Kill com.samsung.android.intelligenceservice - Galaxy S 5 Q&A, Help & Troubleshooting

Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?

kgyirhj said:
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.

kgyirhj said:
Can I kill this service and it's startup?
Intelligence Service
com.samsung.android.intelligenceservice
What does it really do?
Click to expand...
Click to collapse
It checks the IQ of the user. The phone shuts down below 90. Mine does not boot anymore ?
Sent from my SM-G900F using XDA Premium 4 mobile app

fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
All I know about this service is what I have written here.
It's name is "intelligence service"
and the file is com.samsung.android.intelligenceservice
The reason I started this thread is to get more infomration about what this is as google search does not give much about it.
Phone is SM-G900F
I found some new info using another program to monitor services..
"Receiver
com.samsung.android.intelligenceservice.useranalysis.UserAnalysisBroadcastReceiver handels action android.intent.action.BOOT_COMPLETED with priority 0"
And a second one also named "intelligence service"
"com.samsung.android.intelligenceservice.useranalysis.analyzer.CarAnalyzer handels action android.intent.action.BOOT_COMPLETED with priority 0"

This service isn't on my phone. And as you said, a cursory Google search doesn't tell us much, so we can't tell you anything about it either. Unless you, or someone else that has it provides more information.
At a guess it's just part of some Samsung bloatware. If you disable it, then the associated bloatware app will stop working. If you want to learn more, then look at xprivacy, a root enabled file browser or perhaps Settings > Applications > App ops and find out what app (apk) the service originates from. Then post the apk or at least provide the app's name and what permissions it asks for.
.

And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
.

fffft said:
And the winning entry is..
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
I had a few minutes to spare, so I did a proper Google search. The upshot of which is that a lot of people claim that this is a Carrier IQ component. So the service is aptly named. Carrier IQ is a spyware rootkit installed by Verizon, Sprint, etc to capture extensive demographics on what you do with your phone, including keystoke logging. For the carrier to serve you better of course. Or to help the NSA spy on you, depending on who you choose to believe.
Invasive in either scenario, which is why it isn't on my phone.
More reading if you are interested:
http://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
http://forum.xda-developers.com/showthread.php?t=2266241&page=2
http://goo.gl/td1w4n
https://www.bloglovin.com/blog/post/5233323/2639029999
.
Click to expand...
Click to collapse
Somebody is in a bit of a pickle then.

This is also on my handset too

here also.. been reading a bit and found this app:
http://forum.xda-developers.com/showpost.php?p=17612559&postcount=109
and it looks it works for S3:
http://forum.xda-developers.com/showpost.php?p=28662155&postcount=4
could it work for S5 also?

Same here
fffft said:
Well it could be
1) A surveillance monitor for the Carrier IQ package that the NSA has had carriers install on 300 million phones
2) A training aid for would be Mensa members
3) Some random Samsung service that isn't on my S5
You didn't give us any details or context, so it's difficult to say what the service does. It isn't on my S5 so it's not universal. It may be regional, carrier specific or some Samsung bloatware that doesn't live on my phone anymore.
You can kill the process, which will cause something to quit working. Probably nothing critical but it's hard to be certain when we don't know what it does. If you have xPrivacy, see what permissions it asks for. Otberwise you could just freeze or disable it and see what effect it has on your phone.
If you tell us what firmware version and carrier you use, perhaps someone else who uses the same firmware /carrier will comment.
.
Click to expand...
Click to collapse
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
---------- Post added at 11:49 AM ---------- Previous post was at 11:10 AM ----------
harlgal said:
I have the the same issue, Intelligence Service just popped up in my sys apps too. AT&T
I have a Samsung S5 A900 4.42 I'm at the end of a trial for Samsung. (You think I'd at least get the update sooner! lol) I don't use xPrivacy.
Click to expand...
Click to collapse
I think it's the Isis (Softcard) Wallet, pretty sure it is. I just re-enabled it to start using my Serve card.

Connecting to Mac/PC
hi there,
I had a problem after installing amazing "Blaze Kernel "Onto G900w8 S5 running Xtresolite Rom v 1.5 is that phone is not connecting to Pc or mac through kies or Andriod file transfer which used to connect without any problems. Kids or other softwares just keep on trying with no success. I guess there might be some settings that need to corrected to get connectivity. tried both file or camera transfer modes on S5 but no connections.
One Amazing thing i noticed in performance and battery life with this kernel is that my Antutu benchmark scores went up to 43456 from 40435 and is the maximum reached so far...Simply Amazing..
PLEASE HELP!!!!! with connection problems would be highly appreciated.

so what's the verdict on this??

No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...

DaddyChaddie said:
No verdict, most of these kids are no lifers and posting garbage. Still awaiting a fix...
Click to expand...
Click to collapse
What the hell are you talking about?

Note 4 same problem
I use battery doctor and lately it's been hard to charge and running quite slow then when I went to optimize it it had all these weird apps iv never seen before and majority of them say they have permission to record audio take my photos use any of my information and so on most of them I can force stop but they just open back up also since this is happen when ever I plug my charger in it makes a weird beep sound after the normal beep that occurs when plugging it in to charge

Ive always just uninstalled this app along with several other useless and suspicious looking apps samsung likes to load our devices with.

I have had my phone for over 12 months. I am very aware that I am being monitored for no reason and so , have kept tabs on my phones files and apps. Only today have I seen a file called Intelligence Service and so, wanted to find out what it was. It wasnt there 4 weeks ago. 4 weeks ago I had other odd files that I couldnt delete. My phone does what it wants: answers calls and hangs up, opens apps, closes other apps, filters internet and when Im on a call I will hear people talking on the line as if its an echo but they arent saying the same thing I am. I often hear voices coming out of the speaker. It reboots when it wants to. My data runs out too quickly no matter how I use it....when I take photos it gets hot like the info is being transfered. My phone has a magnetic charge, too. The phone runs with a slight delay as if its being relayed. Smart phones and idiot phones arent safe. I used my old basic nokia last week. It too was being controled remotely. It doesnt matter what u do.
Com.Sec is a sucurity company. Com.Sec.android may be innocent. If u have files that just say Com.Sec get rid. Com.Sec Investigations, Omnitron. Look them up.

