• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Seeing ads in my notification bar?

:mad: Tablet Wallpapers was the culprit on my device. +1 to Airpush detector. It did its job.:)

Thanks to this thread, I installed Airpush Detector and it found Tablet Wallpapers as one of 3 possible culprits - knew it was Tablet Wallpapers, though, since I installed that weeks ago (when the push notifications began) and the other two apps were just added yesterday. New York Live Wallpaper and Winter Scenes Live Wallpaper were the other two, FYI.
 
Upvote 0
Hit the Scan button in the center.
Hit the Addons button.
Click on the drop down box.
Go to Push Notifications.
Click on one of the things listed and start uninstalling one by one. I would write down everything that is listed. As soon as I deleted the culprit the adds went away in 5 minutes tops.

I didn't think the addon detector would work, so I didn't write the name of the culprit down :(
I know for a fact that is was either a wallpaper or a recent theme I installed for GoLauncher.
So far no more adds! And one HAPPY CAMPER!
 
Upvote 0
Thanks you lot for all the interesting and useful info on this forum (not just this thread). I'm a forum noob but signed up to add to this thread because I started to receive a small, square, green speech bubble with a smiley face in my notification bar. I couldn't delete it and it kept on taking me to unwanted ads for other apps. After seeing this forum I downloaded Ad Network Detector by Lookout (it had a long list of recognized offenders) and it identified the culprit as LeadBolt from the app Helidroid 3D. Although I can uninstall I chose to 'opt out' because I still want to play the app! It seems to have worked so far. I'll let you know if things change. I've given the app an appropriate rating with a warning to other potential victims.
 
Upvote 0
So, first of all, I'm extremely grateful to have found this tread.

HOWEVER, it comes a little late. I just got my phone a couple weeks ago, and in my excitement, I downloaded what I thought was an official google calendar app without checking the credentials of the developer or closely looking at the permissions (You must attempt to imagine how much of an idiot I feel like right now. Do it. Just put yourself in my position. Also, it seems ridiculous that it wouldn't occur to me that I wouldn't have to download an official google calendar, but I implore you not to embarrass me further).

What follows are the details of my experience with the app "Google Calendar" by the 'developer' "App for Android". You can scroll down to the bolded questions I have resulting from this experience, if you find me too long-winded.

I started seeing tons of ads on my notification bar AND on my desktop, but couldn't figure out which app put them there (I have been trying out many since I got my phone). Finally, I took to the 'net and found out about Airpush and Addons detector. Both pointed to this "Google Calendar" app. I couldn't, for the life of me, figure out why Google would push ads via Airpush and Leadbolt.

I went to the marketplace/Google Play to see what had been written about this app, but when I pulled up "My Apps" from Google Play, the app was not visible at all. I dismissed this as probably due to the fact that it was "an official app" and I couldn't uninstall it from the marketplace for that reason. It wasn't until I went to Running Services, that I saw the offending service that I realized I COULD uninstall it, and, quickly, I did!

After searching for it on Google Play again, I saw it somewhere on the fourth or fifth page when searching for "google calendar". It had a rating of 4.9 stars with 14 ratings, and the first review said "Great App!" (Again, please do not point out the ignorance/stupidity on my part.) So I didn't even think much when I installed it for these reasons.

Upon further inspection, I saw the following requested permissions:

________________________________________________________________

THIS APPLICATION HAS ACCESS TO THE FOLLOWING:

YOUR LOCATION
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.

COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.

NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.

YOUR PERSONAL INFORMATION
READ BROWSER'S HISTORY AND BOOKMARKS
Allows the application to read all the URLs that the Browser has visited, and all of the Browser's bookmarks.

WRITE BROWSER'S HISTORY AND BOOKMARKS
Allows an application to modify the Browser's history or bookmarks stored on your device. Malicious applications can use this to erase or modify your Browser's data.

PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.

STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.

SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.


("Show all" reveals the following:)

HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.

YOUR LOCATION
ACCESS EXTRA LOCATION PROVIDER COMMANDS
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.

NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.

SYSTEM TOOLS
AUTOMATICALLY START AT BOOT
Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.

________________________________________________________________

So I decided to contact the developer to ask how the app worked exactly, why it needed so many permissions, and to complain about the ads. I'm still an idiot at this point, because I didn't notice that the contact email was "contact@gmail.com". I then got a delivery-failure notice, and went back to the Play website to click on the developer link which took me to "ww1.www.com"... And then I saw the developer's name is/was "App for Android".

Here is where I realized the extent of my stupidity.
(Looking at his/her other app, "Faster Hotmail" showed complaints of ads, too. At the play website, the html string for his/her page is "store/apps/developer?id=App+for+Android" in case you want to see.)

Naturally, I left a rating and a comment and reported the app to Google. Balance was restored to my phone, as the app was now gone, and I had taken the necessary actions available to me to attempt to deter/protect others from downloading the app.


But then I started to wonder: I gave this app my google credentials. Was this simply an adware app? Was it spyware?? Was it trying to phish my credentials??? Is it possible that it was malware and it rooted my phone/installed a backdoor to my phone that I don't know about????

