Go Back   Android Forums > Android Discussion > Android Lounge
Android Lounge A place for general Android discussion and questions.

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

Like Tree7Likes
  • 1 Post By ExtremeNerd
  • 1 Post By chanchan05
  • 2 Post By ExtremeNerd
  • 2 Post By Crashdamage
  • 1 Post By Mostly Harmless

test: Reply
 
LinkBack Thread Tools
Old October 16th, 2012, 08:50 PM   #1 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default Android System Modified??

I believe that my Android system might have been sabotaged and modified. I had a friend stay the night at my house and I did not put my phone away or hide it. It was left out all night while I slept and I believe that he accessed the phone and modified the system partition to create a remote access "Spy" gateway. I would like to know what tools/options are available to check for this and also to remove such spying software and restore the phone. Right now I do not have the phone rooted nor do I have access to a computer which I can install the Android SDK and Java JRE which I would need in order to root this phone (The Huawei Activa 4g) I do not want to just reverse this process but I want to figure out and establish to myself that it has been done or not so that I will know whether to trust this individual in the future. When you click on the Battery Usage the phone displays "ATF_Daemon" or something that I can't catch for a split second before showing it as Android System, which usually uses most of the battery. Any information on this matter would be very much appreciated.

2h 54m 49s on battery
Android System 88%
Maps 6%
Cell standby 4%
Display 2%

Also, the phone has already been factory reset but I do not believe that removed any of the "Spy"ware because if the ROM had been flashed or the system partition modified then a Factory Reset would not address these issues. The individual, I forgot to mention, had a laptop with him which would have easily granted him ADB access and all that good stuff. To note, information shown in "About phone"

ERI version: 1357
Model number: HUAWEI-M920
Android Version: 2.3.6
Kernel version: 2.6.35.11
(I do not believe this phone shipped with these Android/Kernal versions also?)
Build Number: M920V100R001C177B322SP11

(To note: Maps is using 6% of the battery and I have not ran it since reboot)

Android system shows these packages:
Fota Client
VPN Services
com.qualcomm.privinit
Security
Google Backup Transport
Android System
com.android.qualcomm
Settings
Status Bar
Settings Storage
Account and Sync Settings

IMEI: *(REMOVED OF COURSE)
Wi-Fi MAC Address: Unavailable
Bluetooth Address: Unavailable
Up time: 2:45:04
ICC ID: *(WHAT IS THIS -- IS IT SENSITIVIE TO POST????)

2h 54m 49s on battery
Android System 88%
Maps 6%
Cell standby 4%
Display 2%

dustin69 is offline  
Last edited by dustin69; October 16th, 2012 at 09:00 PM. Reason: Addition of information
Reply With Quote
sponsored links
Old October 17th, 2012, 05:32 AM   #2 (permalink)
AF Contributor
 
Hadron's Avatar
 
Join Date: Aug 2010
Location: Dimension Jumping
Posts: 11,543
 
Device(s): HTC One (S-Off), HTC Desire (retired)
Carrier: Orange UK

Thanks: 2,153
Thanked 4,777 Times in 3,471 Posts
Default

Hi Dustin,

I'm not sure why you believe that this "friend" has hacked spyware into your /system. Is it because you think that android system is using more power than usual? Remember that those are percentages, so if the phone is left screen off and idle system processes will show a high fraction. And the word "daemon" doesn't imply anything - in Linux speak a background system process that provides or monitors a particular service is a "daemon".

I can't confirm the precise os/kernel versions your phone would have come with, but who would upgrade those? That phone would have come with some 2.3 version.