I've just installed the SuperMan ROM and see a newer version of this service, com.samsung.android.intelligenceservice2.
The ROM also left (or brought) over com.samsung.fresco.logging (Fresco Intelligence Service). Apparently nobody knows what that is.
Let's see what the developer says about the two enabled logging/intelligence services in his ROM.

Related

[FAQ]: SGS Vibrant i9000m (Bell), also applicable to other models

Data Connection 2G/3G/H
This phone when used on Bell's own network, it can only do 3G & H
(this is not a hardware issue but rather a network issue, there is a topic about this discussion, link coming soon)
However once unlocked the have full 1G(Cuba!)/2G(EDGE)/3G/H on Fido, Rogers, AT&T and any other network that supports the 850/1900/2100 band for data communication
Pre-installed Apps:
TeleNav GPS Navigator if you are not online via 3G or WiFi, you'll get an error message "This application is not available" or something along those lines
The application is not free, it wants you to register for $10 a month, it's safe to uninstall after rooting
BellTV Remote PVR only works if you have a Bell digital cable box for TV, it's safe to uninstall after rooting
Tunes & Apps it's just an Advertisement URL link, it tries to go
Code:
ads.bwanet.ca/getnew.jsp?request=PDAdownload
the link is dead anyways, it's safe to delete after rooting
TV & Radio supposedly to Watch Live TV, Listen to Music and Talk Radio... but it doesn't work.
It might be only available to people on Bell network, the error messages says
> Error
There was a problem
connecting to the service.
Check your data connection.
Click to expand...
Click to collapse
my recommendation uninstall it if you are rooted, there are better Apps in Android Market that offers the same feature & service
Kobo it comes included with the latest official ROMs. You might want to keep it if you are an e-book reader. It channels you to their online catalog of e-books. Depending from each point of view, it can be categorized as another Advertisement or a Tool.
Personally I'll uninstall it (you'll need to be rooted), the only thing I'll ever read in my phone are PDF files, for everything else i got RSS feeds, tons of e-mails/SMS to go through an lots of websites to keep me busy and relaxed.
AllShare a simple to use App to share your files in the phone to other devices wirelessly.
Worth keeping? Yes
Layar is more of a fun tool than a real utility, it lets you catalog and get info of nearby places where you are standing, it requires the GPS to be ON-line. This App is based on the Anime feature in Eden of the East.
Worth keeping? Yes
Navigation Google Maps Navigation, a simple to use Navigation tool that works out of the box.
Worth keeping? Yes
ThinkFree Office requires activation, but it's completely Free as the name implies (unlike other Apps which claims to be "free" but is crippled one war or another, or with Ads.) you can open and create Microsoft Word Doc, Spread Sheet, and PowerPoint slides, all from the tips of your fingers.
It takes a bit to get used to navigating around the software to do what would normally have been a simple task in the PC.
Worth keeping? Yes
Samsung Apps List of available freebies:
- eBooks by Kobo (the other piece of the forced on ROM Kobo eBook Market)
- Social Hub Push Email and IM (as the name implies it does everything, it's quite good infact, it adds additional supported services to the original version, now it can do Google Accounts, Hotmail/Live Accounts, Yahoo Accounts, Facebook Accounts, Twiter Accounts, MySpace Accounts)
- RoadSMS (SMS that lets you see behind the phone, the road or whatever your phone camera seems to be pointing... great App to check out on girls on the restaurant table in front of you )
- Robert Parker (wine guide)
- Radio Companion (i find it rather interesting, it lets you sing karaoke to the radio station you are listening to... well sort of, it will scroll and display the lyrics as the song plays on the radio station)
- Asphalt5 (racing game, full version, completely free, notice this is not the Asphalt5 HD)
- Vlingo Voice (voice control your phone, dictation, launch apps, etc)
- Krazy Kart Racing (from Konami) cartoonish kart racing game, fun!
- Facebook for Samsung the name says it all it's a new facebook apps from Samsung
- Movies App for movie show times, trailers and reviews
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- Blinkx Beat
- ComedyTime
You may want to add something in here about Bell's lack of a 2g GSM network and checking if your phone has the download mode disabled or not. These seem to be 2 common questions on these forums about the Canadian I9000M.
Thanks for the reminder, yes this FAQ is a work in progress
The TV & Radio app is worth keeping if you are a Bell subscriber and into the idea. Basically it is a premium app, you have to pay for subscriptions to channels. But you can access content like live NHL games, HBO, etc.
It also lets you subscribe to and listen to Sirius sat. radio.
But if you don't have a 6GB plan it's a total non-starter.
For someone in the United States, where's the best place to purchase an unlocked one? I can't find any on US ebay and only like 3 on CA ebay.
AllGamer said:
... safe to uninstall after rooting
Click to expand...
Click to collapse
Silly question: how do you uninstall apps after rooting? (I'd appreciate teaching me how to do that using Root Explorer.)
INeedYourHelp said:
For someone in the United States, where's the best place to purchase an unlocked one? I can't find any on US ebay and only like 3 on CA ebay.
Click to expand...
Click to collapse
The states ones are all carrier exclusive, not sure when they'll have unlocked ones available?
Aqua1ung said:
Silly question: how do you uninstall apps after rooting? (I'd appreciate teaching me how to do that using Root Explorer.)
Click to expand...
Click to collapse
i do it via busybox or any other terminal app
using command lines:
cd /directory/where/apps/reside
rm WhateverName.apk
there is a topic in one of the 23+ SGS sub forums with a full list of all the Apk safe to remove, but i can't find it because i forgot which of the so many forums we have are storing it
this is why we need this to happen
http://forum.xda-developers.com/showthread.php?t=764084
AllGamer said:
i do it via busybox or any other terminal app...
cd /directory/where/apps/reside
rm WhateverName.apk
Click to expand...
Click to collapse
So is this just a matter of deleting the corresponding .apk file? Or is there something more to it? If the former holds, then how can I tell where the undesired (i.e. stock) applications are located for the I9000M?
found it, here's the topic you want to remove the stuff you don't want
http://forum.xda-developers.com/showthread.php?t=712546
AllGamer said:
found it, here's the topic you want to remove the stuff you don't want
http://forum.xda-developers.com/showthread.php?t=712546
Click to expand...
Click to collapse
Thanks. Where would I find the apps that you listed as safe, such as Tunes and Apps and the rest? Those look to me to be better deletion candidates.
Look, I know this isn't the right thread to be posting in, but I have a dying question to OP.
How did you root your i9000m? I cannot seem to root mine! Nor can I find a confirmed method of doing it.
roma17 said:
Look, I know this isn't the right thread to be posting in, but I have a dying question to OP.
How did you root your i9000m? I cannot seem to root mine! Nor can I find a confirmed method of doing it.
Click to expand...
Click to collapse
follow step one
http://forum.xda-developers.com/showthread.php?t=747235
and if you want to unlock you phone too
follow step two
AllGamer said:
follow step one
and if you want to unlock you phone too
follow step two
Click to expand...
Click to collapse
and you're absolutely sure that if i follow step one correctly, that the phone will be rooted? (Yes I know nothing is sure, but I just need to hear it from you).
roma17 said:
and you're absolutely sure that if i follow step one correctly, that the phone will be rooted? (Yes I know nothing is sure, but I just need to hear it from you).
Click to expand...
Click to collapse
those are proven steps that i used on my phones
Before this thread gets hijacked, would you mind answering my question above: Where would I find the apps that you listed as safe, such as Tunes and Apps and the rest? Those look to me to be better deletion candidates.
Thanks.
Edit: alright, I think I found'em. What's tn55-android-blur.apk? The TeleNav application by any chance?
updated
- Krazy Kart Racing (from Konami) cartoonish kart racing game, fun!
Any chance of an apk dump of "Social Hub Push Email and IM" and "Radio Companion" apps? (assuming that they are legal to share, these aren't in my JP3 app store).
I would also ask for Krazy Kart Racing, but pretty sure thats a paid app and I don't wanna break any rules lol..
Otherwise, if no-one can share anything... what firmwares are these apps available for? just the non-beta ones? or just for the bell i9000?
Yes, bell i9000m JH2 is the latest official ROM from Kies
it is compatible with I9000 international, but you will need Odin to flash it
or do the KIES cheat as mentioned in another topic, to make the changes in the registry, so it will download Bell JH2 for you.
But as far as i know, if they are included as freebies inside Samsung Apps, it should also be available to the international i9000 ROMs with Samsung Apps
Thanks for the reply AllGamer
Sorry that I'm a little confused, are the radio and social hub push email included in the firmware or downloadable from the samsung apps store?
Do you know how samsung app store determines phone version? Can we fake this through build.prop or something to download the latest apps, or does it have a more complicated check?
Only cause it seems that the number of apps available to JP3 is limited (and I wanna stick to this firmware for now, it's awesome )

