Help is it normal for the phone to be new and ROOTED?

[kgfy]

Hello,

I am new to smartphones and I don't know anything about rooting, other than the fact that I don't want it or need it. Here's my problem: I bought a new Lenovo A399 from a business seller on ebay. The phone was sent from within my country (arrived within a couple of days) but the parcel is clearly already sourced from China. So it basically comes from China. No problem, I thought, who cares? I wanted an unlocked smartphone that I could use in my country and abroad, which I could do basic stuff on it, at a budget.

The quality is good, however there's some strange stuff about it, and I am worried about safety. I have googled for hours but learned little, so here's some direct questions:

1. the phone is already rooted. Is this normal or ok? Google play and internet browser are already there. At first I thought the latter was 'standard'. I tried to uninstall another strange app about a store. I was able to get rid of this, but it didn't end there.

2. I didn't trust the 'Lenovo security' thing and installed AVG. Lo and behold, AVG says that the phone is unsafe because it has 'high privileges, i.e. rooted' and it has a program 'weather service' which is potentially unsafe and cannot uninstall. I used AVG for years on my PC so I don't take lightly it's warnings.

Does any of this has any 'normality' about it? At first I thought that the phone might have been 'rooted' to make it unlocked worldwide, but I don't want to take any bad risks. I will have to use the phone to do banking, use paypal and ebay, and access other personal details. I don't want to be dumb and get my identity stolen or something. Should I just return the phone to the seller?

I'd appreciate the response of people who have experience with this rooting stuff. I have been thinking I might 'unroot' the phone but quite frankly I don't really have the time for this as it doesn't look I can do it in a few minutes.

What's your advice? I quite like the quality of the phone considering I paid a very reasonable price, but I don't want to be dumb and sacrifice safety for a frigging phone, no matter how good.

 

[kgfy]

PS. some other suspicious detail: the seller writes in his ad that the box will come opened because they need to include the right adaptor for the country they send it to.

My immediate argument now is: well, why do you need to OPEN the box to include the adaptor for the country they have to send the phone to? Why not just ADDING the adaptor?

The more I think of all the above, the more suspicious it all seems.

 

[chanchan05]

Devices sold in China often come rooted. Even if not, Chinese devices do not have Google on them. So I believe that the seller outsourced this unit from China, opened and rooted it to add Google stuff so it's useable outside China (probably removed the Chinese app stores too), then added the adapter. This happens a lot of times. However that does not mean it's normal. It's difficult to say whether or not that's all the person did, or added in other stuff.

As for the AVG warnings of 'potentially unsafe', that will appear for several safe apps as well. A weather service apo can be potentially unsafe because it has access to location services and internet. Basically if it was written to do so, it can track your location and send out that info. But then, this is true for ALL weather apps, because it needs access to location to know what data to pull from the internet that would be relevant to you. Although of course, AVG may have already whitelisted known trustworthy weather apps to not show this alert.

 

[Vogel x Psycho]

This does sound very weird.. You can boot into the recovery mode and restore the whole phone, http://www.hardreset.info/devices/lenovo/lenovo-a399/ (This site explains it very well), this should reset the whole phone, restoring it to factory default and thus deleting everything the ebay seller had already installed. If you don't want to lose all your data, you can backup parts of your phone, or the whole phone. Titanium Backup is a really good app, it needs root access, but you already have that. If you make a backup with Titanium Backup, don't forget to copy the data to your PC or something, since this will be deleted if you reset the phone. You can also copy the whole sd card to your pc, just to be safe. You can do this by drag and dropping the files through windows explorer, or if you're on a mac you will need to download Android File Transfer (https://www.android.com/filetransfer/) this program will allow you to copy the files just like in windows explorer. You could also copy the sd card with adb, but this is a bit more advanced and not necessary if you just want to copy your files once, if you however want to do this, I wrote a script for pulling the SD Card to your computer.
You'll have to set your own directories and install Android Studio (http://developer.android.com/sdk/index.html) and the universal ADB drivers (http://www.koushikdutta.com/post/universal-adb-driver)

Everything in between [brackets] should be deleted once set up, they're only instructions.