The main thing is that adb does not give write access to system on an unrooted phone. So unless you are worried that he rooted the phone, installed spyware to system, then covered his tracks (e.g. by removing the superuser app) , I don't see how it could be done. If you want, try installing superuser from the Play Store - if the SU app works (type "su" in a terminal emulator and see whether it pops up and succeeds in granting permissions) then the system is rooted. Otherwise I think this is very unlikely.
__________________
Forum Rules & Guidelines - Android Forums FAQ
If a post helps you, use the Thanks! button.
Spam or offensive? Don't respond, report it /!\
Hadron is online now  
Reply With Quote
Old October 17th, 2012, 09:35 AM   #3 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

Android System using more power than usual is not my basis for beliving the Android system/kernal has been modified. Also I think this phone came with Android version 2.3.3. if I recall correctly. Right, I do know that daemon basically means system service but why would the phone display that and then switch to Android system? Also, there is an app in the Play Store that is called "Network" and when you launch it it displays "Unknown" in a grey box, which I believe this app is 'supposed' to indicate informations about your connection. Is there a way we can check the Android version that came from the phone maybe email the manufacturer? Just a thought.. I'm looking for ideas to figure this out. Also, I do believe that he could of very well rooted the phone and then unrooted it. Like I said, I was asleep that night for a good 8 hours and that would have been more than plenty of time to do whatever to the phone. I have not checked the Super User app on the phone but I did run Root Checker and it indicated the phone was not rooted, which is not a surprise but like I said given the time he would have had with the phone does not eliminate the possibility of what I believe. Also, if I rooted the phone myself what could I do to check the presence of modified system / kernal files?
dustin69 is offline  
Reply With Quote
Old October 17th, 2012, 09:42 AM   #4 (permalink)
The Real Bass Creator
 
Digital Controller's Avatar
 
Join Date: Sep 2012
Location: Cincinnati, Ohio
Gender: Male
Posts: 10,683
 
Device(s): Galaxy Note 3 with JellyBeans 6, Nexus 7, (RIP) Galaxy Nexus with 4.4 SlimKat, (RIP) Droid Incredibl
Carrier: Verizon

Thanks: 526
Thanked 2,769 Times in 1,806 Posts
Default

Quote:
Originally Posted by dustin69 View Post
Android System using more power than usual is not my basis for beliving the Android system/kernal has been modified. Also I think this phone came with Android version 2.3.3. if I recall correctly. Right, I do know that daemon basically means system service but why would the phone display that and then switch to Android system? Also, there is an app in the Play Store that is called "Network" and when you launch it it displays "Unknown" in a grey box, which I believe this app is 'supposed' to indicate informations about your connection. Is there a way we can check the Android version that came from the phone maybe email the manufacturer? Just a thought.. I'm looking for ideas to figure this out. Also, I do believe that he could of very well rooted the phone and then unrooted it. Like I said, I was asleep that night for a good 8 hours and that would have been more than plenty of time to do whatever to the phone. I have not checked the Super User app on the phone but I did run Root Checker and it indicated the phone was not rooted, which is not a surprise but like I said given the time he would have had with the phone does not eliminate the possibility of what I believe. Also, if I rooted the phone myself what could I do to check the presence of modified system / kernal files?
Once the device is rooted, yes you could check these things out.

And anyhow I am confused why you would of spent the night at someones' place or he at your place, knowing he could be devious and do this to your device? Why not just ask him yourself?

You just don't mess up someones' expensive hardware just for laughs...at least i don't...
__________________
Want Faster help? Read this before posting!

I love this community and so should you! So before posting please read:
Site Rules & Guidelines and Android FAQ's
Digital Controller is offline  
Reply With Quote
Old October 17th, 2012, 09:42 AM   #5 (permalink)
Some say...
 
Stigy's Avatar
 
Join Date: Nov 2009
Gender: Male
Posts: 4,086
 
Device(s): Verizon LG G2 Retired: Galaxy Nexus, OG Droid, TMobile G1
Carrier: Verizon Wireless

Thanks: 1,687
Thanked 3,595 Times in 1,619 Posts
Default

I think the biggest thing to note is that if you are not rooted, your system partition cannot be modified so we can rule that out.