[SECURITY ALERT!] DroidDream Malware Found in Official Android Market

Google pulls 56 malicious apps from Android Marketplace
original source: http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/
List of malicious Android App that steals your information and download additional craps to your phone
Full list Developed by “Myournet”:
Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠
Full list Developed by “Kingmall2010″:
Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画
Full list Developed by “we20090202″:
Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手
Personal warning I'll also include AppsPlanet into those list if I were you.
Any views as to whether installing Norton, MacAfee or similar would have picked these up?
Hey Allgamer,
Thanks for the great post / update!!!
Just wondering how much you are selling your Galaxy S for? Please PM me and let me know.
Thanks,
yiannisthegreek
In case you have installed them.
Google spikes 21 malicious apps with big download counts from the Market
Google just removed some 21 apps from the Market in the last day from a publisher going by Myournet for doing all sorts of naughty things to your device. Offenses include attempting to root your phone, uploading phone information (including IMEI) to who-knows-where, and -- most egregiously -- adding a backdoor that allows additional code to be pulled down and executed.
Click to expand...
Click to collapse
List of his apps (may not be all)
http://www.androidzoom.com/android_developer/myournet_thqw.html
Auzy said:
The source appears to be: http://www.engadget.com/2011/03/02/google-spikes-21-malicious-apps-from-the-market-with-big-downloa/
Click to expand...
Click to collapse
And Mashable
http://mashable.com/2011/03/01/android-malware-apps/
You should ALWAYS read the forum before posting
Rofa1 said:
Any views as to whether installing Norton, MacAfee or similar would have picked these up?
Click to expand...
Click to collapse
Any of the well known Antivirus app for android should have picked it up.
I used to think we'll never need an AntiVirus app for Android... well think again.
after reading the article i downloaded all of them to run a full scan and the results are good
I scanned my phone and it's all clean
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?
Thx
AvalonGamer said:
Should one of these apps had been installed already (Photo Editor), is there something else I can do ... other than flashing ?
Thx
Click to expand...
Click to collapse
you can simply un-install it, it doesn't really do anything to your phone until you run the app
and even if you did, uninstalling it will remove the problem
Flashing the phone is a bit over the top it's enough to do a system wipe if you want to be 100% sure, and then restore all your apps from backup, excluding the fake ones
Waiting for ESET to debut on Android platform...
kunjar said:
Waiting for ESET to debut on Android platform...
Click to expand...
Click to collapse
+1
This reminded me to reinstall lookout after fresh flash.
AllGamer said:
you can simply un-install it, it doesn't really do anything to your phone until you run the app
and even if you did, uninstalling it will remove the problem
Click to expand...
Click to collapse
This is actually an incomplete answer.
As noted on Android Police, (I'm new so I can't link there) these apps open a backdoor, which can download additional apps that can do *anything*. The original app doesn't do much on its own. But, removing the infected app will leave behind the additional malware introduced through the backdoor.
Is there anyone who knows if these apps actually worked? What I mean is if the games for example were actually games? The reason I ask is that there is a bubble shoot like game installed on a friends phone which works (not sure if it's the one mentioned above).
So would you be able to recognize that malicious app in that way?
Edit: just noticed on the Lookout Blog that they actively send out a patch to detect these apps (if I read it correctly):
http://blog.mylookout.com/2011/03/s...-found-in-official-android-market-droiddream/
So if you have not yet scanned for those apps, do it now ;-)
Thanks for the information!
How to remove and consequences
First i manyally uninstalled the "Advanced Barcode Scanner" of KingMall2010.
Second i scanned my device with Kasparsky and Lookout, both didn't find any threads.
In the end i performed a reset to factory settings and a format of my SD-card.
Can anyone please tell me if this actions are sufficient to completely whipe this malware of my device?
Also i would like to know if this malware actively sent my private data to servers, or that it just opened a backdoor for later use. And if my data is already sent, what are the consequences and which actions should i take to do something about it.
traumaheli said:
First i manyally uninstalled the "Advanced Barcode Scanner" of KingMall2010.
Second i scanned my device with Kasparsky and Lookout, both didn't find any threads.
In the end i performed a reset to factory settings and a format of my SD-card.
Can anyone please tell me if this actions are sufficient to completely whipe this malware of my device?
Also i would like to know if this malware actively sent my private data to servers, or that it just opened a backdoor for later use. And if my data is already sent, what are the consequences and which actions should i take to do something about it.
Click to expand...
Click to collapse
What you've done so far seems sufficient enough to clear the malware from your phone system. Even if it copied a backup on your SD card (internal & external) if you've wiped both then it should be ok.
In regards to already leaked data, I would immediately change my passwords to gmail, emails, facebook, ebay etc or any other site that you may have used on your phone.
silverstorm said:
What you've done so far seems sufficient enough to clear the malware from your phone system. Even if it copied a backup on your SD card (internal & external) if you've wiped both then it should be ok.
In regards to already leaked data, I would immediately change my passwords to gmail, emails, facebook, ebay etc or any other site that you may have used on your phone.
Click to expand...
Click to collapse
Thanks for your quick reaction. It makes me a little more comfortable. Indeed i already changed my password's.
I already called my phone provider, but apparently could not tell me whether the IMSI (international mobile subscription identity) and SIM card serial number are sufficient information to clone my SIM card. This is the information that would be sent by the malware to remote servers.
Therefor after work i go to get a new SIM card. It's better to be safe than sory after all.
I'm still not convinced on running a constant anti-malware app on my phone. Even with a good processor, my cpu cycles are a precious resource to keep my phone running light and fast.
How heavy on system performance is lookout? Does it only activate and scan when new material is installed?
Lookout scans when u download or install any app on your phone, i havent noticed it running unless im installing
Intlstyle said:
Lookout scans when u download or install any app on your phone, i havent noticed it running unless im installing
Click to expand...
Click to collapse
yes, it only runs after you install a new app from market
i installed it after reading about the news, before that, i had no reason to worry about the stuff i download from the official android market
Much thanks for the heads up on this issue!
my question is what is the deal with app planet? i have it installed on my phone along with another app mentioned on the list...why would app planet be something to be worried about???
(P.S. im about five minutes away from wipeing my phone spottless clean thx for the Alert!!!!!)

