Possible Surveillance?

[Abbzzzzz]

Not all that tech savvy, a millennial that's not quite hip with the times. Long story short, got a crazy ex whom I now have to co parent with. Get the feeling he's being shady someway or another. Or it's just malware and I'm crazy? ‍♀️ could anyone possibly explain what all this is? Or let me know if it should be of any concern? Thanks a bunch.



Side note info, if it changes or helps any:
Were on the same tmobile plan, neither of us are the primary.
He broke my phone and purchased this one for me, factory reset a few times over at this point, but obv had access to the phone directly before giving it to me.
When all of this started he had requested linking Msisd (or whatever) #'s
He is quite intelligent and decently tech savvy. Also, has a history of trackers/etc.

 

[MrJavi]

From what I can tell most if not all of what I see in the screen shots are pre-installed system apps. The term sec. (com.sec.) in an acronym for Samsung Electric Corporation.
Is your phone account separate from your X?
Any chance your X has your Google password? Has your X had access to your Android ?

 

[Hadron]

Yeah, I also can't see anything suspicious, though Samsung put a hell of a lot of stuff on a phone and I can't say I recognise every single item (though the few I looked up all turned out to be pre-installed Samsung stuff).

Obviously I would reject any request to link whatever numbers (though since you don't recall which number it is it's hard to say whether it would give him any information). You say "it all started", but you've not said what it was that you observed that makes you think there is something funny going on? Knowing why you suspect something is wrong (beyond the fact that you don't trust your ex generally) might help someone determine whether there really is a problem.

 

[Abbzzzzz]

He has put a tracker on my car before and he's being overly confident in taking me to court, considering he just got out of prison after a 2 yr sentence for a dwi. We are on the same tmobile plan, obviously separate lines. There is 4 total lines and 1 primary account holder. Him and I have basic access, so cant make changes to anything. Although it is possible for him to in personage the account holder since they are both Male. And I know tmobile has the digits thing. But from what I gather about it, I would be informed if my line was turned on in digits. As far as a Google password, I'm not sure. He has had alone access to the physical phone itself when he purchased and gave it to me how would I know if it has been rooted ? I know there is some pretty stealthy spy apps now a days that can survive a factory reset. Weirdly enough he bought the same note 8 for himself so when I check signed in devices, it could get a little confusing. And I thought the fact he got the same phone as me was also pretty suspicious. I know a lot of them are system apps. But there is a few apks that are weird and reinstall all by themselves and have odd permissions. I find that the settings and permissions change back to allowing access after turning off their access sometimes. And the keylogger/silent logger/hostclient are what stick out the most.

 

[MrJavi]

He has put a tracker on my car before and he's being overly confident in taking me to court, considering he just got out of prison after a 2 yr sentence for a dwi. We are on the same tmobile plan, obviously separate lines. There is 4 total lines and 1 primary account holder. Him and I have basic access, so cant make changes to anything. Although it is possible for him to in personage the account holder since they are both Male. And I know tmobile has the digits thing. But from what I gather about it, I would be informed if my line was turned on in digits. As far as a Google password, I'm not sure. He has had alone access to the physical phone itself when he purchased and gave it to me how would I know if it has been rooted ? I know there is some pretty stealthy spy apps now a days that can survive a factory reset. Weirdly enough he bought the same note 8 for himself so when I check signed in devices, it could get a little confusing. And I thought the fact he got the same phone as me was also pretty suspicious. I know a lot of them are system apps. But there is a few apks that are weird and reinstall all by themselves and have odd permissions. I find that the settings and permissions change back to allowing access after turning off their access sometimes. And the keylogger/silent logger/hostclient are what stick out the most.

Start with a root checker app

https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck

 

[MrJavi]

If you don't trust them enough to be on the same account, you probably should go on an account with them.
Account managers and account owners would be able to view text/call logs which include the number and time the call/text was made. It does not include text content to my knowledge.

 

[Hadron]

SilentLogging and IMSLogger are apparently standard Samsung pre-installed apps (to be honest I'd be disappointed in spyware that advertised itself by name). I've not spotted anything that says key logging so far (after scanning all of the screenshots 3 times), or host client for that matter.

Which are these apks that reinstall themselves?

To be honest just knowing some phone serial number or identifier does not provide magic abilities to hack the phone, nor to track it unless you have access to the carrier's systems (and it would be a huge liability for the carrier if they allowed people to have that access, so that is unlikely). So the single biggest risk factor is if he knows your Google account password. If you have any doubts about this you should change it and ensure that 2 factor authentication is on and no devices he might have access to are authorised. That way if he tried to log in to your account Google will alert you.

How would you know if it was rooted? As said above, a root checker app is the simplest starting place. I'm not a Samsung expert, but their "knox" security system is supposed to flag if the bootloader has ever been unlocked or the system tampered with, so I'd try checking that. You may have to boot into the bootloader to see it (which usually involved restarting the phone while pressing some buttons - as I say, I'm not a Samsung expert). But it does depend on the firmware version: there have been root tools for this model, including some which are claimed not to trip the Knox flag, but at least some of them no longer work (it is normal for firmware updates to close the loopholes that such tools use). So its hard to give complete assurance there: if it came out of the box with an old firmware version and he had sufficient access and knew what he was doing it is possible he could have compromised it (the fact that this is a relatively old device helps there: the newer ones are harder to hack). If you want to be really sure and have access to a computer you could download a fresh set of stock firmware (from Sammobile.com, or possibly from your provider T-Mobile - software support page here). If someone has interfered with the system reflashing with a full set of firmware will overwrite anything they may have done - back up all of your data first, and don't be afraid to ask for support (I'm not a Samsung user, but plenty here are).

I assume that your circumstances make it difficult for you to just buy a phone that has never been in his hands, since it seems unlikely that you would choose to share an account with him.