Do you see any apps you don't notice on your device?
__________________
It's kind of fun to do the impossible. - Walt Disney

If someone's out in left field, the /!\ Report button is to the left of their post.
If someone gives you right-on advice or positively contributes, the Thanks button is to the right.
Stigy is offline  
Reply With Quote
Old October 17th, 2012, 10:10 AM   #6 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

I made a bad judgement call on the matter of letting him come and spend the night without securing my phone, or period for the matter. By the way, the phone was only 2 days old or so when this happened. I asked him if he had done anything he should not have done but of course the only answer I received of course is "What are you talking about?", plus it would be rude to accuse someone without having any type of proof so that is why I would like to figure out of it has occured or not. I am going to install Super User and see if it grants root at the moment, but I do believe the phone could have been rooted and unrooted. Here is a list of apps that are running on the phone according to the "Running" screen

Settings 8.6mb
Pandora 29mb
A4A Radar 2.7mb
GO Launcher EX 25mb
GO Switch Widget 2.8mb
GO Weather EX 11mb
com.android.qualcomm 1.7mb (Which I have no clue what this is)
Fota Client 3.0mb (NO Clue)
Google Services 17mb\
Media
Android keyboard

Also under the "All" are some apps that I do not recognize or know what they are:

A4A Radar
Account and Sync Settings
Alerter 0.0kb (?????)
Android Keyboard
Android Live Wallpapers
Android System 0.0b
Anti Spy Mobile FREE
AppStore
BBVA US
Calculator
Calender
Calender Storage
Camera
Certificate Installer
Clock
com.android.provision (???)
com.android.qualcomm
com.qualcomm.permission.? (The rest of it is off screen)
com.qualcomm.privinit
Contacts
Contacts Storage
Dialer
Dialer Storage
Download Manager
Downloads
Drive
DRM Protected Content Storage
eBay
Email
Explorer
Fota Client
FoxFi
FoxFi AddOn
Gallery
Gmail
GO Launcher EX
Go Switch Widget
GO Weather EX
Google Backup Transport
Google Calender Sync
Google Contacts Sync
Google Partner Setup
Google Play Services
Google Play Store
Google Search
Google Services Framework
Wiper App

(hold on will post the rest in a minute)
dustin69 is offline  
Reply With Quote
Old October 17th, 2012, 10:16 AM   #7 (permalink)
Some say...
 
Stigy's Avatar
 
Join Date: Nov 2009
Gender: Male
Posts: 4,086
 
Device(s): Verizon LG G2 Retired: Galaxy Nexus, OG Droid, TMobile G1
Carrier: Verizon Wireless

Thanks: 1,687
Thanked 3,595 Times in 1,619 Posts
Default

Quote:
Originally Posted by dustin69 View Post
I made a bad judgement call on the matter of letting him come and spend the night without securing my phone, or period for the matter. By the way, the phone was only 2 days old or so when this happened. I asked him if he had done anything he should not have done but of course the only answer I received of course is "What are you talking about?", plus it would be rude to accuse someone without having any type of proof so that is why I would like to figure out of it has occured or not. I am going to install Super User and see if it grants root at the moment, but I do believe the phone could have been rooted and unrooted. Here is a list of apps that are running on the phone according to the "Running" screen

Settings 8.6mb
Pandora 29mb
A4A Radar 2.7mb
GO Launcher EX 25mb
GO Switch Widget 2.8mb
GO Weather EX 11mb
com.android.qualcomm 1.7mb (Which I have no clue what this is)
- Probably from your processor (Snapdragon of some sort).
Fota Client 3.0mb (NO Clue)
- This is an update service from HTC.
Google Services 17mb\
Media
Android keyboard

Also under the "All" are some apps that I do not recognize or know what they are:

A4A Radar
Account and Sync Settings
Alerter 0.0kb (?????)
- I'd guess this is just a running service that deals with alerts/wakelocks.
Android Keyboard
Android Live Wallpapers
Android System 0.0b
Anti Spy Mobile FREE
AppStore
BBVA US
Calculator
Calender
Calender Storage
Camera
Certificate Installer
Clock
com.android.provision (???)
- Either has to do with provisioning the device on the network or with Google.
com.android.qualcomm
com.qualcomm.permission.? (The rest of it is off screen)
com.qualcomm.privinit
Contacts
Contacts Storage
Dialer
Dialer Storage
Download Manager
Downloads
Drive
DRM Protected Content Storage
eBay
Email
Explorer
Fota Client
FoxFi
FoxFi AddOn
Gallery
Gmail
GO Launcher EX
Go Switch Widget
GO Weather EX
Google Backup Transport
Google Calender Sync
Google Contacts Sync
Google Partner Setup
Google Play Services
Google Play Store
Google Search
Google Services Framework
Wiper App

(hold on will post the rest in a minute)
I have bolded some stuff with explanations underneath and will do the same for your second post when you put it up.

