Make sure the developer has a website and not just some Wordpress blog. This is often again a good indication of quality as well as safety. If the developer cares about their app they will likely have a relatively nice looking website or, if they are open source, a site on Google Code. Note: sites on Google code are NOT verified or approved by Google. However, open source is usually (but not always) more likely to indicate a safe application.
NOTE: This is not definitive indicator if a developer is good or bad, just one more peice of information you can use. Their are a lot of exceptions to this particular rule, as a lot of Good devs might not have anything more than a Blogger blog, and a lot of bad devs could just point to a nice looking site they have no affiliation with. However, the developer's website can be helpful just as an extra peice of information you can use in making your decision about the developer or app.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use the same diligence as if you were installing it for the first time. Reread the permissions to see that it is only asking for what it needs and no more. Reread the comments to see if anything has changed in the opinions of the users and to see if it still works for your phone. If you see that an application says Update (manual) next to it, that means the developer has CHANGED the permissions they are requesting from the version you have on your phone. This is not necessarily a bad thing -- but it should indicate that you should pay a bit closer attention to the permissions and re-evaluate them as needed.
If you are still unsure, ask around -- the community is your anti-virus
If you see an app you want, but it seems to be asking for more permissions that it should, or it's comments and ratings are mediocre, go ahead and ask about the app in these (and other) forums. You will often find dozens if not more people who know the answers and another whole bunch wishing to know the answers to the same questions you have.
I can't stress this point enough. This is the best part about Android. The community are usually the first to identify any Malware or dangerous programs, and are the best resource for finding quality apps.
Beware the Sockpuppets, Shills, and Spammers
However, like anything, don't believe everything you read. Someone who comes into a forum telling you an app is the "best" may be what's referred to as a sockpuppet or shill. I tend to be wary of people with low post counts, or who have unreasonably high praise for what seems a simple app, or anyone using the word "best" in a forced context.
Now these people are not all bad, some may just be excited, or not speak english as their first language. But it's common for sockpuppets to use the term "best" to try and get better search rankings on Google. Saying things like "Best Android App" "Best GPS." Other tell-tale signs include when they mention software for iPhone or other platforms without actually answering questions. Or just generally seem like their post is out of context or overly general (think about how horoscopes are made for everyone to relate to them). I often get spam on my blog that says things like "best blog post! love your writing style, you put things in perspective for me" which makes no sense when my blog was about my new app.
This is a fine line a very much a grey area though. Sometimes it can be very hard to tell if someone is a spammer. If you see a post or comment in the market you suspect is spam on a forum, report it to the mods, don't reply and start an argument.
Posting your own comments
After you have downloaded an app you can post you own comments. The comment will be visible to all other android users but it will only show your first name. To do this go into the Market and press [menu] > [downloads]. You should see five empty stars at the top which you can tap to rate the app. Once you have rated the app you should see an option to add a comment under the stars.
Being a good user
While this guide is about security, I think it's important to point out how to be a good user too. Android is a community and stems from open source and will only ever be as good as both it's developers and it's users.
So, if an app is crashing on you, try emailing the developer before uninstalling and posting an angry comment. Anything you post in the market will stay even if you have uninstalled the app, and you could do serious harm to a developer's reputation if you post very negative comments.
If you think the developer just made a mistake, or didnt support your phone, work with them. If they are unhelpful, then you can consider giving them a bad rating. This is especially true for free apps in the market. Remember that you, as a user are not "entitled" to perfect free apps. Most developers do not have Google's enginnering and QA team backing them up and even Google makes mistakes.
And while it's frustrating when things don't work, imagine how frustrating it is when you put long hours into something but make a mistake -- and then because of that mistake you can never fix the damage done by a rude commenter.
What does Google do to protect us?
Unfortunately at the moment, not a lot. They do police the market to a small extent and investigate any reports of malware. They several instances of Malware and actually remotely uninstalled the applications from users phones.
However, the Market is not like the Apple App Store or Amazon Appstore, there is no screening of applications before they are posted to the market. There are no draconian procedures or lengthy approval processes that developers have to go through to post applications. All that a developer needs to do is to 'digitally self sign' his or her application before posting it. This helps Google track any developers with ill intent, but it's just a way to manage malware after it is discovered.
What about Wi-Fi?
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website your are trying to connect to. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street.
[guide continues below]
Permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.
NOTE: there are also some backwards compatibility decisions Google has made that will grant apps targeting 1.5 or earlier two permissions you may never see requested. It is my belief this is a security hole, but not a large one. The permissions are Read Phone State and Identity and Write/Delete files from the SD. I will elaborate on those below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Services that cost you money
make phone calls
This permission is of moderate to high importance. This could let an application call a 1-900 number and charge you money. However this is not a common to cheat people in today's world. Legitimate applications that use this include: Google voice and Google Maps
Services that cost you money
send SMS or MMS
This permission is of moderate to high importance. This could let an application send an SMS on your behalf, and much like the phone call feature above, it could cost you money. Certain SMS numbers work much like 1-900 numbers and automatically charge your phone company money when you send them an SMS.
Storage
modify/delete SD card contents
This permission is of high importance. This will allow the applications to read, write, and delete anything stored on your phone's SD card. This includes, pictures, videos, mp3s, and even data written to your SD card by other applications. However there are many legitimate uses for this permission. Many people want their applications to store data on the SD card, and any application that stores information on the SD card will need this permission. You will have to use your own judgment and be cautious with this permission knowing it is very powerful but very very commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to): camera applications, video applications, note taking apps, backup applications.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your personal information
read contact data, write contact data
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. The one exception to that rule includes typing or note taking applications and/or quick-dial type applications. Those might require your contact information to help make suggestions to you as you type. Typical application that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Your personal information
read calendar data, write calendar data
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access.
Phone calls
read phone state and identity
This permission is of moderate to high importance. Unfortunately this permission seems to be a bit of a mixed bag. While it's perfectly normal for an application to want to know if you are on the phone or getting a call, this permission also gives an application access to 2 unique numbers that can identify your phone. The numbers are the IMEI, and IMSI. Many software developers legitamately use these numbers as a means of tracking piracy though.
WARNING: Any app targeting Android 1.5 or below (possibly 1.6 as well) will be granted this permission BY DEFAULT. And you may not ever be warned about it. It is important to pay attention to what version of Android an app is targeting to know if this permission is being granted. You can see this on the Market website in the right hand column.
Your location
fine (GPS) location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications. This can sometimes be used for location based services and advertising.
Your location
coarse (network-based) location
This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location. This can sometimes be used for location based services and advertising.
Network Communication
create Bluetooth connection
Bluetooth (Wikipedia: Bluetooth - Wikipedia, the free encyclopedia) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: Sharing applications, file transfer apps, apps that connect to headset out wireless speakers.
Network Communication
full internet access
This is probably the most important permission you will want to pay attention to. Many apps will request this but not all need it. For any malware to truly be effective it needs a means by which to transfer data off of your phone, this is one of the setting it would definitely have to ask for.
However, in this day and age of cloud computing and always-on internet connectivity, many, many legitimate applications also request this.
You will have to be very careful with this setting and use your judgment. It should always pique your interest to think about whether your application needs this permission. Typical applications that would use this include but are not limited to: web browsers, social networking applications, internet radio, cloud computing applications, weather widgets, and many, many more. This permission can also be used to serve Advertising, and to validate that you app is licensed. (See DRM for more info).
Network communication
view network state, view Wi-Fi state
This permission is of low importance as it will only allow an application to tell if you are connected to the internet via 3G or Wi-Fi.
System tools
Prevent phone from sleeping
This is almost always harmless. An application sometimes expects the user to not interact with the phone directly sometimes, and as such would need to keep the phone from going to sleep so that the user can still use the application. Many applications will often request this permission. Typical applications that use this are: Video players, e-readers, alarm clock 'dock' views and many more.
System tools
Modify global system settings
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However there are a lot of these setting that are perfectly reasonable for an application to want to change. Typical applications that would use this include: Volume control widget, notifications, widgets, settings widgets.