Track N Remote Control your G-Note online - Free Service by Samsung

Track Your Galaxy Note online with samsung server.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Since I am using this service from day one, but i have never read a word regarding this on XDA forum. so writing a guide who are not aware to this service.
Priorly with SGS i have tried, but was not available to my country(india), but this time with Note we are lucky.
To activate this service
First Go here
http://samsungdive.com
and register your account(free)
- Now on mobile go to setting-Location n security - Find My mobile
1.check SIM card change alert
2.click on alert msg recipient - Now login with credential, you have register on above mentioned samsung site. - and add recipient mobile number (your other number / family number) on which you will get notification, if SIM will changed.
3.check Remote control
Now when you visit samsungdive.com n login, you will see your register device there, (see Image above)
Click on your device.
You will see this
Now you can track your mobile. It have all function which available with many costly applications on market like
-tracking on map (to check location)
-Ring mobile (to find device in nearby location)
-Forward msgs
-call logs
-wipe out device etc
Hope it will be useful to G-Note user.
I didn't know about this! Thanks!
Samsung Dive is an excellent tool.
it also helps with few other things.
The other day i misplaced my note under my desk and i went online and made it ring( it rings even in silent mode )
Sounds great! I will have to check this out. I have been using SeekDroid since it came out, but this might be a more fool proof way, since I have had issues with Seekdroid while running practice tests. Thanks!
Doesn't seem to work in the US. Saying my ZIP is not enough digits and I don't see the setting on the phone menu to "find my mobile."
Edit: nevermind, deleted the optional address information. Still not working yet...added +10000000000 (0's are my phone number) since I'm in the US....
Edit 2: I previously had a SGSII on my Samsung account. Perhaps it's trying to locate that device (hehe, the new owner is probably panicking).
How can I delete that device and add my Note?
Edit 3: Nevermind, figured out how to add the Note here:
https://v2.samsungdive.com/help/guideRemoteControls.do
Doesn't say how to delete a device I no longer own though....
thanks for this
Although find my mobile worked fine with me "lock mobile" and "ring mobile" didn't although it is showing as succeeded on the web
any idea?
ericshmerick said:
Doesn't seem to work in the US. Saying my ZIP is not enough digits and I don't see the setting on the phone menu to "find my mobile."
Edit: nevermind, deleted the optional address information. Still not working yet...added +10000000000 (0's are my phone number) since I'm in the US....
Edit 2: I previously had a SGSII on my Samsung account. Perhaps it's trying to locate that device (hehe, the new owner is probably panicking).
How can I delete that device and add my Note?
Edit 3: Nevermind, figured out how to add the Note here:
https://v2.samsungdive.com/help/guideRemoteControls.do
Doesn't say how to delete a device I no longer own though....
Click to expand...
Click to collapse
I think if u signout of samsung dive account in your phone , it dissappears.
Not so sure. will test it.
drgopoos said:
I think if u signout of samsung dive account in your phone , it dissappears.
Not so sure. will test it.
Click to expand...
Click to collapse
The FAQ says to delete (disable) the feature on your phone before selling it.
I factory reset it so it had to be disabled as the phone re-formatted.
Oh well. Works on my Note but I hope I don't wipe some guy's SGSII that I sold it to lol.
this is a really good tool, i played around with it for a while and its an asset
guys lock screen and all is working for you ?
any specific apk should be installed?
what ROM are you using ?
Thank you very much! It's working like a charm
THANK YOU!!
I saw this in the settings and wondered from where on the net one can control it.
@ArticCat: Are your phone's data/wifi enabled? 'Cause it needs to communicate with the servers.
Noooooo
No no no no nooooooooo, definitley not, couldnt bear the thought of knowing i was been tracked at any moment, dont like the idea of that software, like the people upstairs dont already have their beady eyes on us, how do we know samsung wouldnt make this info available to the government for some corrupt scheme. big no from me...
graemeg said:
No no no no nooooooooo, definitley not, couldnt bear the thought of knowing i was been tracked at any moment, dont like the idea of that software, like the people upstairs dont already have their beady eyes on us, how do we know samsung wouldnt make this info available to the government for some corrupt scheme. big no from me...
Click to expand...
Click to collapse
Tinfoilhat and all, but any and all cell companies know where you are 24x7. Hint: they could give two ****s.
I, on the other hand, want to wipe my phone if I lose it, so I'm in. Samsung can watch me drive around all they want but I'd be willing to bet they have better things to do, like make Touchwiz more bloated and the like.
ericshmerick said:
Tinfoilhat and all, but any and all cell companies know where you are 24x7. Hint: they could give two ****s.
I, on the other hand, want to wipe my phone if I lose it, so I'm in. Samsung can watch me drive around all they want but I'd be willing to bet they have better things to do, like make Touchwiz more bloated and the like.
Click to expand...
Click to collapse
Sent from my GT-N7000 using Tapatalk
ericshmerick said:
Tinfoilhat and all, but any and all cell companies know where you are 24x7. Hint: they could give two ****s.
I, on the other hand, want to wipe my phone if I lose it, so I'm in. Samsung can watch me drive around all they want but I'd be willing to bet they have better things to do, like make Touchwiz more bloated and the like.
Click to expand...
Click to collapse
To continue on his point, I trust Samsung more than the guy who accidentally/purposefully acquires my phone with all my personal info on it. WIPE WIPE WIPE!
Works great, I had this with my galaxy s and now the note ;-)
And it works very good, I am in sweden.
Sent from my GT-N7000 using Tapatalk
Thanks!
But does this affect battery life in anyway?
Sent from my GT-N7000 using Tapatalk
Thanks! This looks awesome. I will try this once I get back home from work.
Thanked & Rated 5 Stars...
Got it to work in USA. Thanks for posting this.

Let's get to the bottom of kingo. (Owned)

I would like to start a forensics thread.
I am a securiry auditor ( pen tester) and good at reverse engineering.
*****UPDATE******
I have owned the application decomiled the entire thing. I have all the download scripts and the actual apk is it not mktcamera it is
com.example.cameraroot-325a203119a823aad9e160e729650fbb.apk
I have given chainfire the apk it is up to him what he does.
I will send an email to kingo and and see if they want to clean up there ****. if they dont. i will release everything.
If you do not beleave me pm chainfire and ask him yourself.
I can not spend anymore time on this.
Sounds interesting. Kudos to you for attempting something concrete.
If you want to do static analysis of the initial download ("android_root.exe"), see this post. The initial Kingo download is an Inno Setup self extractor that can be unpacked without running it using the InnoUnp extractor utility.
I'll see what I can do to help.
thanks
I am trying to download the latest kingo. There site is very very slow. Looks like it is getting ddos. That is really good. It might give me a change to hit the request with session splitting, so i can get the scripts manually.
I
can someone translate this
Getting closer to having this app owned
I need this translated thanks!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.
subbed for results. Thanks for taking the time to look into this and sharing with us, very intriguing
krazylary said:
I have decided to not release the source code publicly. I will be giving it to the rockstars in the android world so we can have a clean root.
Click to expand...
Click to collapse
Thank you. It would be much preferable to having a static ARM (not PC-based) binary that needs no network access to get it's job done. Open source would be even better - even in the case of a completely static binary with no need for network access, the device owner is still "turning over their device" to that program and trusting that it is not malicious. After all, if it succeeds, it pwns the targeted device.
Although, truth be told, that just makes Sammy's job of closing off the hole that much easier, but that's the nature of the arms race.
Q about your previously posted (and now redacted) summaries - what is typical for false positive detection rates for random executables submitted to those "all in one" virus scanning services? Seems like the candidate malware identified would have shown some evident symptoms (popup ads, site redirection, etc) on folks platforms - unless it just lies dormant for a while or has been subverted itself to serve other needs (bot, etc).
What was the nature of the .xml that was being downloaded - did you have a look?
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Sent from my SM-N900V using xda app-developers app
dead batteries said:
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?
Click to expand...
Click to collapse
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Opps!
Yes
bftb0 said:
I suppose you should always be worried about any advice that begins with
"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"
But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.
But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:
- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware
What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".
OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.
I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:
1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.
2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.
I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.
*hey wait a minute - isn't that everybody on XDA?
Click to expand...
Click to collapse
What he said
I would like to add that the coders of kingo have gone above and beyond trying to hide there exploits methods and everything around it. i would do the same if i had a exclusive exploit like this... Exploits cost money if you want to use them. nothing is free nothing. They get something out of it. Or they would not return emails or update the software Would you? It sure as **** is not advertising on there site.
fyi one of the files that is download from kingos servers is called root_kit_base.sbin
Why blur out the program you are using?
personal
here are the programs
colasoft caspa enterprise 7
ida pro 6.5 arm hex rays
wireshark
cascade pilot enterprise
burp suite pro
just like to not have personal info exposed.. habit i guess.
christianpeso said:
Why blur out the program you are using?
Click to expand...
Click to collapse
Thanks for the info guys, that was a well thought out Super long answerand I read it all. ..twice. It doesn't "seem"like I need to worry though. My root with kingo went well, took less than 5 minutes if I remember and my device seems better because of it. Is There anything I should keep an eye out for?
Sent from my SM-N900V using xda app-developers app
I'm confused, did you actually find something malicious or is that where chainfire comes in?
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
bftb0 said:
There is an .apk availkable with a closely related name and having the same md5 sig. Google is your friend. It also was on the Google market for a while until it was removed/banned. So I doubt it is much of a secret from Google.
Seems as if the same .apk is/was used by the vroot tool as well.
It's manifest indicates network connectivity privileges, so probably it shouldn't be installed/run by folks who are paranoid. Too bad it is not fully self-contained.
I suppose it could be kanged with smali/backsmali to remove privileges from the Android manifest for live evaluations, or the app's armeabi JNI lib could be reversed with IDA/Hexrays*. I would try some of this, but I am away from a dev station for a week or so.
It appears to use both the camera and some activity from the android terminal emulator (jackpal).
As far as the title of the OP is concerned, I'm not convinced that a conclusive proof of maliciousness has been obtained. Nor has it been ruled out, either.
But it sure would be far more comfortable to have a phone-only rooting app with almost no app privileges... even if that only lasts until the next release.
Click to expand...
Click to collapse
Is it possible that information is needed on a per device basis in order to implement the exploit? Thus network connectivity would be essential for a universal rooting tool?
Sent from my SM-N900V using Tapatalk
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
bump
Sent from my SM-N900V using Tapatalk
kenneu said:
Any updates on getting to the bottom of Kingo? Perhaps your investigation maybe had "something to do with" the apparent Kingo servers being "down"....
Click to expand...
Click to collapse
Kinda wondered that myself. Nothing materially changed on the device end of things for the VZW GN3 ... and all of a sudden a bunch of new reports that Kingo no longer works on that (unchanged) device... ?
Could be mere coincidence ... or could be that Kingo didn't want folks looking under the hood... hard to know.