I downloaded Lookout, and although the scan didn't find anything, I also ran the scan with the app installed, and it didn't find the app as malicious. I am in the middle of changing the passwords of several accounts that I accessed from my phone, (I don't use the same password for any two accounts, have a password manager, and am aware that passwords should be changed frequently anyway, so this isn't a big deal.) But I'm still worried.


Thus, my arrival at these forums and this post. I humbly ask for the community's advice. I am, perhaps, too paranoid, but I want to be more careful than I originally was.

My questions are:


1) Is there a safe/verified way to check if an app has rooted my phone?
2) If my phone has been compromised, is the only/best solution to do a factory reset? (Please tell me that a factory reset will work.)
3) Is there anything else that I should do that I haven't mentioned/done already?


Please help/advise :(
 
Upvote 0
Ooops! Looks like it didn't work. I chose to opt out of the ads via the LeadBolt page that came up after my Lookout scan. I re-started my HTC and the notification went. After a while it popped up again. I gave them a few days in case it took them a while to process my response but it didn't work. I uninstalled the app but to my surprise the box popped up again a day or two later! I ran a Lookout scan and it didn't id any app present that pushes ads. I've downloaded Addons Detector and run a scan but it still didn't detect any app of this nature, even though the little green box was sat in my notification bar!:mad:

Any ideas, anyone?:thinking:
 
Upvote 0
Maybe a new AirPush "player", yet unknown to the AirPush detectors of the Market.

I read about a method which may be helpfully if the AirPush detectors won't find any push notification addon in your apps.
And so you won't know which of your free apps is responsible for the spam in your notification bar.

You might hunt the culprit app on your own with the aid of the phone logging app 'aLogcat' (free in Market).
But be warned, you'll need some experience with logs or the will to learn it ;)

Wait until the annoying ad appears in you notification bar.
Start 'aLogcat' and then clear its log.
Then pull down the notification bar and tip on the icon of the annoying ad.
Return quickly to aLogcat (via long press on the HOME button).
Now you should see the culprit app and following it the AirPush SDK in the log's rows.

Good luck :)
Harry
 
Upvote 0
Thanks Harry. I didn't end up trying your advice because I didn't need to. I just ran a scan again with Addons Detector and it cornered the offending app (I hadn't read the bit in Addons that states it only scans notifications received in the last 48hrs which is why I mistakingly thought it couldn't detect the offending notification - told you I was a NOOB!)
Here's the weird bit however....Addons id'd the app as 'TANK 2012'. I have never installed that app (or even searched for it on Google Play). I don't know where it came from unless it managed to piggy back in to my phone through the original offending app 'Helidroid 3D'.
Anyway, I've used Addons to uninstall it now and will see if that has stopped it. Have a nice day!
Rob.
 
  • Like
Reactions: Harry2
Upvote 0
( ... )


1) Is there a safe/verified way to check if an app has rooted my phone?
2) If my phone has been compromised, is the only/best solution to do a factory reset? (Please tell me that a factory reset will work.)
3) Is there anything else that I should do that I haven't mentioned/done already?


Please help/advise :(

1) I'm not 100% sure, but if you see an app with a name like "superuser" that's a good indication you are rooted.

2) Factory reset will indeed help really clear out your phone. There may be some malware out there that can get around it, but even if there is it would be very, very, very rare. Factory reset should set you straight. However, be careful to un-check "save my preferences" under the privacy settings on the phone, else Google Play may try to re-download all your apps for you once you sign in after a factory reset.

A better way would be to make a list of your apps and install them one by one. ( You can actually use my app Listables to make the list, but there are also other apps too)

3) It seems like you are pretty well covered. You are taking exactly the right security-mindful steps a person should take if they suspect they have malware. In fact, I'm quite impressed with your diligence :)

Hope that helps and dont hesitate to ask if you have more questions.
 
Upvote 0
I had similar problems with GLU games Like blood and gore and zombies and sniper. It would send these little ads up to my notification saying save 75 percent off a weapon upgrade. or If you buy the ocopy today you get a free up grade of gear. Really cool games awesome graphics but I deleted them because it would wake my phone make a beep as well. After that I got a new notice in my bar that was from T Mobile telling me my bill will be ready soon then two days later my bill is ready and the then two days later my bill as past due. Then starts the text messages. I found in the my account app you can turn those notifications off.
 
Upvote 0
I had a similar problem with an add called "BeNaughty" Drove me crazy! Found out it was a theme that I had downloaded called "go ICS" which was just an imitation of the real IceCream Sandwich theme.

To Get Rid of:

Step 1 - click on the add and quickly look in the upper left corner where it will give the app, theme, game that keeps sending these stupid apps.
Step 2 - Delete
Step 3 - Give them a low rating or and warn others!
 
  • Like
Reactions: blackepoxy
Upvote 0
I had a similar problem with an add called "BeNaughty" Drove me crazy! Found out it was a theme that I had downloaded called "go ICS" which was just an imitation of the real IceCream Sandwich theme.

To Get Rid of:

Step 1 - click on the add and quickly look in the upper left corner where it will give the app, theme, game that keeps sending these stupid apps.
Step 2 - Delete
Step 3 - Give them a low rating or and warn others!

Yeah same here, with the ICS go launcher theme, it's hard to find a ICS go launcher theme that doesn't have it...

I have one installed now that shows it has it, but i have never seen any spam from it...
Maybe it starts up when you select choose wallpaper...
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones