Help phone

[James cameron]

I purchased a used Note 4 off ebay from China and want to make completely sure there are no spy apps or malware on it. I know some spy apps can be installed into the system partition and survive a factory reset. I discovered an app called cerberus that could do this and could be used to spy on me and blackmail me. How do I completely clean my phone of all spy apps or malware and completely wipe everything including the system partition erasing everything.

 

[mikedt]

I purchased a used Note 4 off ebay from China and want to make completely sure there are no spy apps or malware on it. I know some spy apps can be installed into the system partition and survive a factory reset. I discovered an app called cerberus that could do this and could be used to spy on me and blackmail me. How do I completely clean my phone of all spy apps or malware and completely wipe everything including the system partition erasing everything.

"...from China" ... Is it a real Samsung Galaxy Note 4, or is it some fake, clone or replica? Suggest you post more details about it, like exact model, kernel version and baseband codes. So we know what you've actually got there. Because with knock-off China phones, basically anything is possible.

Cerberus is a legitimate security type app, and is sometimes recommended by some users on AF.

 

[James cameron]

"...from China" ... Is it a real Samsung Galaxy Note 4, or is it some fake, clone or replica? Suggest you post more details about it, like exact model, kernel version and baseband codes. So we know what you've actually got there. Because with knock-off China phones, basically anything is possible.

Cerberus is a legitimate security type app, and is sometimes recommended by some users on AF.

It's the real phone European model sm910f. Cerberus can be used as a spy app right? What's to prevent someone doing that. Also I included it partly as proof of concept.

 

[James cameron]

Is anyone there?

 

[Mikestony]

Cerberus can be used as a spy app right?

Yes.

What's to prevent someone doing that

Morals.

Also I included it partly as proof of concept.

Not sure what you mean by that.

I'm assuming you cannot uninstall the app? Force stop/clear data/cache, remove from Device Administrators etc?

 

[James cameron]

Yes.


Morals.

Not sure what you mean by that.

I'm assuming you cannot uninstall the app? Force stop/clear data/cache, remove from Device Administrators etc?

No, I don't know what is on the phone. I am using that app as an example I discovered. I just want to wipe the phone clean in the easiest way.

 

[Mikestony]

No, I don't know what is on the phone. I am using that app as an example I discovered. I just want to wipe the phone clean in the easiest way.

Well, I would think a clean firmware flash should do it.
Sammobile.com should have your firmware and the computer program ODIN that is used to flash (install) it.

Question, as I was searching on sammobile.com, I did not see the SM-910F...could your device be the SM-N910F?

 

[mikedt]

It's the real phone European model sm910f.

I did see "Note 4", Ebay" and "China" in the same sentence. ...so I had to be sure. I'm in China, and after iPhone, I'm sure Samsung is the second most faked phone.

Cerberus can be used as a spy app right? What's to prevent someone doing that. Also I included it partly as proof of concept.

I believe it can. Did you factory reset the phone when you received it? Might be best to check it hasn't been rooted or modified in anyway.

 

[James cameron]

Well, I would think a clean firmware flash should do it.
Sammobile.com should have your firmware and the computer program ODIN that is used to flash (install) it.

Question, as I was searching on sammobile.com, I did not see the SM-910F...could your device be the SM-N910F?

Yes thats it. I have watched many videos of people using Odin and afterwards all there apps were still there. I asked why in forums but nobody helped. I began to do my own research and came across these two threads https://forum.xda-developers.com/showthread.php?t=2572693 and https://forum.xda-developers.com/showthread.php?t=2573021 apparently it overwrites it but doesn't clear it. It would be great if this knowledge was more common as nobody pointed this out.

Is there another way that works?

 

[James cameron]

I did see "Note 4", Ebay" and "China" in the same sentence. ...so I had to be sure.


Cerberus can be used as a spy app right? What's to prevent someone doing that. Also I included it partly as proof of concept.

I believe it can. Did you factory reset the phone when you received it? Might be best to check it hasn't been rooted or modified in anyway.

Thanks does a phone need to be rooted to make apps survive a factory reset or can the person hide the root or somehow disguise he has done this?

 

[Mikestony]

Yes thats it. I have watched many videos of people using Odin and afterwards all there apps were still there. I asked why in forums but nobody helped. I began to do my own research and came across these two threads https://forum.xda-developers.com/showthread.php?t=2572693 and https://forum.xda-developers.com/showthread.php?t=2573021 apparently it overwrites it but doesn't clear it. It would be great if this knowledge was more common as nobody pointed this out.

Is there another way that works?

Hmm, interesting!
Did you factory reset the device as @mikedt inquired?

 

[James cameron]

Hmm, interesting!
Did you factory reset the device as @mikedt inquired?

Yes.

 

[Mikestony]

Yes.

If you want to be completely sure of wiping the system partition, and based off of the findings in your previous XDA links, I would think you would need to root the device, install TWRP recovery, then download/flash a custom ROM. In the process of flashing the custom ROM, one of the partitions you need to wipe in TWRP would be the /system partition.
I would think that would be the only way to be reassured of the system being wiped.

Other than that, I don't know. I would think if your device is currently not rooted, factory reset via recovery would be the only way to wipe the device clean.

 

[James cameron]

If you want to be completely sure of wiping the system partition, and based off of the findings in your previous XDA links, I would think you would need to root the device, install TWRP recovery, then download/flash a custom ROM. In the process of flashing the custom ROM, one of the partitions you need to wipe in TWRP would be the /system partition.
I would think that would be the only way to be reassured of the system being wiped.

Other than that, I don't know. I would think if your device is currently not rooted, factory reset via recovery would be the only way to wipe the device clean.

Do I need a custom rom or can I just flash stock?

 

[Mikestony]

Do I need a custom rom or can I just flash stock?

You may be able to find a stock, rooted rom to flash via TWRP.

 

[Mikestony]

Just curious, this whole inquiry of yours stems from the fear of something nefarious being installed but not proven?

No worries, I'm not calling you paranoid I would assume you are just being cautious as the device was purchased off of Ebay from China.
And I would feel the same way, so again, no worries, not judging

 

[James cameron]

Just curious, this whole inquiry of yours stems from the fear of something nefarious being installed but not proven?

No worries, I'm not calling you paranoid I would assume you are just being cautious as the device was purchased off of Ebay from China.
And I would feel the same way, so again, no worries, not judging

Yeah I just came across anti theft apps realizing what they could do. This made me concerned as the phone could've been used by anyone and comes from the other side of the planet. Thanks for everything.

 

[lunatic59]

Just for argument's sake, put your phone into download mode and see if the security switch (knox) has been tripped.

Turn your phone off.
Press and hold Volume Down + Home + Power until it boots into download mode. You'll probably see some dire warning, but that's okay. Just proceed to the next screen until you see this:

Up in the information you will see a Knox Warranty code ... if it's 0, your phone has never been rooted and a factory reset should clean you up (don't forget to format user storage as well). If it's 1, then you'll want to flash stock firmware.

To get out of download mode, simply press and hold the power button until the phone reboots.