Possible Malware in Root Directory of Moto G4 -> Moto G4 Play

**PLEASE HELP!**
For the past few months, I've been experienceing a problem with certain apps. I'll go in order. Apologies for being rather lengthy, but I wanted to include everything to avoid confusion.
I tried to sideload some kind of computer program file on my Moto G4, unknown to me that it wasn't possible on an Android phone. Somehow, somewhere in the process of opening a zip file, I discover that in my App List, there are certain apps that I have never seen on my phone before.
This was a strange occurence, so I went to delete them, and they wouldn't uninstall no matter how many times I tried. After extensive research and work with some file browsers, I found that these suspicious things have installed themselves to my root directory, specifically, most in my OEM folder.
I tried a factory data reset through the bootloader and a cache partition wipe, and yet, they were still present upon setting up the phone after the process. The strange thing is, they don't appear on my traditional app list, even though they've made themselves part of the system: I had to use an app viewer from the Google Play Store to be able to see them. Every representative from Moto and Google said "are you sure they aren't part of the system?" I can assure you, these apps do not belong on my phone. Some aren't even available in my country, nor am I affiliated with the carriers some apps represent, yet they are on my phone. Some don't even appear in the Play Store: I once again use an app list to view Market Details, as those that aren't available don't show up by normal search.
I've done everything I can think of: multiple wipes and setting up without a backup, setting up a dummy account (where they were still present), exchanging my phone for a replacement, in which case they still appeared, I've even gone as far as to root the phone and install a custom recovery, which did solve the problem (temporarily, unfortunately).
Later, after removing the apps from the root directory with SU, I made a mistake in TWRP Recovery and had to purchase a new phone (Moto G4 Play), as my mistake was too much for me to try to fix.
Well, the phone arrived, I logged in, and there they were. The apps that continue to haunt me. I'm just having trouble understanding how the apps are so persistent, persistent enough to occur on TWO phones. This leads me to believe they're somehow tied to my Google Account, even though these apps are nowhere in my purchase history (because, again, the phones think they're system apps).
No matter how many phones I buy, they'll always come back, it seems. Even after removing the APK files sprinkled in my Root Directory on my ROOTED Moto G4, they were tenacious enough to transfer to the next phone.
I know the problem: they've embedded into the system files. The question is: the system files are local and device specific, how in the world are they carrying over to multiple phones, as if tied with an account of some sort?
Even if I rooted my Moto G4 Play, I know this is only a surface, Band-Aid Fix.. I know know that rooting does not expel the APKs it from whatever they are clinging onto.
NOTE: Even though these apps haven't yet displayed/executed tasks with malicious intents, nor request any permissions within their Application Details Page (appears thru PlayStore App List as they aren't found in my traditional app list), ROM Toolbox and other App Viewers indicate permissions where the Application Details Pages ) failed to indicate.
NOTE: I'm well aware that the app names/app manufacturers are valid and are well known (Motorola Mobility, Republic Wireless, etc.), BUT, my concern is for the fact that some are NOT available in my country, or affiliated with my actual carrier, yet they're on my phone (Canada, Mexico, etc. ->Republic Wireless, Consumer Cellular, etc.). Even if these apps are "valid" the fact that they've found their way onto my phone and may very well be a modified version is cause for concern.
If anyone has had a similar experience and has found a solution, please let me know!
List of Suspicious APKs/Applications With Details:
App Box 0.3.02.52
>Motorola Mobility LLC
>Package Name: com.motorola.brapps
App Widget 1.0_2612
>Bell Canada
>Package Name: ca.bell.wt.android.tunesappswidget
Republic Wireless 3xVPL-32ba3d0-5
>Republic Wireless
>Package Name: com.republicwireless.tel
My Consumer Cellular 2.0.1
>Consumer Cellular, Inc
>Package Name: cci.usage
Prip Omega-5-3-0-1-5
>AT&T Mexico
>Package Name: com.motorola.ptt.prip
Prip Omega-5-4-0-1-5 (Prip-Rádio Nextel)
>Nextel International (Services) Ltd.
>Package Name: com.motorola.ptt.prip.br
What is your phone model? I think you got the US firmware installed, it's the only one with these apps, and they aren't removed but just deactivated when you get it unlocked. I'm downloading the US firmware and will see if I can find them.
EDIT I'll have to install this on my phone since I have Lineage to find out, however I can't do it right now so expect an update later on
bsevcenk said:
What is your phone model? I think you got the US firmware installed, it's the only one with these apps, and they aren't removed but just deactivated when you get it unlocked. I'm downloading the US firmware and will see if I can find them.
EDIT I'll have to install this on my phone since I have Lineage to find out, however I can't do it right now so expect an update later on
Click to expand...
Click to collapse
Hi, yes, it's the US firmware. I appreciate your reply, but I fail to understand why applications that are foreign (from Canada, Brazil, Mexico, etc.) would be on my US phone, in the US, or why apps affiliated with carriers I don't use (Consumer Cellular, Republic Wireless, etc.) are on my phone. I've been in the root directory of my original phone (Moto G4) before the incident, and I've never seen them. Besides, they are not installed where system apps would be. It's as if they were installed anywhere that was vulnerable; they installed themselves to the root by whatever happened with downloading that ZIP file.
