Is ZTE Service App safe or malware? - ZTE Axon 7 Questions & Answers

Hi,
I have an EU Version with software B03. If found malware alerts in the handserivce.apk (ZTE Service):
https://apkscan.nviso.be/report/show/91ae676769206160c520aa8d7c558f8c
https://www.virustotal.com/de/file/...d76695d7b18af3655bae8142/analysis/1475338094/
Is this a false alert or true?

I have been informed that handservice.apk is a proper zte system app that gives a false positive on anti virus software. It is not malware!

samson39 said:
Hi,
I have an EU Version with software B03. If found malware alerts in the handserivce.apk (ZTE Service):
https://apkscan.nviso.be/report/show/91ae676769206160c520aa8d7c558f8c
https://www.virustotal.com/de/file/...d76695d7b18af3655bae8142/analysis/1475338094/
Is this a false alert or true?
Click to expand...
Click to collapse
Holy crap
Can you extract the apk from your phone and upload it somewhere?
https://f-droid.org/repository/browse/?fdcategory=System&fdid=axp.tool.apkextractor

Hi,
this should work:
https://drive.google.com/file/d/0B8ZWo7aiw_klUkNQLTdNQmNFUUU/view?usp=sharing

Thanks. I'm taking a look at it.
As for ZTE saying it's a legitimate app, well, that's not worth much
http://blog.trendmicro.com/trendlab.../zte-score-m-scores-a-backdoor-vulnerability/
Aside from that, they've caught a bad wrap from at least the U.S., though I can't tell if it's just because the gov't is scared of China's economy or if there's a real security concern... except for that link above:
https://www.theguardian.com/technology/2012/oct/08/china-huawei-zte-security-threat
http://www.reuters.com/article/us-trade-eu-idUSBRE94H03J20130518

Well I looked at some of the web addresses from the virustotal details as well as the permissions it detailed. Then decompiled in apktool and looked around. At this point I'm not a programmer but it looks like an app that has bits and pieces to talk with Alibaba, Baidu, umeng (some Chinese analytics company), and maybe a few other places. Some words refer to OTA so I assume it's some sort of updater app with some bloat for analytics and advertising companies.
Regardless, a security expert would have to see what it really does. I mean, I'm still suspicious when 30% of VirusTotal scanners detect something goofy. I mean- if it's legit and safe code I would probably not want to generate false positives because it would at least mean I'm writing poor code.
I'd probably contact ZTE though, from what I've read in their forums, their answer so far is "it's an app from us." Well, duh. That just reminds me of Tommy Boy where Chris Farley says something about putting a guarantee on a box "all that says is it could be a guaranteed piece of s**t!"
Anyways, if you're really concerned you can always submit it to antivirus companies or your government's information security response departments. Just Google to see if your gov't has one. It's simply a matter of uploading or emailing the file to them and they'll look at it.
The fact that it's installed on consumer telecommunication equipment from a manufacturer is kinda significant. Like, if I was ZTE, I'd be contacting av companies to request removal of the signature that's detecting my program as suspicious to request that it be whitelisted. That's what's odd about the whole thing.

update: I've uploaded the file to
https://malware.us-cert.gov/MalwareSubmission/pages/submission.jsf
as well as ESET
https://www.eset.com/us/support/con...ownload-install/other-download-installl-issue
Just because I had some time.
Looking at your 1st detection links from what I can tell the suspicious parts are that it sends your IMEI number to both rma.zte.com.cn and 210.51.195.23 (Alibaba) from their logcat file.
V/empty ( 1326): ====GET http://rma.zte.com.cn/rmaPhone/checkImei.app?imei=<phone's IMEI ID>
D/dalvikvm( 1326): WAIT_FOR_CONCURRENT_GC blocked 20ms
D/dalvikvm( 1326): WAIT_FOR_CONCURRENT_GC blocked 58ms
W/DroidBox( 1326): DroidBox: { "OpenNet": { "desthost": "210.51.195.23", "destport": "80", "fd": "35" } }
W/DroidBox( 1326): DroidBox: { "DataLeak": { "sink": "Network", "operation": "send", "tag": "0x400", "data":
Click to expand...
Click to collapse
The animations in that one link which shows a simulation of the user interaction looks like you type the IMEI in and then must click send before it does. If this a customer service app from ZTE it's probably intentional. I'm guessing that's why it looks fishy. Still don't know why they'd send your IMEI in plain text and also to Alibaba (the Chinese version of Amazon). Maybe they handle their returns through Alibaba for European countries and the US has its own thing going on since they've got some separate agreements in their US offices.