System tools
read sync settings
This permission is of low impact. It merely allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
System tools
Write Access Point name settings
I need a bit of clarification on this setting myself. I believe this relates to turning on and off wifi and your 3G data network. (if someone can comment and clarify I would greatly appreciate it and update this guide to reflect). Essentially however I believe this to be similar to the 'modify global settings' permission above.
System tools
automatically start at boot
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in an of itself, it can point to an applications intent.
System tools
restart other applications
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However that application should have the option of immediately restarting itself.
System tools
retrieve running applications
This permission is of moderate impact. It will allow an application to find out what other applications are running on your phone. While not a danger in an of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets.
System tools
set preferred applications
This permission is of moderate impact. It will allow an application to set the default application for any task in Android. For instance clicking on a hyperlink in your email will bring up a browser. However if you have more than one browser on your phone, you may want to have one set as your 'preferred' browser. Typical legitimate applications that require this permission include any applications that replace, compliment, or augment default Android functionality. Examples of this include web browsers, enhanced keyboards, email applications, Facebook applications and many more.
Hardware controls
control vibrator
This permission is of low importance (but could be lots of fun). As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Hardware controls
take pictures
This permission is of low importance. As it states, it lets an app control the camera function on your phone.
Your accounts discover known accounts
This permission is of moderate importance. This allows the application to read what accounts you have and the usernames associated with them. It allows the app to interact with permission related to that account. An example would be an app that was restoring your contact, would discover your google account then sned you to Google's login screen. It doesnt actually get to see your password, but it gets to work with the account.
Development Tools read logs
This permission is of very high importance. This allows the application to read what any other applications have written as debugging/logging code. This can reveal some very sensistive information. There are almost no reasons an applications needs this permission. The only apps I might grant this permission to would be Google apps.
What Does it All Mean? This Sounds so Scary!
It might sound that way but it is not, by any means, scary. The power of the market is actually due to the fact that developers are free to post updates and applications much more quickly and easily. But despite the security risks that this model creates, there is an incredibly powerful deterrent to malware in the community itself. Lots of people on these boards and in the market eagerly try out new apps and report back the safety and quality.
Again, the community is your best anti-virus app.
last updated: March 23, 2011
This guide by Lost Packet Software is licensed under a Creative Commons Attribution-No Derivative Works 3.0 United States License.
Good post.
Yes, well written and informative. As a developer, it's good to get this information into user's hands who may not know how permissions work. And the author makes some good points on how to be safe without massive fear of EVER downloading an app
Thanks to OP for a nice article. Do you mind if I copy it and post it on my website? You can send me a PM. Of course, I will cite you as the original source
Thanks much guys,
@Rootstonian
Yes you can copy it, but copy the one from my site http://alostpacket.com/2010/02/20/how-to-be-safe-find-trusted-apps-avoid-viruses/ as it has a few less typos.
It is licensed under the creative commons license (no derivative works, must attribute to me). This means you are free to copy/republish but you have to copy the whole thing and not change it.
Well written and informative! Thanks.
Ok, thanks. I'll either copy it in its entirety or just use the link you provided if that's ok.
Regardless, you work will be properly cited
Again, well done.
thanks much guys.
Also curious if anyone has found any errors or inaccuracies or misrepresentations etc.
Brilliant post.
Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?
kgyirhj said:
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
kgyirhj said:
Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
It checks the IQ of the user. The phone shuts down below 90. Mine does not boot anymore ?
Sent from my SM-G900F using XDA Premium 4 mobile app
fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
All I know about this service is what I have written here.
It's name is "intelligence service"
and the file is com.samsung.android.intelligenceservice
The reason I started this thread is to get more infomration about what this is as google search does not give much about it.
Phone is SM-G900F
I found some new info using another program to monitor services..