Tony3610 said:
Hi, yes, it's the US firmware. I appreciate your reply, but I fail to understand why applications that are foreign (from Canada, Brazil, Mexico, etc.) would be on my US phone, in the US, or why apps affiliated with carriers I don't use (Consumer Cellular, Republic Wireless, etc.) are on my phone. I've been in the root directory of my original phone (Moto G4) before the incident, and I've never seen them. Besides, they are not installed where system apps would be. It's as if they were installed anywhere that was vulnerable; they installed themselves to the root by whatever happened with downloading that ZIP file.
Click to expand...
Click to collapse
I think these are in the "OEM" partition. I'll try and extract it using TWRP and let you know, since I can't extract it from the stock firmware.
EDIT
Yup, these files are actually stored in the oem partition. I've had the 3IE firmware installed on my phone, so I don't have the same apps as you do, but they're there.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The /app and /priv-app directory contain all these apps. I think you could even remove the apps and re-flash this if you want but I wouldn't recommend it unless you're really experienced with this.
You can get your own oem partition image and explore it by moving into a directory with ADB then executing this command:
Code:
adb shell dd if=/dev/block/platform/soc.0/7824900.sdhci/by-name/oem of=/sdcard/oem.img
This creates the IMG. It might take a while and appear frozen, but don't worry, it's actually making progress.
After that, we want to pull the IMG to our PC:
Code:
adb pull /sdcard/oem.img
You can then remove the IMG from your phone to free up space:
Code:
adb shell rm /sdcard/oem.img
Once you're done, just use 7-zip or something similar to explore the image (right click > 7-zip > open archive).
bsevcenk said:
I think these are in the "OEM" partition. I'll try and extract it using TWRP and let you know, since I can't extract it from the stock firmware.
EDIT
Yup, these files are actually stored in the oem partition. I've had the 3IE firmware installed on my phone, so I don't have the same apps as you do, but they're there.
The /app and /priv-app directory contain all these apps. I think you could even remove the apps and re-flash this if you want but I wouldn't recommend it unless you're really experienced with this.
You can get your own oem partition image and explore it by moving into a directory with ADB then executing this command:
Code:
adb shell dd if=/dev/block/platform/soc.0/7824900.sdhci/by-name/oem of=/sdcard/oem.img
This creates the IMG. It might take a while and appear frozen, but don't worry, it's actually making progress.
After that, we want to pull the IMG to our PC:
Code:
adb pull /sdcard/oem.img
You can then remove the IMG from your phone to free up space:
Code:
adb shell rm /sdcard/oem.img
Once you're done, just use 7-zip or something similar to explore the image (right click > 7-zip > open archive).
Click to expand...
Click to collapse
Thank you for your research. But, in the past I've looked at the app My Consumer Cellular, stumbling upon it in a search in the Play Store, and it was available for install. After the incident, it just says "Enable" and "Disable" like a system app would. I don't have documented proof of the change, but I can't think that it would be a system app on my phone for any reason. Some of these apps are Brazilian, Mexican and Canadian, but I reside in the US. Some say "not available on your carrier", yet they appear on my phone. I don't even use Republic Wireless, Consumer Cellular or Bell Canada, I use Tracfone for my services.
This leads me to believe it's one of those malware types that install apps to your root directory, making it seem like a system app, impossible to remove. I understand where you're coming from, and your research indicates that those apps are rightfully there, it just rubs me the wrong way that they don't appear in my app list, and are full of one star reviews from people claiming the same as me: malware, bloatware, adware, etc. I forgot to mention that one Motorola representative said "these apps don't belong on your phone" during a call. I'd like to be content with the fact that they're system apps, but I can't logically do so, at least, not at this time.
Sorry to seem hard to please, but I'm still weary of the whole situation. That's not to say I don't appreciate your time and research!
The apps are likely preloaded the way that they are to save money. They are not malware.
d4rk3 said:
The apps are likely preloaded the way that they are to save money. They are not malware.
Click to expand...
Click to collapse
I just don't understand why or how apps from another country and carrier would be on my phone. All phones purchased that acquired the problem were factory sealed, and I can guarantee these are not preloaded. I have no affiliation with them, and they aren't even supported by my phone. It even acknowledges that by saying "this app is not available in your country/carrier." This is not preloaded software.
Even if it's not malware, it still doesn't belong on my phone. They appeared one day after a failed attempt at downloading a zip, and I just wish there were a finite solution, because even rooting is only a band-aid fix, as it just transfers to my next phone, anyway.
Thank you.
Tony3610 said:
I just don't understand why or how apps from another country and carrier would be on my phone. All phones purchased that acquired the problem were factory sealed, and I can guarantee these are not preloaded. I have no affiliation with them, and they aren't even supported by my phone. It even acknowledges that by saying "this app is not available in your country/carrier." This is not preloaded software.
Even if it's not malware, it still doesn't belong on my phone. They appeared one day after a failed attempt at downloading a zip, and I just wish there were a finite solution, because even rooting is only a band-aid fix, as it just transfers to my next phone, anyway.
Thank you.
Click to expand...
Click to collapse