UP :
Since the backdoor AdUps has been discovered on BLU phones, but IS INSTALLED on chinese phones from Huawei AND ZTE, can someone check this out? I'm far from having the capacity to check that for myself.
http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?_r=0
Thanks!

https://community.zteusa.com/thread/13335
Luckily for us USA phones, it's not on any of the phones shipped here.

Related

New Android Virus from China?

At the company I work for, an email came out from our care group that I thought everyone might find interesting. When I first read it, I immediately thought of the MIUI ROM that I installed....
"A new virus infecting the android based phones has been detected in china.It is being said that this is by far the most complicated and sophisticated Android virus that the security firm has come across.This virus is being dubbed as ‘Gemini’ and it has the capability of being remotely operated by the hacker once it is in the phone.Though many viruses have been detected earlier in Android apps. but this the is most sophisticated among all of them.
The Botnet feature of the virus is the major concern.Once the malware is completely installed on the user’s phone, it has the potential to receive commands from a remote server that allows the hacker to access the user’s data and all personal stuff.Once the privacy of the user is compromised,the hacker can do anything he wish to do.
Lookout mobile security,who basically detected this virus said that Gemini uses advanced and sophisticated techniques to hide it’s track.They also said that that the virus is capable of sending location coordinates and device identifiers to the remote server, helping it to generate a list of all installed apps on the infected phone and to install more infected ones.
All the infected applications that have yet come up have been downloaded from a third party Chinese application market. “Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” the company wrote in a blog post.On the other hand,the same applications that are downloaded from official Android application market are safe.
Although it is not very clear that what actually is the intent of the authors of Gemini.The chief technology officer for Lookout,Kevin mahaffy said that “It could be anything from a malicious advertising network to an attempt to create a botnet”.Botnet basically is a group of infected computers or phones that the attacker controls to compromise for data and identity theft and also it can be used to launch attack on other machines.
The application which are grafted with virus are mostly games and a few applications.Some among them are:
• Monkey Jump 2
• Sex Positions
• President vs. Aliens
• City Defense
• Baseball Superstars 2010.
Here’s how it works:
When a host application containing Geinimi is installed on a client’s phone, the Trojan gets activated in the background and collects information that can compromise a user’s privacy.Geinimi attempts to connect to a remote server using one of 10 embedded domain names. If it connects, Geinimi transmits collected information to the remote server."
here you go http://www.msnbc.msn.com/id/40857219/ns/technology_and_science-wireless/
Interesting read. I wonder: If the infected app is removed, does the virus get removed with it?
rugedraw said:
Interesting read. I wonder: If the infected app is removed, does the virus get removed with it?
Click to expand...
Click to collapse
that would make for a pretty ineffective trojan. I highly doubt it.
also, as per the msnbc article, the virus is named "Geinimi," not "Gemini." Although I guarantee everyone will call it gemini because it's so much easier, at least to an english speaker.
Old news.
cjh6386 said:
that would make for a pretty ineffective trojan. I highly doubt it.
Click to expand...
Click to collapse
It does get removed if you remove it from applications. The only way it wouldn't get removed is if the app were to root the device first, and then push the apk to the apps folder. but this one doesnt do that.
I'm honestly surprised there aren't more of them out there, it would be way to easy to do.
Sent from my PC36100 using XDA App
cjh6386 said:
that would make for a pretty ineffective trojan. I highly doubt it.
Click to expand...
Click to collapse
Good point......I'm just not sure how viruses affect our phones compared to how they affect Windows based PC's.
Last-Chance said:
Old news.
It does get removed if you remove it from applications. The only way it wouldn't get removed is if the app were to root the device first, and then push the apk to the apps folder. but this one doesnt do that.
Click to expand...
Click to collapse
Even then, you would still be able to remove it manually from the apps folder, no? Providing the user has root access, of course.
This is bull****. Why can't they leave viruses for windows computers?
Sent From My HTC Evo 4G On The Now Network From Sprint Using Tapatalk Pro!
I guess it's becoming an issue with the carriers too since our Care department is now getting swamped with calls from people who either "think" they're phones are infected or read that MSNBC article.....
In any event, I have to admit that I didn't even give it a thought that I might get a virus on my phone. I actually even saw quite a few virus programs on the Market and just ignored them. I'll now have to revisit that option, especially since I'm installing ROMS from every source that posts them....
rugedraw said:
Good point......I'm just not sure how viruses affect our phones compared to how they affect Windows based PC's.
Even then, you would still be able to remove it manually from the apps folder, no? Providing the user has root access, of course.
Click to expand...
Click to collapse
probably, but if the app is smart enough to root android devices, chances are its smart enough to hide itself. With root access it can pretty much do anything it wants, including hiding itself, as well as accessing other programs, and what not.
Would a nand restore get rid of it?
Sent from my HTC Supersonic
If it needs root access to do it's thing, wouldn't that trigger the superuser app? And if a game triggers the superuser app, and a person clicks on "Allow"...then...maybe they deserve to be infected.
From what I remember of reading about this virus, it only affected users in China who downloaded it from a third-party market application and not Google's Android Market.
Viruses in android doesn't make any sense to me at all. Since android is so different. As another poster stated, doing a nand is in essence like wiping the total system, correct?
Sent from the Evo 4G
dglowe343 said:
Would a nand restore get rid of it?
Sent from my HTC Supersonic
Click to expand...
Click to collapse
in essence yes. But a person smart enough to code a virus that roots devices is probably smart enough to backdoor nand restore points as well.
Holyrolla said:
If it needs root access to do it's thing, wouldn't that trigger the superuser app? And if a game triggers the superuser app, and a person clicks on "Allow"...then...maybe they deserve to be infected.
Click to expand...
Click to collapse
The chinese one doesn't need root. I was just saying that if it had root it would be a lot harder to remove. And the app is binded to other programs, so the person will probably not even know that the legit one doesnt require superuser.
mbaseball3 said:
Viruses in android doesn't make any sense to me at all. Since android is so different. As another poster stated, doing a nand is in essence like wiping the total system, correct?
Sent from the Evo 4G
Click to expand...
Click to collapse
Why doesn't it? Millions of dollars are stolen each year by criminals that infect phones in order to dial out premium numbers.
Last-Chance said:
in essence yes. But a person smart enough to code a virus that roots devices is probably smart enough to backdoor nand restore points as well.
Click to expand...
Click to collapse
fear monger much?
EDIT: for those curious he's just drumming up nonsense to see if he can get you in a frenzy ... that or has has NO CLUE what he's talking about.
Even if someone was stupid enough to "Accept default permissions" and not question why your video game that you downloaded from a third party marketplace with "allow unknown sources to be installed" flag set needs to look at your phone calls and personal contacts ... there would still be a popup by superuser the moment it tried to do something that required root.
It's a perfect storm trojan: no more a risk to your phone than a phishing site is to your identity: that is a huge problem if you're an idiot.
Justin.G11 said:
fear monger much?
EDIT: for those curious he's just drumming up nonsense to see if he can get you in a frenzy ... that or has has NO CLUE what he's talking about.
Even if someone was stupid enough to "Accept default permissions" and not question why your video game that you downloaded from a third party marketplace with "allow unknown sources to be installed" flag set needs to look at your phone calls and personal contacts ... there would still be a popup by superuser the moment it tried to do something that required root.
It's a perfect storm trojan: no more a risk to your phone than a phishing site is to your identity: that is a huge problem if you're an idiot.
Click to expand...
Click to collapse
yea bro, cause you know what you are talking about. How about you actually look up **** before talking.
1. A 3rd party app can simply ask for 1 permission, then root the phone and gain wide variety of permissions. When i say root, i dont mean the same way as you see here. It will gain permissions beyond what normal apps do. It wont ask for superuser permissions. It will only ask for 1 permission on install
2. Did you know that there is a Buffer overflow available on all phones that are running 2.1 of android? Did you also know that there is a buffer overflow for all androids that are running the latest webkit on 2.2? apparently not. fyi, a buffer overflow in a browser can represent a huge risk, meaning visiting a website that is infected will in return infect you. A buffer overflow will also not ask for any permissions and load a malicious application straight to your phone.
Next time when you talk to someone as if they were a kid, make sure that person doesn't happen to have a CS degree, and 8+ years of experience in computer security. Now gtfo.
those chinese have a strange sense of humor, I bet it started as a prank by some drunk college students to see if they could do something small that would make americans even more paranoid
NewZJ said:
those chinese have a strange sense of humor, I bet it started as a prank by some drunk college students to see if they could do something small that would make americans even more paranoid
Click to expand...
Click to collapse
if you call being charged 100s of dollars on your bill because some virus made phone calls to premium rate numbers a joke, then yes they are very funny.

