How to prevent repair guy from installing unwanted software into my phone?

[Inquizzitive]

I am about to give my phone for repairs (broken screen). I wonder, what if repair guy will reinstall OS with version, containing some spyware or such?

Is it possible to detect this?

I can encrypt the phone and lock it with the password, would it help? But what if he requires access to the phone during repair process (say, to check that it works properly after screen replacement)? In this case I can do factory reset to prevent sharing my personal data (it is backed up), but in this case how can be sure that OS wasn't tampered with?

 

[dontpanicbobby]

I'd think the repairer would only bother to see if the Lockscreen works after he installs a new screen. Once the Locksreen shows it's fixed.

 

[Inquizzitive]

I'd think the repairer would only bother to see if the Lockscreen works after he installs a new screen. Once the Locksreen shows it's fixed.

Yes, probably so. But just in case that repairer is very thorough and would like to check if all buttons work in all corners of the screen, after replacement..

Or for the future if more serious repair is necessary and I will receive my phone from repairer in factory reset state, can I make sure it didn't receive infested OS reinstall?

If I do factory reset myself after getting phone from repairs, will it wipe the phone clean to OS version I got when I bought it, or factory reset OS version can be tampered with also?

 

[dontpanicbobby]

Unless you give him your codes he can't.

 

[Dannydet]

Just deal with a trustworthy repair shop.

 

[Hadron]

A "factory reset" doesn't change the OS at all. All it does is wipe your apps, data and settings. So no, if this hypothetical nefarious repairman installed spyware to the system partition a reset wouldn't remove it.

If you want a bluntly factual answer, you cannot stop a repairer doing this. You give them unsupervised physical possession of the phone and nothing other than filling the usb port with epoxy will render it impossible for them to modify the software. Of course if they do this and are discovered then that's their job gone at the very least, which would be enough to dissuade most. It's rather similar to asking how you can ensure that the car repair shop does what it says and that everything they do was really needed (and in reality I think you are more likely to meet that type of fraud than what you are worrying about).

As to how you could tell, I don't know enough about modding Samsungs to say how easy it would be to remove all traces. To modify the system they'd need to unlock the bootloader, for example, but how easy that is & whether it's possible to reset the Knox flag/counter on your particular model I can't say.

If you are really paranoid about this you could back everything up before sending for repair (always a good plan anyway, as an official repairer is likely to reflash the firmware anyway) and when you get the phone back reflash it yourself (firmware from Sammobile.com, make sure you know the exact model of phone, i.e. the full model number, not just "galaxy s 4g"). That will overwrite any changes to the system software.

But you know, if I had that little trust in the repair shop I wouldn't give them my business and money in the first place.

 

[lunatic59]

Could you give us the model number of your phone? The references I've seen for "Samsung Galaxy S 4G" leat me to specs for a pretty old phone, but knowing how Samsung plays games with names, the model number would be the best identifier.

The easiest and most reliable way to ensure there are no unwanted apps installed without your permission is to re-flash the factory firmware when you get it back. That can be done with either Smart Switch or Kies, depending on your phone. Or you can do it manually with Odin.

 

[dontpanicbobby]

I can't tell where your from on your Profile page @Inquizzitive? My Country wouldn't send an intelligence resource/assets to cover random repair shops. Heck; they wouldn't even send them to a big city like Boston. There are too many options.

 

[lunatic59]

But you know, if I had that little trust in the repair shop I wouldn't give them my business and money in the first place.

I think there's a lot of sensational journalism in the tech channels (all 'news' for that matter) That paint everybody as a scam artist or a criminal. It makes many folks paranoid about this stuff, especially if they've been burnt in the past.

 

[Inquizzitive]

Exact model number is GT-I9505

Ok, reflashing the phone seems to be the best option, I had suspicions that factory reset alone wouldn't do the trick.

Just to double check - reflashing would definitely reset everything?

As for trustworthiness, better be safe than sorry, especially if it is not too hard. It is individual choice.

 

[dontpanicbobby]

Factory reset will do the trick. All gone, starting over.

 

[lunatic59]

Okay, it's an "S4" not an "S 4G" .... going to have to report that to the site admin ... anyway, with the S4 you have Samsung's knox security. If you boot into download mode you can check the knox status.

With the phone off, press the volume down, home and power button at the same time. When the samsung logo appears, release the power button, but keep holding the other two. You will probably see some dire warning about modifying the OS, just proceed to the next screen. There you should see a message that says "Knox Warranty Void:" with a number following it. If it's 0, they you're good. If it's 1, then your phone has been rooted (or attempted to be rooted). Press and hold the power button until the phone reboots.

With a "0" a factory reset will be fine. Since the system partition requires root to alter it, any spyware would have to be installed in the user space. If the phone has been rooted, however, all bets are off and re-flashing the firmware is the only way to be sure.

Flashing the factory firmware, either through Samsung's utility or Odin/sammobile overwrites everything, including the user and system partition. It's like doing a low-level format of a PC's hard disk and reinstalling the OS.

 

[Inquizzitive]

lunatic59, great answer. I have checked per your instructions, it says knox 0x00, so now I have a way to check if phone OS was tampered with and know what to do if it happens.
As for the phone model, it says 4G at the back, hence I thought it was Galaxy S 4G, go figure..

 

[lunatic59]

As for the phone model, it says 4G at the back, hence I thought it was Galaxy S 4G, go figure..

No problem, I've moved it to the right channel, just to prevent any future confusion.