I have the same garbage in my /oem partition....they're not "transferring" from phone to phone as you purchase them. They're simply already there.
d4rk3 said:
I have the same garbage in my /oem partition....they're not "transferring" from phone to phone as you purchase them. They're simply already there.
Click to expand...
Click to collapse
If they are legitimate system applications, why are they tucked away in the OEM folder instead of with the other system apps (the ones that actually appear on my app list; I don't have to go hunting for them unlike the nuisance of bloatware I described above).
d4rk3 said:
I have the same garbage in my /oem partition....they're not "transferring" from phone to phone as you purchase them. They're simply already there.
Click to expand...
Click to collapse
Sorry. I don't mean to be difficult. Lol.
d4rk3 said:
I have the same garbage in my /oem partition....they're not "transferring" from phone to phone as you purchase them. They're simply already there.
Click to expand...
Click to collapse
Some apps, even if I enable them, I can't launch them. Some of these have network access, identity access, etc. It's shady, especially since I don't use any of these services, or live in the regions which they are used.
This is an unlocked phone that is designed to support most/all? carriers out of the box. Some carriers require software for full functionality, so depending on what type of Sim card and network you use it will automatically activate the required app/software. This allows Lenovo/Moto to support many carriers with a single phone model.
spiked_mistborn said:
This is an unlocked phone that is designed to support most/all? carriers out of the box. Some carriers require software for full functionality, so depending on what type of Sim card and network you use it will automatically activate the required app/software. This allows Lenovo/Moto to support many carriers with a single phone model.
Click to expand...
Click to collapse
But the applications of which we speak have never been enabled, and were never present in my system app list. I understand what you're saying, but why would an app that explicitly states "not available on your carrier" or "not available in your country" be on my phone, a phone purchased in the United States under Tracfone? Republic Wireless, My Consumer Cellular and Bell Canada are irrelevant to my services with Tracfone. I don't have accounts with them.
..and as for the App Box app, it's Brazilian, and the two PRIP apps seem to do with Mexico. I can't see any of that reasonably being on a phone in the U.S.
spiked_mistborn said:
This is an unlocked phone that is designed to support most/all? carriers out of the box. Some carriers require software for full functionality, so depending on what type of Sim card and network you use it will automatically activate the required app/software. This allows Lenovo/Moto to support many carriers with a single phone model.
Click to expand...
Click to collapse
Tony3610 said:
But the applications of which we speak have never been enabled, and were never present in my system app list. I understand what you're saying, but why would an app that explicitly states "not available on your carrier" or "not available in your country" be on my phone, a phone purchased in the United States under Tracfone? Republic Wireless, My Consumer Cellular and Bell Canada are irrelevant to my services with Tracfone. I don't have accounts with them.
..and as for the App Box app, it's Brazilian, and the two PRIP apps seem to do with Mexico. I can't see any of that reasonably being on a phone in the U.S.
Click to expand...
Click to collapse
Looking back, I can see Republic Wireless and Consumer Cellular, as they're U.S services and how they'd be preinstalled if you were planning to use those carriers, but I can't see the other things.
If you're from the U.S. and travel internationally the phone should still work if you use a Sim card from a local carrier.
spiked_mistborn said:
If you're from the U.S. and travel internationally the phone should still work if you use a Sim card from a local carrier.
Click to expand...
Click to collapse
I understand and appreciate that info, that's just not the issue I'm having.
spiked_mistborn said:
This is an unlocked phone that is designed to support most/all? carriers out of the box. Some carriers require software for full functionality, so depending on what type of Sim card and network you use it will automatically activate the required app/software. This allows Lenovo/Moto to support many carriers with a single phone model.
Click to expand...
Click to collapse
Bingo.
---------- Post added at 06:56 AM ---------- Previous post was at 06:51 AM ----------
Tony3610 said:
I understand and appreciate that info, that's just not the issue I'm having.
Click to expand...
Click to collapse
Correct me if I'm wrong but the only issue you seem to be having is your issue with the apps simply existing on the oem partition?
Either way, I'm out of this thread...peace!
d4rk3 said:
Bingo.
---------- Post added at 06:56 AM ---------- Previous post was at 06:51 AM ----------
Correct me if I'm wrong but the only issue you seem to be having is your issue with the apps simply existing on the oem partition?
Either way, I'm out of this thread...peace!
Click to expand...
Click to collapse
Yes, that's the issue.
Thank you for your help, then.
**BUMP**
Still no resolution.
Tony3610 said:
**BUMP**
Still no resolution.
Click to expand...
Click to collapse
I suggest you learn what an OEM is. Lenovo/Motorola is installing software at the factory to support the version of the phone that Republic Wireless, Consumer Cellular and Rogers in CA sells. It's probably easier for them to install that software on all the phones and not just the Republic Wireless software on the Republic Wireless phones and the Consumer Cellular on the Consumer Cellular phones.
I just installed ES FE and checked my XT1607 and have 3 folders in the OEM folder for Republic Wireless, Consumer Cellular and Rogers.
There's nothing to resolve here.

Categories

Resources