With all the talk about viruses on Android,is there an Anti-virus that actually works

Just wondering if there is one that will actually work etc? Seems like troll food for now, at least to me. Id like to get one that works, but is it necessary?
Lookout mobile security is good I have it and it works great, Lookout was the company that detected the Trojan Horse in the China market.
I use lookout also on 2 phones. Dont know how good it really is but it better than nothing.
+1 for lookout
Lookout has, in some people's experience, drained the battery.
Best anti-virus? COMMON. SENSE. If an app is asking for the permission to call numbers, send text messages, and access your Google account, OR, asks for root permissions, when it's supposed to be a wallpaper bundle, DON'T INSTALL IT.
Furthermore, DO NOT USE PIRATED CRAP. If you read the articles Lookout's posted about the malware going around, it's all from secondary or untrustworthy alternatives to the Android Market, or from pirate sites.
Really, for everything on the Market that costs money, there's some kind of free alternative. Or you could always, y'know, spend $2 to buy that app. After all you did buy a $450 phone with a monthly bill of no less than $70...
I think Lookout is shady. A lot of these companies create viruses so they could increase their user base.
Aforementioned, don't install an app that demands access to personal and sensitive stuff. That's the main giveaway.
Lookout is one of the only companies that has something to gain from the existence of viruses and since they are pretty much the only company who ever finds and reports about these viruses, gotta take that info with a grain of salt. Like previously stated, common sense will keep your phone safe
Sent from my PC36100 using XDA App
drmacinyasha said:
Really, for everything on the Market that costs money, there's some kind of free alternative. Or you could always, y'know, spend $2 to buy that app. After all you did buy a $450 phone with a monthly bill of no less than $70...
Click to expand...
Click to collapse
That's no fun
Sent on the go from my HTC EVO
I have lookout, works fine. I'm confident in it.
Using my HTC Evo phone which I'm using Xda app to post
i wish people would stop making virus' for our phones. =/
Rydah805 said:
i wish people would stop making virus' for our phones. =/
Click to expand...
Click to collapse
it's that or they get a real job, they can make more with viruses
Android is a linux based system and for Android currently only has one virus. If that says anything. Stop wasting your time on these bloatware apps, Linux does not get viruses. If you do, well I feel sorry for ya.
splmonster said:
Android is a linux based system and for Android currently only has one virus. If that says anything. Stop wasting your time on these bloatware apps, Linux does not get viruses. If you do, well I feel sorry for ya.
Click to expand...
Click to collapse
Wrong on your virus count and that Linux doesn't get viruses
http://www.kaspersky.com/viruswatchlite?search_virus=android&x=19&y=6&hour_offset=-9
There are no such thing as viruses for android. None - not a one - never has been, probably never will be barring some crazy zero day exploit is found (but a lot more platforms would be affected than just android.)
The only malware that exists for android are a few trojans, but you'll never run into the known ones since they are no longer on the market.
As for the unknown ones? Google removes them from the market once they are known, which means any kind of "anti-virus" software can only react about as fast as google can react, which makes any kind of "anti-virus" software superfluous. In other words, you don't need one, and if you buy one you're just wasting your money.
The only exception to this rule is if you download apk's from shady sources outside of the android market and install them, and if you do that indiscriminately, you're a moron.
Yea there is. Common sense.
Sent from my PC36100 using XDA App
Rakeesh_j said:
There are no such thing as viruses for android. None - not a one - never has been, probably never will be barring some crazy zero day exploit is found (but a lot more platforms would be affected than just android.)
Click to expand...
Click to collapse
Technically you are correct, a trojan is not a virus. As far as most smartphone users, the media and AV marketing is concerned they are the same. They screw up your phone. Barring pirated software it is still possible to infect a *nix based system. "Probably not" is not something you want to hear from admin on a network when it comes to infection.
I can give you and example but don't want to make my post a TL|DR (or get banned). The short version is:what phone to infect, what kernel, rooted, apps with SU, what should the virus do, injection point, carrier. The only things that makes *nix safer is, user permissions and that most of the coders are on a *nix OS and respect it.
To the OP, what you want is a security suite (AV,malware,locate,lock,erase) so look at Lookout. Also, are you running a stock rom or custom and if custom then which one? There's a fairly rom specific flaw in Lookout.
If anything I use lookout just for a sense of security. It doesn't take up that much space to me and regardless if how many viruses are out there, it makes me feel safer.
Sent from my PC36100 using Tapatalk
Anything anti-android is gay. Period!!!!
**Non-helpful post**
Lokifish said:
Technically you are correct, a trojan is not a virus. As far as most smartphone users, the media and AV marketing is concerned they are the same. They screw up your phone.
Click to expand...
Click to collapse
Ok name one that does, and how it does it.
As far as I'm aware, the only possible things they can do to harm you is:
- Steal your information
- Spy on you
- Send text messages that cost you money
None of the ones that exist in the wild are capable of causing any sort of damage to your phone.
Rakeesh_j said:
Ok name one that does, and how it does it.
As far as I'm aware, the only possible things they can do to harm you is:
- Steal your information
- Spy on you
- Send text messages that cost you money
None of the ones that exist in the wild are capable of causing any sort of damage to your phone.
Click to expand...
Click to collapse
Geinimi. Think of it as malicious bot-net attack for Android. It inits a backdoor and connects to a remote server. The remote server can then issues commands to download and prompt the user to install an app, prompt the user to uninstall an app, and to send a list of installed apps to the server, place phone calls, as well as the things you listed.
BTW remote deletion is built into Android. Look here:
http://www.h-online.com/open/news/i...oid-apps-from-smartphones-Update-1029188.html