To be honest with you nothing looks malicious on there at all. It may just be you have never looked into the Running / All Apps section so some things seem out of place. Easiest way to check for root is to download a terminal emaulator and type su at the $ prompt. If it changes to # you have root, or you can download a SU app and see from there.

I'd say you are okay though.
Stigy is offline  
Last edited by Stigy; October 17th, 2012 at 10:18 AM.
Reply With Quote
The Following User Says Thank You to Stigy For This Useful Post:
dustin69 (October 17th, 2012)
Old October 17th, 2012, 10:19 AM   #8 (permalink)
Senior Member
 
kevindroid's Avatar
 
Join Date: Oct 2010
Location: baltimore
Posts: 901
 
Device(s): sgs3 on moar with dkp kernal nexus 7 v2 on cm 11 sgs2 on cm11
Carrier: Not Provided

Thanks: 183
Thanked 216 Times in 182 Posts
Default

no superuser no computer what did he do all this with
kevindroid is offline  
Reply With Quote
Old October 17th, 2012, 10:29 AM   #9 (permalink)
Senior Member
 
ExtremeNerd's Avatar
 
Join Date: Aug 2012
Location: STL
Gender: Male
Posts: 744
 
Device(s): SGS 3, HTC Glacier, Skypad A2, Viewsonic G Tab
Carrier: T-Mobile

Thanks: 51
Thanked 237 Times in 148 Posts
Default

You seem very adamant about your concerns, but they are likely unfounded. What you are proposing is a very intricate procedure which requires a lot of technical knowledge. You are looking for the conspiracy, in my opinion.

The kid you had stay the night would have had to research how to root your exact phone. There are only a handful of phones which use the same method. Even fewer are available without a computer. He had two days to figure this out, plan everything, convince you to allow him to stay the night, and execute.

He also needs to figure out how to build his own "spy" system. These aren't readily available. Not to be an ass, but I don't know if your information is important enough to put in that much effort. I understand wanting to protect yourself, but this is borderline paranoia.

This could be the thread of the year.
Crashdamage likes this.
__________________
The Commandments of Android
1) Open RAM is wasted RAM - Don't use Task Killers
2) Cheap devices are cheap for a reason. Don't expect high end performance.
3) Boot Loop = Wipe.
4) There are no viruses for android.
ExtremeNerd is offline  
Reply With Quote
Old October 17th, 2012, 10:29 AM   #10 (permalink)
AF Contributor
 
Hadron's Avatar
 
Join Date: Aug 2010
Location: Dimension Jumping
Posts: 11,543
 
Device(s): HTC One (S-Off), HTC Desire (retired)
Carrier: Orange UK

Thanks: 2,153
Thanked 4,777 Times in 3,471 Posts
Default

So it sounds like your worry is based on the possibility rather than any evidence? Or is there some other reason?

There are a lot of apps and processes on a typical android phone. Some are part of the OS, some added by the manufacturer, and some added by the network. If you can suggest some you are concerned about people may be able to help, but don't expect to recognise them all.

As for rooting and unrooting, the normal way people unroot is by flashing a stock unrooted ROM, but that would remove any other system mods as well.

The idea that someone might root, then surgically undo this (while not expecting you to be checking in that detail anyway) sounds pretty extreme, and if they did they'd surely not change the OS or kernel in the process (far more visible than root is once superuser is removed). So while I can't prove it's physically impossible, it would require a huge effort and skills beyond most experienced rooters or developers, for gains that are not obvious.
Hadron is online now  
Reply With Quote
The Following User Says Thank You to Hadron For This Useful Post:
Crashdamage (October 17th, 2012)
sponsored links
Old October 17th, 2012, 10:33 AM   #11 (permalink)
AF Contributor
 
Hadron's Avatar
 
Join Date: Aug 2010
Location: Dimension Jumping
Posts: 11,543
 
Device(s): HTC One (S-Off), HTC Desire (retired)
Carrier: Orange UK

Thanks: 2,153
Thanked 4,777 Times in 3,471 Posts
Default

Qualcom are chip makers, and fota will be for Over The Air updates. So don't worry about those.
Hadron is online now  
Reply With Quote
The Following User Says Thank You to Hadron For This Useful Post:
dustin69 (October 17th, 2012)
Old October 17th, 2012, 03:43 PM   #12 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

