Look at it logically: if your phone has vulnerabilities that allow Kingroot or similar to root it, the same vulnerabilities could be used by a malware installer to install malware to /system. And we've certainly seen cases of that happening. I wouldn't expect that to give the user root (why give them the ability to remove your malware?), but it would be an unauthorised modification to the ROM. Whether this would trip these flags I don't know, as I have little experience with Samsungs.Is it strong enough to do that successfully? People screw up their phones half the time trying to do it on purpose!!!!
But the "refurb sold as new" hypothesis would be preferable, since (a) that doesn't imply that the phone is infected, and (b) if it can be demonstrated to be the case it leaves the provider clearly in the wrong, and hence the OP in a much stronger position.
Upvote
0