"Receiver
com.samsung.android.intelligenceservice.useranalysis.UserAnalysisBroadcastReceiver handels action android.intent.action.BOOT_COMPLETED with priority 0"
And a second one also named "intelligence service"
"com.samsung.android.intelligenceservice.useranalysis.analyzer.CarAnalyzer handels action android.intent.action.BOOT_COMPLETED with priority 0"
This service isn't on my phone. And as you said, a cursory Google search doesn't tell us much, so we can't tell you anything about it either. Unless you, or someone else that has it provides more information.
At a guess it's just part of some Samsung bloatware. If you disable it, then the associated bloatware app will stop working. If you want to learn more, then look at xprivacy, a root enabled file browser or perhaps Settings > Applications > App ops and find out what app (apk) the service originates from. Then post the apk or at least provide the app's name and what permissions it asks for.
.
And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
.
fffft said:
And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
.
Click to expand...
Click to collapse
Somebody is in a bit of a pickle then.
This is also on my handset too
here also.. been reading a bit and found this app:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109
and it looks it works for S3:
http://forum.xda-developers.com/showpost.php?p=28662155&postcount=4
could it work for S5 also?
Same here
fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
---------- Post added at 11:49 AM ---------- Previous post was at 11:10 AM ----------
harlgal said:
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
Click to expand...
Click to collapse
I think it's the Isis (Softcard) Wallet, pretty sure it is. I just re-enabled it to start using my Serve card.
Connecting to Mac/PC
hi there,
I had a problem after installing amazing "Blaze Kernel "Onto G900w8 S5 running Xtresolite Rom v 1.5 is that phone is not connecting to Pc or mac through kies or Andriod file transfer which used to connect without any problems. Kids or other softwares just keep on trying with no success. I guess there might be some settings that need to corrected to get connectivity. tried both file or camera transfer modes on S5 but no connections.
One Amazing thing i noticed in performance and battery life with this kernel is that my Antutu benchmark scores went up to 43456 from 40435 and is the maximum reached so far...Simply Amazing..
PLEASE HELP!!!!! with connection problems would be highly appreciated.
so what's the verdict on this??
No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...
DaddyChaddie said:
No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...
Click to expand...
Click to collapse
What the hell are you talking about?
Note 4 same problem
I use battery doctor and lately it's been hard to charge and running quite slow then when I went to optimize it it had all these weird apps iv never seen before and majority of them say they have permission to record audio take my photos use any of my information and so on most of them I can force stop but they just open back up also since this is happen when ever I plug my charger in it makes a weird beep sound after the normal beep that occurs when plugging it in to charge
Ive always just uninstalled this app along with several other useless and suspicious looking apps samsung likes to load our devices with.
I have had my phone for over 12 months. I am very aware that I am being monitored for no reason and so , have kept tabs on my phones files and apps. Only today have I seen a file called Intelligence Service and so, wanted to find out what it was. It wasnt there 4 weeks ago. 4 weeks ago I had other odd files that I couldnt delete. My phone does what it wants: answers calls and hangs up, opens apps, closes other apps, filters internet and when Im on a call I will hear people talking on the line as if its an echo but they arent saying the same thing I am. I often hear voices coming out of the speaker. It reboots when it wants to. My data runs out too quickly no matter how I use it....when I take photos it gets hot like the info is being transfered. My phone has a magnetic charge, too. The phone runs with a slight delay as if its being relayed. Smart phones and idiot phones arent safe. I used my old basic nokia last week. It too was being controled remotely. It doesnt matter what u do.
Com.Sec is a sucurity company. Com.Sec.android may be innocent. If u have files that just say Com.Sec get rid. Com.Sec Investigations, Omnitron. Look them up.
I've just installed the SuperMan ROM and see a newer version of this service, com.samsung.android.intelligenceservice2.
The ROM also left (or brought) over com.samsung.fresco.logging (Fresco Intelligence Service). Apparently nobody knows what that is.
Let's see what the developer says about the two enabled logging/intelligence services in his ROM.
Report: The New Fire TV OS Will Block Apps Like Kodi (*Update, it was updated and Amazon says they won't be blocking anything. The rumor was never factual.*)
The article mentions, there are reports all 3rd party apps will be blocked. With the main focus on blocking Kodi, in the name of preventing piracy.