He did have a laptop and could have Super User'ed himself and removed all of that afterwards. I did run Super User, which indicated the SU binary did not exist. But does that rule out the possibility that it could have been done and all of the tracks (i.e. root, su, etc.) been removed since he had unmetered access to the device for 8 hours while I slept. I will check into the terminal situation but if Super User said the SU binary is not there I don't think it will root me, right? I am, I must say, fairly new to Androids as I have only been using Android for about 4 months or any Smart Phone so I am unfamilar with some of the processes that are expected to ran by the OS.

Further reason to support my belief that this phone has been modified is that I have gone through some experiences over the last month or so (without going into detail) that would lead me to believe that this could of happened.

I know that a lot of research would have had to been put forth, especially since the phone was new and he had no way of knowing what kind of phone I would be buying. But I know for a fact that he had some knowledge of Linux (He had his laptop duel booted, so he was not a newbie when it came to computers or operating systems, and he was very fluent in knowledge during our discussion about computers, OSes, hardware, etc, so I do not believe it was out of his scope of knowledge to have been able to quickly done all this especially if he had done it with other individuals and phones in the past. Yeah it all sounds a little crazy and I am looking for the answer to "Is everything OK with my phone and OS" and "Was this phone and/or OS modified and can this individual be trusted at all in my house or my life in the future?" Those are the two questions I am really trying to get answered here.

ADD ON: Android Terminal Emulator reports su does not exist
dustin69 is offline  
Last edited by dustin69; October 17th, 2012 at 04:54 PM. Reason: Added on
Reply With Quote
Old October 17th, 2012, 05:31 PM   #13 (permalink)
AF Contributor
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,213
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 545 Times in 432 Posts
Default

i suppose the only thing i can ask is what about the phone made you suspicious? is your 'friend' some kind of hacker and you're aware of that and assume he got hold of your phone? or is it doing things now that it never did before like suddenly crashing, self-rebooting a lot, or popping up ads where they don't normally show? are nude pictures showing in the gallery all of a sudden?

the apps you listed both on the device as well as running don't come off looking malicious to me, either. most of the ones you think are weird are part of the phone's network communication settings that give you access to your cellular network carrier.
__________________
Device(s):
Samsung Galaxy S3 (Stock, rooted TouchWiz)
Samsung Galaxy Tab 3 7.0 (non-rooted, stock)
Samsung Galaxy Tab 2 10.1 (obsolete, slow, rooted)
Samsung Galaxy Note 10.1 2014 Edition
nickdalzell is offline  
Reply With Quote
Old October 17th, 2012, 07:16 PM   #14 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

The phone was acting a little strange in the sense that the battery runs out faster than it used to, the situation I illustrated with "Unknown" in the grey box in the Network application, and the connection seems to turn on and off more than it did when I bought the phone. The System space seems to be a lot lower than it should be like as if there were hidden apps. Also is it possible for apps to hide themselves from the Android's stock "Running Applications" viewer?

Anyways, so if I had root, what could be done to verify the integrity and it's System partition as well as the Android Kernal and any installed packages?
dustin69 is offline  
Reply With Quote
Old October 17th, 2012, 07:43 PM   #15 (permalink)
AF Contributor
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,213
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 545 Times in 432 Posts
Default

all i know is my phone tends to glitch and none of it is attributed to spyware/malware, but the fact it's a cheap, entry-level device with a sub-par processor. in my case my battery life varies from perfect (if in wifi only, airplane mode) to horrid (having GPS, 3G, cellular data, wifi, and apps running in the background) to even more horrid (lockscreen doesn't time out so screen stays on in my pocket, etc) and my phone self-reboots a few times a day, i often get random 'low disk space' notifications and then all of a sudden the space is back to normal. i just consider it part of Android. weird stuff happens. but i'd only worry if you get calls from your contacts asking why you called and hung up, or if you get odd ads in the gallery, notification area, (download airpush detector in the market/play store to be sure) or if porn shows up in your gallery. or you get strange calls or text messages--all of these are signs of spyware/infections.