@echo off
echo Navigating to E:\OnePlus One\SD Card [<--- Set your file path here]
@ E: [<---] Set your drive here]
@ cd \OnePlus One\SD Card\ [<--- Set your file path here, same as the first file path, but leave out the drive, in this example E:]
@ :choice
@ set /P c=Are you sure you want to continue[Y/N]?
@ if /I "%c%" EQU "Y" goto :pullsd
@ if /I "%c%" EQU "N" goto :exit

@ :exit
@ color c
echo The command windows will now close
@ TIMEOUT 5 /nobreak
@ exit

@ :pullsd
@ color a
echo Okay, here we go!
@ TIMEOUT 5 /nobreak
echo Creating directories
@ mkdir %date:~-4,4%-%date:~-10,2%-%date:~7,2%
@ cd %date:~-4,4%-%date:~-10,2%-%date:~7,2%
@ mkdir %time:~0,2%.%time:~3,2%
echo Pulling SD Card of your Android Device and moving it to the SD Card folder.
@ adb pull /sdcard/ %time:~0,2%.%time:~3,2% [<--- The /sdcard/ should be replaced with the name of your sdcard, this can be different for every phone, I checked mine by going to my file manager on my phone, go into the root folder, and searhing for sdcard, once found, I opened it and checked if my files were indeed in there, and put the name in my script]
@ color 79
@ pause>nul|set/p =Pulling process finished, you can now exit! (Press any key)

If you want to make a script of this text, copy and paste it into a text editor on your computer and safe it as a .bat file. Your SD Card will be saved in the file path you selected. I hope this helps you out and if you have any other questions, please ask
Moderators, please edit the command so that the ullsd doesn't become a smiley , I have no idea how to to this

 

[Slug]

the phone is already rooted. Is this normal or ok?

It's not normal, no. Lenovo don't ship their devices rooted, so this must have been done by the vender.

Should I just return the phone to the seller?

I wouldn't trust anything that was supplied rooted but not advertised as such. If that was omitted from the description who knows what else has been added?

 

[kgfy]

thanks all. I think it's possibly all false positives by the antiviruses. Before returning the Lenovo (the phone in question), I bought a cheap and cheerful Alcatel. Here's what I found:

on the Lenovo, I made an hard reset to try to get rid of as much crap as possible. AVG says that the phone has 'high privileges, i.e. rooted' and that the 'wheaterservice' app is malware,but that it can't uninstall the app as it has been installed by the vendor.

still on the Lenovo, I uninstalled AVG and installed CM antivirus. The latter doesn't says anything about 'high privileges' , but it says the same thing about the app 'wheaterservice' , that it's trash and that 'has very low ratings by users from X community (don't remember which) but CM -can- uninstall the app. Which it did. Of note, CM finds a 'Broadanywhere' something that should be uninstalled. After a few searches, I learned from these very forums, that this seems to be a marketing ploy by CM (more of that when I'll install CM on the Alcatel later)

still on the Lenovo, I uninstalled CM and installed Avast. The latter detected no problems now. Possibly this 'wheaterservice' crap was killed completely. I don't know. To check if the phone has really been rooted, I installed Rootchecker, which found nothing, and Titanium Root, which said that the program can't be used because, guess what, there's no rooting on the phone.

Now for the Alcatel. I have bought this from a completely different seller. Made sure isn't Chinese either (not that I have anything about Chinese people of course).

The Alcatel : AVG didn't detect any 'high privileges' or any problems at all. Same for Avast. But CM , guess what. it detected the Broadanywhere thing. Now I was pretty skeptical. Even more, when I googled the thing and realized that CM says that this 'threat' is, no less, present in 99 per cent of all phones. Wow, smelled like BS from a mile away. I am pretty paranoid when it comes to internet security, but I am also pretty sure that if really there was a 'threat' on 99 per cent of all the world population's phones, we probably would hear it in the news.

In short, all the problems I mentioned before may be just a load of BS from the antiviruses. But the 'wheaterapp' sounded pretty suspicious, as it was found by 2 of the antiviruses, AVG and CM. Avast could not find it, presumably because the app was killed before by CM, which AVG could not kill.

So now I have to return one of the phones. The Alcatel to me seems more like what I would expect from a new phone, I didn't detect any problems at all. It feels noticeably cheaper than the Lenovo, has a smaller screen, a dual core processor at lower clock speed compared to the Lenovo (quad core, etc) . The Lenovo is clearly higher in build quality, yet the Alcatel works very well, the speed etc feels snappy , slightly less fast than the Lenovo but not slow; the phone is lighter (because it's more plasticky) and the screen although noticeably smaller than the one on the Lenovo, has a pretty sharp picture.

I am old school, always tend to use technology that is not the last generation anyways, because of cost.

What to think of the antiviruses and all that other stuff? I don't know, but I still am somewhat paranoid about the Lenovo. I plan to do banking and ebay and paypal transactions, my gut feelings tell me to stick with the Alcatel. The Lenovo feels more 'luxurious' but I am not about being fancy, more about being safe. Any thoughts?

BTW, thanks to all for all the previous advice too, it surely helped me to learn more about all this.

 

[tube517]

Uninstall the CM antivirus app. Cheetah Mobile makes garbage apps.

Avast or any other antivirus is not necessary either.

 

[kgfy]

Devices sold in China often come rooted. Even if not, Chinese devices do not have Google on them. .

Thanks chanchan05.
I forgot to clarify that I wanted an -unlocked- phone, which is what I bought. So, after all, it doesn't come straight from the factory, and it's reasonable to assume that the vendor opens the package and the phone in order to unlock it.

The reason why I chose that instead of buying an unlocked phone from a high street shop or something, again is cost. For my kind of budget, the best I can get is the average ebay seller who sells unlocked phones.

Sorry if my lack of clarity could have been confusing.

 

[kgfy]

Remove the CM antivirus app. Cheetah Mobile makes garbage apps.

Yeah I did so. I completely agree, doesn't seem a serious company like Avast or whatever. A company that writes that 99 per cent of all phones are infected with 'Broadanywhere' raises questions, although in the end I can't be sure as I don't make antiviruses. Maybe these guys are right, but it does sound like a scaremongering thing.

 

[tube517]

Yeah I did so. I completely agree, doesn't seem a serious company like Avast or whatever. A company that writes that 99 per cent of all phones are infected with 'Broadanywhere' raises questions, although in the end I can't be sure as I don't make antiviruses. Maybe these guys are right, but it does sound like a scaremongering thing.

Actually, many of us here on AF recommend to not use Cheetah Mobile apps. Here is more info:
http://androidforums.com/threads/pu...k-killers-ram-optimizers-and-the-like.896663/

 

[Brian706]

You can boot into the recovery mode and restore the whole phone, http://www.hardreset.info/devices/lenovo/lenovo-a399/ (This site explains it very well), this should reset the whole phone, restoring it to factory default and thus deleting everything the ebay seller had already installed.

This is only true to a certain extent though. A factory data reset will only wipe user data and cache on the device and will not undo any changes made to the system partition. The only way to undo system modifications would be to flash a factory image to the device.

 

[kgfy]

I finally found the real problem after trying out all these antiviruses. Avira found the same weather malware thing, the name of the file is funweather.apk

I am still trying to understand what the risks imply, so I am going to read what I found here:

https://www.google.co.uk/search?q=funweATHER.APK&ie=utf-8&oe=utf-8&gws_rd=cr&ei=IcqgVrvzDYv0aszLppgN

 

[kgfy]

Avast or any other antivirus is not necessary either.

Not necessary, but to whom? My Lenovo phone has a problem, I am trying to understand if it's something I should worry about or not, that's why I am using an antivirus, and so far all indications point to the fact that there's safety issues. I am just going to give this a last shot because the quality of the phone is good and I paid a low price, but if it's not safe I'll keep the cheaper Alcatel, which is not as good but still works very well for a cheap phone and there's no funweather crap. I'd rather keep the Lenovo, that's why I am investigating the issue. So the antivirus is necessary, in this case. It's obvious

 

[kgfy]

right, so this funweather thing is technically called 'riskware': not malware itself but a program that contains exploitable loopholes. Some antivirus like Avira can uninstall it, but it keeps coming back. I really am old school and don't know much about any of this, but it looks like I really have to send the phone back and stop wasting my time

 

[Hadron]

When you say "it keeps coming back" do you mean that if you reboot the phone it is back or that it reinstalls later without a reboot? The first would imply that it wasn't really removed, the second that there is something else that reinstalls it (more suspicious than it not uninstalling, especially if the phone isn't currently rooted, which is what Titanium seems to have said).