Of course if they wanted to just block Kodi, there are ways of doing that, without blocking all 3rd party apps. But given this is Amazon's box, I'm not surprised. In fact, I'm surprised Amazon has allowed side loading of 3rd party apps till now. Since it seems Amazon likes to encourage sales of their stuff.
Update: This may have been a misunderstanding.
Amazon told me the rumors are not true. Here is my response to this article, for those who are interested. http://www.aftvnews.com/a-new-report-claims-fire-tv-update-will-block-all-3rd-party-apps-like-kodi/
Oh I can't wait to lose access to all my other 38 - edit oh, wait 39 apps - that I can't get from Amazons awful appstore, in addition to loosing Firestarter which they banned after stealing its functionality. (Because instead of looking at a launcher, you could be looking at one of their banner ads instead - so of course they had to ban alternative launchers...)
Sounds like so much fun!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My next Android TV box won't be from amazon, thats almost certain. Every step along the way Amazon missed no opportunity to punch their more tech savvy audience straight into their face - over and over, and over again. Why miss an opportunity this time?
harlekinwashere said:
My next Android TV box won't be from amazon, thats almost certain. Every step along the way Amazon missed no opportunity to punch their more tech savvy audience straight into their face - over and over, and over again. Why miss an opportunity this time?
Click to expand...
Click to collapse
To be fair, Amazons android fireOS line is aimed at people that are invested in the Amazon ecco system already, and more so have access to Prime, if You're one of these people they are fantastic products.
abacabie said:
To be fair, Amazons android fireOS line is aimed at people that are invested in the Amazon ecco system already, and more so have access to Prime, if You're one of these people they are fantastic products.
Click to expand...
Click to collapse
It is a great product when you can leverage Prime. And has voice search built in, that can do a lot of the same things as Echo. You can even launch apps by voice.
So you have now only one option... Block OTA so you have the freedom to use your AFTV(Stick) without blacklisting 3rd Party Apps like Kodi. I have 5.2.1.0 with root and xposed and my Sticks works fine without any issue
But i think Amazon will block Prime-User also when they use not the newest OS.. hope they do that not
if they do that, i want buy a another TV-Box/Stick and stick Amazon they product in they A**
Amazon has responded to the initial article and it has been updated. They never planned to block 3rd party apps. The rumor was not factual.
I am sorry to inform you - but even if they JUST have hidden the adb toggle in a hidden "service menu" - the question is why.
Of course product bloggers won't ask it openly, because despite catering to users interest, they have 5 other Alexa *blub , bleep - use voice search - its so eazy* articles to pump out every day.
If you are hiding away the adb toggle it puts up another barrier of entry there - behaviorally, for the normal user. Amazon playing their freaking "take their rights one pinprick at a time" game is just as despicable as it was on day one -
and the only reason they are still doing it, is that everyone lets them get away with it, no questions asked.
(
- Why are you adding a blacklist to an open source operating system you borrowed from the linux community?
- Why are you banning launchers, whose functionality you stole from community developers, add a banner ad to yours, and then roll it out (depreciated, because - the Echo audience, never needs to force close or quickly uninstall their apps, or to sort them, or to hide some apps that arent accessed daily) as the new default?
- Why are you banning Kodi - but allow in Kodi Clones as soon as they have stripped out the python interface that enables streaming webenabled content (Isn't that anti competitive to the highest extent?)
- Why are you modifying adb - so some features like parsing logs become impossible?
- Why are you hiding away the development features behind a hidden key combination, so normal users loose the feature - until they are told how to find it again?
- Why have you bloggers that champion you for your interface decisions and who make podcasts about every new menu you add running this scene - but then don't mention it, if your redesign is basically "stealing all the design lessons you could take away from Kodi (which you just kicked out of distribution" and Microsofts Xbox OS? )
- When they took our launchers - the bloggersphere chanted "finally its become eazier".
- When they kicked Kodi (the "browser" of the set top box age), the bloggersphere filled you with all kinds of BS articles about how great it would be to use one of the mangled forks, that had to vow, never to inclue a scriptable python backend - because using the internet as informed users - is something Amazon gets very uncomfertable with. With them its all simple voice button prompts to get stuck in their echosystem with and waging war against EVERY AND ALL open standards, apis, the OS itself...
- When they started blacklisting apps - the bloggerspehere wrote them the excuses for why its ok, and they'd never cross the red line that is blacklisting Kodi. WHO CARES? Blacklisting launchers was enough to mangle the homebrew ecosystem once and for all -- no developer writes code for your benefit, when its clear as day - that amazon stealing it and banning the initial app not only is commonplace in the Fire TV ecosystem - its cheared on by bloggers.
Take your eazy voice commands - and get straight out of this community. If your intention is to whitewash every move Amazon implements to make "running your own code" on the FireTV "just a little harder", but instead would like to promote Amazons paid services - while they introduce blacklists to Android and hide away the developer bridge behind presumably a remote key combination - you have become complacent.
Amazon has made it very clear - that the only way for you to get access to the android ecosystem openly - is to block their updates - hiding away the adb toggle is just another stabwound.
If you wan't to exchange "Echo" and "i watch show - by saying "houswives" and it plays" for access to an unfiltered internet, different sources that don't have to pay Amazon the required obolus, or apps that are actually usable (Amazon App Store apps are often slow to the point they become unusable, or get pulled shortly after release, because they crash all the time - of course, bloggers don't make that their focus - ) - be my guest --
but don't play the "oh - its nothing" - they do all of this to benefit the user game, like some others in here. I get irritated by that. Immensely.
Also - don't abuse this forum for requests on "Echo" and "I hit button and cloud does the work" stuff - because it is specifically out of our reach. As tinkerers, as hackers, as consumer advocates. If you wan't that stuff - you sign away your rights and pay a subscription fee. With that comes paid support and a cookie cutter community that finds "having bought the right trinket" is all the tribalism they'd ever need.
Don't try to bait people with Echo - in exchange for loosing yet another accessibility feature - because its suddenly hidden.
Don't become the blogger that scrambles on his way to contact the company to give a denial as soon as an issue pops up - turn on your brains instead, and don't just neglect the steps Amazon sets to shut out their audience from the outside world a little more.
Everytime they put up another wall - people scramble to explain it away and offer you a little more "Echo" inside your walled garden.
lol @ wall of crazy
Why?
You can't just highjack an argument with an empty accusation aimed killing off all any discussion about what yet another action from Amazon to move installing 3rd party apps just another step further away - means.
Or you can - because, this is how all discussions are meant to be held in the post facebook age of "counterspeak" is impossible - and the popular (because eazy) argument always is the only one left standing.
---------- Post added at 12:43 PM ---------- Previous post was at 11:54 AM ----------
Maybe I have to explain my position a bit more.
I am an individual who saw the popular product blogger delete his clarifications for posting unfiltered company PR as a first reaction on the most significant issues concerning open access on the Fire TV platform - as soon as he felt the public lense had moved an inch.
Now I find him reaching out to Amazon, on his own, to be the first one to publicise their rebuttle for "why you not seeing the last remaining API into the Fire TV anymore" is something you should not be worried about.
Without any form of source disclosure or journalistic distance. Basically in a "my buddies at Amazon told me "not true"" fashion. As a byline in a thread that talks about the issues of them doing so.
Not only that - but in response other people in here remind me, and rightfully so, that Amazons FireTV is aimed more at individuals that buy into Amazons service future - like Prime and Echo, than for informed users of Android set top boxes, that want to use them for different purposes as well.
And while I agree - the idea, that it is something that "just happened" is preposterous.
They were Android set top boxes at one point. We had people developing custom recoveries for them. Not just for the sake of doing so - but to allow us to do the stuff, beside whats possible out of the box.
You look at when Amazon took away the freedoms of the Android OS and its Linux Kernel, you look at where and when it banned apps (to replace them with their own cut down interpretations (/clones) of them), you look at - when and where they changed stuff in the UI - and you comment on it.
You look at what they did to the ecosystems on the Fire Tablets, the Kindle, and what they tried to create with the Amazon phone.
You talk about it - and not just advice XDA users to use voice assistants within the Amazon Echo ecosystem on their set top boxes more often - because "its almost like on the dedicated Echo devices", and those are the current "craze du jour" to be able to watch your TV shows, or listen to music -- and Amazon wants you to.
Going along with Amazons vision of a more and more closed down ecosystem - where the mere thought of a "general purpose computer" is something only developers working to put apps into Amazons stores, with the knowledge of the "secret remote access code" should be having, while the rest of the world will happily subscribe to fixed content subscription models, because all we care about is eazy voice search - is something I find hard to do.
Instead of selling people on voice commands, maybe spending a bit more time on "what ecosystem they lead into" and how the vision of it changed in the past months, is worth the while.
So - when Amazon decides to hide the adb dev. bridge, we don't just excuse them for it, we acknowledge the fact and talk about it first.
And if the product bloggers tries to keep it from happening (intended or not, but then - not with the necessary journalistic distance and integrity) - I'll do it for him.
I'm not going to dignify those disastrous posts by quoting then. Just jog on man, these people don't want to hear your rants...
harlekinwashere said:
I am sorry to inform you - but even if they JUST have hidden the adb toggle in a hidden "service menu" - the question is why.
Of course product bloggers won't ask it openly, because despite catering to users interest, they have 5 other Alexa *blub , bleep - use voice search - its so eazy* articles to pump out every day.
If you are hiding away the adb toggle it puts up another barrier of entry there - behaviorally, for the normal user. Amazon playing their freaking "take their rights one pinprick at a time" game is just as despicable as it was on day one -
and the only reason they are still doing it, is that everyone lets them get away with it, no questions asked.
(
- Why are you adding a blacklist to an open source operating system you borrowed from the linux community?
- Why are you banning launchers, whose functionality you stole from community developers, add a banner ad to yours, and then roll it out (depreciated, because - the Echo audience, never needs to force close or quickly uninstall their apps, or to sort them, or to hide some apps that arent accessed daily) as the new default?
- Why are you banning Kodi - but allow in Kodi Clones as soon as they have stripped out the python interface that enables streaming webenabled content (Isn't that anti competitive to the highest extent?)
- Why are you modifying adb - so some features like parsing logs become impossible?
- Why are you hiding away the development features behind a hidden key combination, so normal users loose the feature - until they are told how to find it again?
- Why have you bloggers that champion you for your interface decisions and who make podcasts about every new menu you add running this scene - but then don't mention it, if your redesign is basically "stealing all the design lessons you could take away from Kodi (which you just kicked out of distribution" and Microsofts Xbox OS? )
- When they took our launchers - the bloggersphere chanted "finally its become eazier".
- When they kicked Kodi (the "browser" of the set top box age), the bloggersphere filled you with all kinds of BS articles about how great it would be to use one of the mangled forks, that had to vow, never to inclue a scriptable python backend - because using the internet as informed users - is something Amazon gets very uncomfertable with. With them its all simple voice button prompts to get stuck in their echosystem with and waging war against EVERY AND ALL open standards, apis, the OS itself...
- When they started blacklisting apps - the bloggerspehere wrote them the excuses for why its ok, and they'd never cross the red line that is blacklisting Kodi. WHO CARES? Blacklisting launchers was enough to mangle the homebrew ecosystem once and for all -- no developer writes code for your benefit, when its clear as day - that amazon stealing it and banning the initial app not only is commonplace in the Fire TV ecosystem - its cheared on by bloggers.
Take your eazy voice commands - and get straight out of this community. If your intention is to whitewash every move Amazon implements to make "running your own code" on the FireTV "just a little harder", but instead would like to promote Amazons paid services - while they introduce blacklists to Android and hide away the developer bridge behind presumably a remote key combination - you have become complacent.
Amazon has made it very clear - that the only way for you to get access to the android ecosystem openly - is to block their updates - hiding away the adb toggle is just another stabwound.
If you wan't to exchange "Echo" and "i watch show - by saying "houswives" and it plays" for access to an unfiltered internet, different sources that don't have to pay Amazon the required obolus, or apps that are actually usable (Amazon App Store apps are often slow to the point they become unusable, or get pulled shortly after release, because they crash all the time - of course, bloggers don't make that their focus - ) - be my guest --
but don't play the "oh - its nothing" - they do all of this to benefit the user game, like some others in here. I get irritated by that. Immensely.
Also - don't abuse this forum for requests on "Echo" and "I hit button and cloud does the work" stuff - because it is specifically out of our reach. As tinkerers, as hackers, as consumer advocates. If you wan't that stuff - you sign away your rights and pay a subscription fee. With that comes paid support and a cookie cutter community that finds "having bought the right trinket" is all the tribalism they'd ever need.
Don't try to bait people with Echo - in exchange for loosing yet another accessibility feature - because its suddenly hidden.
Don't become the blogger that scrambles on his way to contact the company to give a denial as soon as an issue pops up - turn on your brains instead, and don't just neglect the steps Amazon sets to shut out their audience from the outside world a little more.
Everytime they put up another wall - people scramble to explain it away and offer you a little more "Echo" inside your walled garden.
Click to expand...
Click to collapse
Take a deep breath dude. Lol Bottom line is they CANT block like that. No one could develop for the device if they did. Common sense.
But they can hide it. Make sure people don't stumble upon the sideload apk portion of their boxes. Ever.
Now, this is what they are doing. This is what the product blogger allows them to do without even letting it become a story anymore. He shuts it down for them. Cool. Probably get more exclusive Echo scoops that way...
Also - I've laid this out in my first posting, this is another tldr; version.
I cant stand it, that Amazon is allowed to take away normal user rights a slice at a time, and if you are not letting it fly - you are attacked by superfans, doubling down on personal attacks, because - who needs a rational argument, on the internet. Ever. Isn't that what 9gag taught us?
They can't take it away entirely. Great.. But as always - whats possible doesnt matter. What matters is stuff thats easy enough for actual people to use.
Are you now doing remote control acrobatics, everytime you have to restart the adb service, to even get the menu with the toggle to appear? Remember when people dismissed Amazon only allowing one adb connection into the device wasn't a big deal?
Remember what happened next? We all of a sudden had to support a slew of people that came in with blanket statements that "stuff or tutorials would not work anymore". And what was the result? We had to shrug and explain, that people would have to learn how this works - because we could not get it opened up again to work - always as expected and easy.
We'll decide if it is a big deal, once we know how its implemented, how about that?
But I am certainly not taking their PR departments word for it, and I am sure enough not following the product bloggers line, who couldn't jump fast enough to burry this story because of stuff that sources he wasn't able to disclose or quote, told him.
Because where are we right now?
- Using FIrestarter is not something new users can do
All we have to offer is telling people that they wouldn't need it now, and thats essentially not true.
- Banning apps from being sideloaded - just because the company doesn't like them, or would rather steal its featureset, is the new normal.
As a result there is hardly any original development for this device anymore - that takes place outside the "Amazon app store" ecosystem.
That stuff was all possible without making that stuff impossible. They just made it impossible to scale, or to be easily supported, or to work reliably - and they smashed Firestarter to pieces for essentially daring to be a popular piece of software that was distributed outside their official ecosystem.
With Kodi, they just badmouthed its name and kicked it out of distribution - but same thing.
So if the fist thing that comes to your mind after all of this is "yeah - but Alexa is great - right?" or "yeah - but devs can still test code on the device to later sell it in the Amazon Market" - suggest for a minute, that none of it matters very much, if you come at it from an "educated consumer wants to use a an android box for his on purposes - not the stuff Amazon can come up with - he should use" perspective.
And that I am getting extremely irritated if now it seems, that the product blogger does Amazons PR tasks for them, but people discussing the changes Amazon implements regarding accessing the few remaining APIs on the system - shouldn't be allowed anymore one the basis that "they can't take it away 100%".