AdMob will ban me?

For two days I see in my account suspicious activity:
Code:
Country Country Code Inventory Impressions Clicks
Europe EU 1710 1709 5
Americas AMS 1270 1270 18
Asia AS 413 413 1
Africa AFR 141 141 0
[I][B][U]Unknown 92 92 75[/U][/B][/I]
Somebody try to get me banned?
same here
I get similar strange numbers from Unknown since 28th of June.
I'm wondering what's going on...
Same problem
Country, Country Code, Inventory,Impressions, Clicks, CTR, eCPM, Revenue
Unknown,"","128","128","95","74.2188","7.7679140958935","0.99"
navajowhite said:
Country, Country Code, Inventory,Impressions, Clicks, CTR, eCPM, Revenue
Unknown,"","128","128","95","74.2188","7.7679140958935","0.99"
Click to expand...
Click to collapse
Same thing for me, this is very weird. Looks like someone is trying to get us banned. Let's see what our apps have in common, maybe that will give us a lead...
Same problem
This also affected my account. Looks like this problem started last month. I noticed that only now, because one of my apps started to gain few thousand new members a day which resulted in quit high ad request count and then suddenly my CTR's skyrocketed (til that moment my CTR's was around 1% and lower). Looks like clicks form Unknown location is somehow related to total request count, because my other apps generated very small ad request count and that's why it don't affected my overall CTR rate and I didn't noticed any changes (I wasn't checking geo stats).
For safety measures I deleted all affected ad accounts to stop this abuse and sent email to AdMob support (no answer yet). My app managed to generate ~100k requests from which ~5k was from Unknown with ~3k clicks what resulted in ~60%CTR.
I'm quit worried about my account because looking at stats this looks like some kind of click fraud, but that's not my fault. Also my app analytic data doesn't showed that huge ad click increase. Everything was like usual. For now I don't know what to do...
P.S. Sorry about my English.
Same problem here. Anyone tried to contact admob?
Yes, still no response.
How can i temporarly disable my apps? I can't find a switch in AdMob page.
kuznec said:
For two days I see in my account suspicious activity:
Code:
Country Country Code Inventory Impressions Clicks
Europe EU 1710 1709 5
Americas AMS 1270 1270 18
Asia AS 413 413 1
Africa AFR 141 141 0
[I][B][U]Unknown 92 92 75[/U][/B][/I]
Somebody try to get me banned?
Click to expand...
Click to collapse
I have the same problem. Anyone knows how to report this issue to Admob? I couldn't find the e-mail address of Admob.
Finaly got response from AdMob support
Hello,
Thank you for your email.
I understand your concerns about the high number of clicks coming from unknown locations.
There are, indeed, invalid activities and they will be filtered out from your finalized earnings. Please be assured that all valid and legit clicks will be counted.
Click to expand...
Click to collapse
Hmmm... Where do you see that information screen?? I have some extrange numbers in admob last few days but I don't know how to see that info.
Ok, I've found that and I also have that problem, 600 unknown impressions with 80% CTR...
i got some amount of unknown too. Admob will ban you for this?
admob ban
Does anyone know, for what reasons admob can ban you? I worry, because I've just started to use it.