 

[tube517]

Not necessary, but to whom? My Lenovo phone has a problem, I am trying to understand if it's something I should worry about or not, that's why I am using an antivirus, and so far all indications point to the fact that there's safety issues. I am just going to give this a last shot because the quality of the phone is good and I paid a low price, but if it's not safe I'll keep the cheaper Alcatel, which is not as good but still works very well for a cheap phone and there's no funweather crap. I'd rather keep the Lenovo, that's why I am investigating the issue. So the antivirus is necessary, in this case. It's obvious

http://www.extremetech.com/computin...rus-apps-are-useless-heres-what-to-do-instead

https://www.androidpit.com/is-antivirus-software-necessary-for-android

I mean, it's up to you but you really don't need them. I download alot of non Google Play apps/3rd party apps and have never had an issue. AV apps will slow your phone down.

 

[kgfy]

When you say "it keeps coming back" do you mean that if you reboot the phone it is back or that it reinstalls later without a reboot? The first would imply that it wasn't really removed, the second that there is something else that reinstalls it (more suspicious than it not uninstalling, especially if the phone isn't currently rooted, which is what Titanium seems to have said).

yes, it reinstalls after I reboot. AVG said that the phone 'has high privileges, i.e. it's rooted', but none of the other antivirus have indicated the same thing. I tried Rootchecker and it said that the phone 'isn't properly rooted' , which could also mean it's not rooted at all (it only says one thing, in the basic version). Titanium didn't work at all. All of the antivirus found this weathercrap file, Avira said it's riskware.

My experience is the same as the other users in the links I provided earlier. In the end, I just initiated a return on ebay. I'll keep the Alcatel. It's a bummer as it isn't as good as the Lenovo, the battery isn't as good, noticeably smaller screen, but the Alcatel is a good modern phone for the poor man Better safe than sorry, I am not comfortable with this riskware thing on the Lenovo. From what I understand, the only way to get rid of it is to root the phone or something as advanced, for which I have neither time nor energy as I doing enough work sorting my PC out.

Oh well. Not a big deal, the Alcatel is a cheap and cheerful phone. Being smaller than the Lenovo, fits better in my front pocket and the smaller screen is even sharper than the Lenovo's as it has the same pixel count in a smaller screen. At least the OS seems clean.
I have upgraded from an old mobile anyways, so to me even the Alcatel feels like it's Star Trek's phone

 

[kgfy]

in the end the seller refunded me promptly, and without returning the phone! There is an explanation, though: their feedback is less than 98 per cent positive, and I can't believe I have missed that detail. On ebay. less than 99.6 per cent positive feedback is already pretty bad. The seller apologized and said I can keep the phone and asked me not to leave negative feedback. That's probably why they are letting me keep the phone: they are afraid that they will get kicked out of ebay.

If I had not checked with the antivirus, I would have never known the issue.

I am going to resell the phone, but 0bviously without the crap on it. Is there a quick way to just erase entirely the OS ? I intend to resell is as a phone you can only root, or as a phone with the OS erased. For that it would be pretty good. Any thoughts? Or I may even keep it. How hard it would be to do a low level format and reinstall Android ? I have done that stuff on my PC but never did it with Android.

 

[Hadron]

Android has to be built for the specific device. So you would need a set of official Lenovo firmware and the tools to load it (also manufacturer specific). I've no direct experience of Lenovo phones so don't know how easy either would be to find (especially as you'd presumably want an English language ROM with Google apps).

Or you root it properly and remove the suspect app. Again, rooting methods are device-specific.

I suspect the seller may have rooted to install the Google apps and then attempted to unroot, not wholly successfully or cleanly. That could explain the mixed messages you were getting about the root status.

 

[kgfy]

got it, Hadron, thanks for the clarification. Is that Arnold Rimmer? Great series, Red Dwarf

 

[Hadron]

It's his alter ego Ace - I thought about Arnold J, but what can I say, the man's a maggot

 

[kgfy]

yeah he's a A-hole. But sometimes very funny, as in the instance when he got a bad haircut