i had a Nokia once that had a fancy keyboard and it started acting strange after a pet deer took a bite out of the keyboard while i was emailing someone and it didn't do any visible damage, but i often got calls from friends asking why i called and hung up--apparently it was damaged to the point it self-dialed contacts (stuck keys?) but i don't consider battery drains, some force-closes and running services you listed as strange--i live with them daily. and my phone is always with me.

i'm a bit of a 5th Amendment proponent myself. i usually keep the GPS turned off as i don't like the idea of my location being broadcasted to who-knows-where.
nickdalzell is offline  
Reply With Quote
Old October 17th, 2012, 09:04 PM   #16 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

I don't think I would consider those things 'normal, acceptable Android functioning' even for an entry level device. I do not want my Android acting buggy at all especially when the OS seems to be so solid. Also in relations to GPS that does not have much to do with this thread I have had my phone make Emergency phone calls that I did not initiate a couple of times. Not sure what that was about.. I forgot to mention that earlier. Also I had one call end with an individual and the timer did not go off and someone whom was "beeping in" and I had missed the call, was on the other line when I hung up.
dustin69 is offline  
Reply With Quote
Old October 17th, 2012, 10:24 PM   #17 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

Does it have another function? I was recomended the app by the same individual.
dustin69 is offline  
Reply With Quote
Old October 17th, 2012, 11:23 PM   #18 (permalink)
AF Contributor
 
nickdalzell's Avatar
 
Join Date: Jun 2011
Location: Owensboro, KY
Posts: 3,213
 
Device(s): Nexus 10, Nexus 7, Galaxy S3, Galaxy Tab 3's
Carrier: Verizon

Thanks: 89
Thanked 545 Times in 432 Posts
Default

i get calls from robots often (502-256-7522) that ends up being a collection agency for the last owner of my number but that's normal, my phone reboots itself which is a known issue, and that old Nokia self-dialed due to the damage it got. but if any were infected with malware you can expect more than a few glitches and random events.

if your phone runs something like Android 2.1 or earlier, glitches are part of it. Eclair and Cupcake sucked compared with the more refined later builds that are in higher end devices. rooting a phone and messing around causes issues too. sometimes carrier bloatware can cause malfunctions, heck even a Virgin Mobile phone came out of the box with three airpush ad bots installed. however i have yet to have any android device that is perfectly stable. i've used both iOS, RIM OS, Symbian, 'dumb' phone software, and Android, and i'm not going to hide the truth that Android has lags and issues at times. it's open source. it's based in Linux. it has glitches.

when i mentioned GPS, it was referring to the more likely chance that if your friend wanted to hack your phone, he'd have more success in enabling Latitude and GPS and setting up both his phone and yours to where he could see where you were and spy on you via that app. that seems more likely than rooting a phone, installing adware/malware, unrooting it and passing it back to you
nickdalzell is offline  
Last edited by nickdalzell; October 17th, 2012 at 11:27 PM.
Reply With Quote
Old October 18th, 2012, 02:03 AM   #19 (permalink)
AF Contributor
 
Hadron's Avatar
 
Join Date: Aug 2010
Location: Dimension Jumping
Posts: 11,543
 
Device(s): HTC One (S-Off), HTC Desire (retired)
Carrier: Orange UK

Thanks: 2,153
Thanked 4,777 Times in 3,471 Posts
Default

Do you have an "emergency call" button on your lockscreen? If so that's likely to be the cause of your emergency calls (some event wakes screen, emergency call button pressed...).
Hadron is online now  
Reply With Quote
Old October 18th, 2012, 06:28 AM   #20 (permalink)
Killer Psychologist
 
chanchan05's Avatar
 
Join Date: Jun 2011
Gender: Male
Posts: 10,779
 
Device(s): Samsung Galaxy SL (I9003), Samsung Galaxy Tab 7.0 Plus (P6200), Samsung Galaxy SIII mini (i8190)
Carrier: Not Provided

Thanks: 140
Thanked 2,337 Times in 1,941 Posts
Default

Just wondering, I doubt your friend did anything due to the ff:

1. Does he have a motive? You didn't mention any. Its not like the "friend" was some crazy ex or something is he/she?

2. The list you posted does not have anything weird in it.

3. Spyware apps of the level you describe often need to have the phone rooted to work AFAIK. Your claim of "he may have super-usered it then removed the tell-tale stuff" won't hold. The moment he removes the root/superuser, the stuff he placed that requires root would stop working.

But of course its still your call. If you really are worried, root the device then flash it with some other ROM. Nothing would survive that AFAIK.
Crashdamage likes this.
__________________
https://shared.com?ref=51950 100GB free storage. WOW.

Worried about your health? Take the True Health Assessment now! Click HERE
chanchan05 is offline  
Reply With Quote
sponsored links
Old October 18th, 2012, 08:00 AM   #21 (permalink)
Junior Member
Thread Author (OP)
 
Join Date: Aug 2012
Location: Dallas
Posts: 30
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 0 Times in 0 Posts
Send a message via Skype™ to dustin69
Default

Good idea, about flashing the ROM. But also I still want to establish IF this was done or not perhaps by MD5 checksum on all Android system files and packages? Ideas?
dustin69 is offline  
Reply With Quote
Old October 18th, 2012, 08:21 AM   #22 (permalink)
Senior Member
 
ExtremeNerd's Avatar
 
Join Date: Aug 2012
Location: STL
Gender: Male
Posts: 744
 
Device(s): SGS 3, HTC Glacier, Skypad A2, Viewsonic G Tab
Carrier: T-Mobile

Thanks: 51
Thanked 237 Times in 148 Posts
Default

Quote:
Originally Posted by dustin69 View Post
Good idea, about flashing the ROM. But also I still want to establish IF this was done or not perhaps by MD5 checksum on all Android system files and packages? Ideas?
This is getting worse and worse each post I read. Do you realize how much knowledge it takes to build a ROM from source for a specific device AND then program a malware app which avoids ALL typical android security? This is a ridiculous though.

MD5 is used to ensure an entire file was downloaded. It has nothing to do with hacking.

Your phone is fine.
Crashdamage and chanchan05 like this.
ExtremeNerd is offline  
Reply With Quote
Old October 18th, 2012, 08:34 AM   #23 (permalink)
Killer Psychologist
 
chanchan05's Avatar
 
Join Date: Jun 2011
Gender: Male
Posts: 10,779
 
Device(s): Samsung Galaxy SL (I9003), Samsung Galaxy Tab 7.0 Plus (P6200), Samsung Galaxy SIII mini (i8190)
Carrier: Not Provided

Thanks: 140
Thanked 2,337 Times in 1,941 Posts
Default

The level of security breach the OP is posting is something that would take weeks of research, beta testing and stuff. As far as I can see, there is nothing wrong with the phone, and if you think your "friend" would be doing things like that, why are you even talking to the person? Honestly, there is nothing wrong with your phone. Probably some app gone rogue or something. Just flash it and there would be nothing left and give yourself peace of mind.
chanchan05 is offline  
Reply With Quote
The Following User Says Thank You to chanchan05 For This Useful Post:
Crashdamage (October 18th, 2012)
Old October 18th, 2012, 08:34 AM   #24 (permalink)
Senior Member
 
Crashdamage's Avatar
 
Join Date: Feb 2011
Location: Kansas City, Mo.
Posts: 2,313
 
Device(s): Started with the original G1, currently Nexus 4, Nexus 7, Nexus 5
Carrier: T-Mobile USA

Thanks: 1,690
Thanked 525 Times in 441 Posts
Default

What you are so worried about is about as likely as finding Sasquatch or a zombie attack. Agree with chanchan05 - nothing you have posted shows any sign of system modification or spyware. Increased power drain means nothing, there's many possible innocent reasons for that.

Relax and enjoy your phone.
__________________
Registered Linux user #266531 since 2001. Android user since v1.0.
Crashdamage is online now  
Last edited by Crashdamage; October 18th, 2012 at 08:41 AM.
Reply With Quote
Old October 18th, 2012, 09:17 AM   #25 (permalink)
AF Contributor
 
Join Date: Apr 2010
Location: New York
Posts: 1,523
 
Device(s): Samsung Galaxy S3, Nexus 7
Carrier: Cingular

Thanks: 234
Thanked 263 Times in 198 Posts
Default

Why not just do a factory reset and call it a day?

This thread sounds like it's from a bad James Bond movie, what could you friend possible want off of your phone? Do you bank with larger amounts of money? Hold classified information on your phone? If you are really worried just do a factory reset.
Crashdamage likes this.
__________________
Past Devices: Google Nexus One (sold), Samsung Galaxy S2 (sold), B&N Nook (returned), Samsung Galaxy Tab 7 (sold), Samsung Galaxy Tab 10.1 (On the Shelf)
Current Devices: Samsung Galaxy S3 (AOKP), Nexus 7 (Stock), Chromecast

Mostly Harmless is offline  
Reply With Quote
Old June 11th, 2013, 08:26 PM   #26 (permalink)
New Member
 
Join Date: Jun 2013
Posts: 2
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by dustin69 View Post
I made a bad judgement call on the matter of letting him come and spend the night without securing my phone, or period for the matter. By the way, the phone was only 2 days old or so when this happened. I asked him if he had done anything he should not have done but of course the only answer I received of course is "What are you talking about?", plus it would be rude to accuse someone without having any type of proof so that is why I would like to figure out of it has occured or not. I am going to install Super User and see if it grants root at the moment, but I do believe the phone could have been rooted and unrooted. Here is a list of apps that are running on the phone according to the "Running" screen

Settings 8.6mb
Pandora 29mb
A4A Radar 2.7mb
GO Launcher EX 25mb
GO Switch Widget 2.8mb
GO Weather EX 11mb
com.android.qualcomm 1.7mb (Which I have no clue what this is)
Fota Client 3.0mb (NO Clue)
Google Services 17mb\
Media
Android keyboard

Also under the "All" are some apps that I do not recognize or know what they are:

A4A Radar
Account and Sync Settings
Alerter 0.0kb (?????)
Android Keyboard
Android Live Wallpapers
Android System 0.0b
Anti Spy Mobile FREE
AppStore
BBVA US
Calculator
Calender
Calender Storage
Camera
Certificate Installer
Clock
com.android.provision (???)
com.android.qualcomm
com.qualcomm.permission.? (The rest of it is off screen)
com.qualcomm.privinit
Contacts
Contacts Storage
Dialer
Dialer Storage
Download Manager
Downloads
Drive
DRM Protected Content Storage
eBay
Email
Explorer
Fota Client
FoxFi
FoxFi AddOn
Gallery
Gmail
GO Launcher EX
Go Switch Widget
GO Weather EX
Google Backup Transport
Google Calender Sync
Google Contacts Sync
Google Partner Setup
Google Play Services
Google Play Store
Google Search
Google Services Framework
Wiper App

(hold on will post the rest in a minute)
OMG!!!!! I have the same problem but my ex-housemate did it I'm sure... and it is much , much worse than your phone it seems. Mine calls people, the screen will have red drawing on it whenever he likes, the icons will be moved, messages have been disabled... I cannot even access the net or send messages mms or text anymore!!!??? And I cannot uninstall anything!!! I want to just throw it out but cannot afford to at this time.. I have a little LG L# optimus.. I kept breaking my iphones, droppping in toilets...I'm terrible with phones... my laptop also has these viruses/spyware/VPN/certificates??? ... now... I don't really know much about phones or computers have only heard of certificates etc since all of this started.. He accesses my photos and everything!! I am a girl btw.. I have sadly just become resigned to knowing he sees EVERYTHING I do and that each morning my phone may be doing something else weird and frustrating.... (( aaaarrggghhhhh...... I also would like to prove and somehow fix it but also hold him accountable or do something?!! Please help.... thanks
YaliBear777 is offline  
Reply With Quote
Old June 11th, 2013, 08:28 PM   #27 (permalink)
New Member
 
Join Date: Jun 2013
Posts: 2
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

oh, also I don't use my laptop AT ALL anymore ...but unfortunately have to use the phone...but use it ONLY for calls... when it works... so ridiculous I know... any help would be much appreciated thx
YaliBear777 is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Discussion > Android Lounge
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 02:11 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.