CarrierIQ detected on AT&T and T-Mobile

AT&T:
T-Mobile:
Discuss.
Download the app on f droid:
https://f-droid.org/repository/brow...did=org.projectvoodoo.simplecarrieriqdetector
https://f-droid.org/repo/org.projectvoodoo.simplecarrieriqdetector_16.apk
catzilla said:
AT&T: https://i.imgur.com/HVe2ALY.png
T-Mobile: https://i.imgur.com/j0bmgOp.jpg
Discuss.
Click to expand...
Click to collapse
Maybe I'm misreading those reports? But it looks like the stuff that triggered it is lower down. All of what's displayed says "Not Found." Could you scroll down to the problematic bits and show them as well?
This comes as no surprise. Another reason why the end goal of any phone is to obtain root.
DaBunny said:
Maybe I'm misreading those reports? But it looks like the stuff that triggered it is lower down. All of what's displayed says "Not Found." Could you scroll down to the problematic bits and show them as well?
Click to expand...
Click to collapse
Full log:
Voodoo Carrier IQ Detector report:
Build fingerprint:
lge/p1_att_us/p1:5.1/LMY47D/151421018d413:user/release-keys
Carrier IQ has been found and is active
Detection score: 270
Test for: Linux kernel dmesg log
(DMESG, weight 100)
nothing found
Test for: Suspicious classes
(SUSPICIOUS_CLASSES, weight 0)
found: com.carrieriq.iqagent.service.receivers.BootCompletedReceiver
Test for: Android logcat debugging log
(LOGCAT, weight 100)
nothing found
Test for: Linux kernel interfaces
(KERNEL_INTERFACES, weight 50)
nothing found
Test for: Packages
(PACKAGES, weight 70)
nothing found
Test for: Running processes
(RUNNING_PROCESSES, weight 200)
found: system 4633 510 1626028 13308 ffffffff 00000000 S diagandroid.iqd
Test for: ROM configs
(ETC_CONFIG, weight 0)
nothing found
Test for: Linux kernel drivers
(KERNEL_DRIVERS, weight 50)
nothing found
Test for: ROM binaries and daemons
(SYSTEM_BINARIES, weight 70)
found: /system/lib/libiq_client.so
found: /system/lib/libiq_service.so
Test for: System services
(SERVICES, weight 70)
nothing found
Snakecharmed said:
This comes as no surprise. Another reason why the end goal of any phone is to obtain root.
Click to expand...
Click to collapse
2x on this, it should be no surprise that CIQ is on any carrier's standard phone build - especially T-Mobile. Correct me if I'm wrong, but I believe parts of CIQ are packaged in the My T-Mobile app, for the purpose of "diagnostics." That app even asks for permission to collect diagnostic data and send it back to the mothership.
BigJohn89 said:
2x on this, it should be no surprise that CIQ is on any carrier's standard phone build - especially T-Mobile. Correct me if I'm wrong, but I believe parts of CIQ are packaged in the My T-Mobile app, for the purpose of "diagnostics." That app even asks for permission to collect diagnostic data and send it back to the mothership.
Click to expand...
Click to collapse
It is for diagnostics. I'm in T-Mobile tech and its the most helpful thing ever.
you wanna talk scary.... my first G4 came with a buggy SD card slot, sometimes detected, sometimes not.... Anyway, I called T-mobile support and the tech I spoke with on the phone KNEW when my SD Card was inserted and when it was not. WTF is THATTTTT??!?!?!
Who cares about CarrierIQ now, NSA got you all even without carrierIQ. So what's the matter about removing it.......
FWIW, I checked my Verizon G4 with 3 different CIQ apps (Lookout, Bit Defender, Trend Micro) and it came up clean. I remember a few years ago that they said they wouldn't use CIQ, but I'm sure they have the same capabilities, under a different name.
So what exactly does CIQ do/why is it important to be aware of it? I have a VS986 and would like to know just how much data is being collected about me and what I do/where I go.
nineeightyone said:
So what exactly does CIQ do/why is it important to be aware of it? I have a VS986 and would like to know just how much data is being collected about me and what I do/where I go.
Click to expand...
Click to collapse
I'd like to know, too. I'm on T-Mobile, but why should I care? Other than paranoia that people have, how does it affect me?
Omg carrierIQ!!
Sent from my SM-G920T
Can't you just turn off diagnostics (on the H811 at least) and CI is disabled?

Chinese malware / spyware app built-in in the system of my s10+

Just realized that the built-in Storage Analysis function in Device Care settings is powered by 360 Security.
As far as i know this is an app written by the Chinese and is highly probably comtaining hidden spyware that send confidential data to the Chinese government.
Any chance we can disable it, so that even clicking into that menu won't do nothing? I rather not use that funciton but to be safe. I was trying to use adhell to disable something but couldn't identify which system app is it.
moonset said:
Just realized that the built-in Storage Analysis function in Device Care settings is powered by 360 Security.
As far as i know this is an app written by the Chinese and is highly probably comtaining hidden spyware that send confidential data to the Chinese government.
Any chance we can disable it, so that even clicking into that menu won't do nothing? I rather not use that funciton but to be safe. I was trying to use adhell to disable something but couldn't identify which system app is it.
Click to expand...
Click to collapse
Hey there,
is there any hard evidence, that it sends package data to chinese-based servers, other than those mentioned regular update requests/database updates? AdGuard firewall log or something would be helpful. :good:
more2come said:
Hey there,
is there any hard evidence, that it sends package data to chinese-based servers, other than those mentioned regular update requests/database updates? AdGuard firewall log or something would be helpful. :good:
Click to expand...
Click to collapse
thanks, i will try adguard.
Generally I don't trust any software/apps from PRC, it wouldn't harm.
moonset said:
thanks, i will try adguard.
Generally I don't trust any software/apps from PRC, it wouldn't harm.
Click to expand...
Click to collapse
One shouldt always be sceptical when it comes to personal data. There have been incedents with data extraction in the past, older Xiaomi smartphones running dated firmwares were collecting personal data and sent it back home to chinese servers.
On the other hand, the amount of data Google collects from each and every Android device is quite terrifying. And I don't think that Google is the most trustworthy company in the world...
more2come said:
One shouldt always be sceptical when it comes to personal data. There have been incedents with data extraction in the past, older Xiaomi smartphones running dated firmwares were collecting personal data and sent it back home to chinese servers.
On the other hand, the amount of data Google collects from each and every Android device is quite terrifying. And I don't think that Google is the most trustworthy company in the world...
Click to expand...
Click to collapse
oh yes, i believe Google is collecting my data as much as I believe in I am a child of my mom.
But it comes down to reputatuon and which one is more harmful. Google is a commercial cooperate, and PRC? lol
I am using android anyway, so no matter what google has got my data, why share another copy with the Chinese?
But Samsung isn't a Chinese company, so why would they do this? I could understand if this was Huawei or Xiaomi.
Slash8915 said:
But Samsung isn't a Chinese company, so why would they do this? I could understand if this was Huawei or Xiaomi.
Click to expand...
Click to collapse
Probably because Vietnam isn't the home of a security software company. ? China... Vietnam, you're probably splitting hairs anyway.
BTW, where was your phone manufactured. In the US they use McAfee which is probably my most unfavorite next to Norton.
OP drank the Kool-Aid trump is serving at his house party.
Slash8915 said:
But Samsung isn't a Chinese company, so why would they do this? I could understand if this was Huawei or Xiaomi.
Click to expand...
Click to collapse
this is also my question... why did they use codes/apps that were written by a chinese company anyway...
fear mongering?
moonset said:
this is also my question... why did they use codes/apps that were written by a chinese company anyway...
Click to expand...
Click to collapse
I guess the main reason is that there's no other good alternative in the market. Maybe there's better option but will you pay for that?
The hilarious thing in this post is that the "blind-love" to google, which makes my day My 2 cents are that in S10 there are more parts comes from Chinese venders than ever, so if you are afraid of that, maybe the best way is not use a mobile at all.
moonset said:
Just realized that the built-in Storage Analysis function in Device Care settings is powered by 360 Security.
As far as i know this is an app written by the Chinese and is highly probably comtaining hidden spyware that send confidential data to the Chinese government.
Any chance we can disable it, so that even clicking into that menu won't do nothing? I rather not use that funciton but to be safe. I was trying to use adhell to disable something but couldn't identify which system app is it.
Click to expand...
Click to collapse
ah ah ah .. I don't know from where you're from but as far I know, the WORST and BIGGEST spy are the usa : do I need to remind you about julien assange, chelsea mannings and many more ? Or the echelon program and so many we aren't even aware of ? (not to mention data collecting/selling by facebook/apple/google...) (I'm also not speaking of the stinky ****ty messy smelly bad **** they're doing all around the world, wars, geo politic business/manipulation just for the sake of them being able to keep on goin' in the good 'ol american way of life...)
charlene17 said:
ah ah ah .. I don't know from where you're from but as far I know, the WORST and BIGGEST spy are the usa : do I need to remind you about julien assange, chelsea mannings and many more ? Or the echelon program and so many we aren't even aware of ? (not to mention data collecting/selling by facebook/apple/google...) (I'm also not speaking of the stinky ****ty messy smelly bad **** they're doing all around the world, wars, geo politic business/manipulation just for the sake of them being able to keep on goin' in the good 'ol american way of life...)
Click to expand...
Click to collapse
Thanks for a post that is almost 100% BS and factually wrong. Julian Assange was Australian and he was a fugitive from a British arrest warrant. Chelsea Manning leaked intelligence documents and as far as I know wasn't involved in cyber crime. Where your hatred of the good 'ol American way of life originates I don't have a clue but apparently it didn't originate in school.
you guys might not know much about china and privacy in china, so just think steal personal data is a joke, as a guy who live in Hong Kong, i can tell you this is much more scary than you though, just like the huawei 5G in US now, many years ago, people in HK already know china company will steal data , but US just realise this recently...
charlene17 said:
ah ah ah .. I don't know from where you're from but as far I know, the WORST and BIGGEST spy are the usa : do I need to remind you about julien assange, chelsea mannings and many more ? Or the echelon program and so many we aren't even aware of ? (not to mention data collecting/selling by facebook/apple/google...) (I'm also not speaking of the stinky ****ty messy smelly bad **** they're doing all around the world, wars, geo politic business/manipulation just for the sake of them being able to keep on goin' in the good 'ol american way of life...)
Click to expand...
Click to collapse
what you said about USA might be true but at least they have freedom of speech.
Do you know in China certain words / phrases which speak the truth about PRC (such as 4th June 1989) or Xi Jinping's nickname, are filtered and monitored on EVERYBODY's phone and EVERY apps, so that you cannot even send those words out and police officers could just turn up at your door to arrest you.
Also, i havent seen any partnership between organizations like facebook and google with the US government... but Huawei, QQ (360 security), Xiaomi?? HAHAHAHAHA
chya83 said:
I guess the main reason is that there's no other good alternative in the market. Maybe there's better option but will you pay for that?
The hilarious thing in this post is that the "blind-love" to google, which makes my day My 2 cents are that in S10 there are more parts comes from Chinese venders than ever, so if you are afraid of that, maybe the best way is not use a mobile at all.
Click to expand...
Click to collapse
there is no blind-love to google, maybe just blind-hate to Chinese companies.
i cannot live without a mobile, so i pick the "better" option.
A bit like the call screening function Hiya on the devices and also another call screening option on T Mobiles end that one cannot disable. They all steal and share the data.
Sent from my SM-G975U using Tapatalk
About the most misinformed, xenophobic thread I've had the misfortune to read on Xda in a long time. Keep it up guys, it's a good look.
kurosawa79 said:
About the most misinformed, xenophobic thread I've had the misfortune to read on Xda in a long time. Keep it up guys, it's a good look.
Click to expand...
Click to collapse
LOL, that's what happens when kids get phones.
I'm no longer using a smart phone because of this Chinese software in my s10+. I'm switching back to my brick phone

Categories

Resources