Self-Installing Apps (Azpen A727)

[Tathagata]

This is the first time I've encountered anything like this, where there is a good chance that when I open my apps list on this device, I might find something new. Or if I click on a link to something, I might be given the option to open it with an app that I've never installed before. I'd say I've had about 10 apps install that way. Baidu Browser and Baidu Store are two I remember, and today I had one that I believe was called Mobo Market, and another one called Dr. Safety. Before deleting the latter, I decided to check the app permissions and I was horrified. I attached some screens, as it would take me forever to type them all.

Before noticing any of this behavior on the tablet, I first noticed advertisement for apps in my notifications bar. I found that peculiar, and when I checked what app it was coming from, it's one that was simply called software update. I'm not able to uninstall it, and presumably it came pre-installed on the tablet and is just part of what it's supposed to do. Knowing that is partially why I just kind of dismissed the silent app installs and just went on with my life, but after seeing what Dr. Safety has access too, I'm wondering if I should just wipe this tablet and get rid of it completely.

I got this tablet from a local retailer who was mailing out coupons for a $20 tablet. I didn't expect much, but it seems like they might have sold me something more than just a piece of junk, but something that is malicious out of the box. Is this type of behavior unique, or do things like this happen on lots of cheap devices

 

[mikedt]

I suggest doing a factory reset, because that will wipe out any ad stuff going on like Mobo Genie. Backup anything important first. Then be careful about what you install.

 

[Tathagata]

I'm going to factory reset it again (I did once for a totally unrelated reason in the first days), but I really did not install much at all on this tablet at all. I'm fairly certain that the manufacturer has installed and utilized these backdoors onto the device. The "Software Update" app that pushes ads to the notification bar every once in a blue moon strongly supports that, as does the fact that I keep the apps extremely light on here, and haven't put anything unusual on it that isn't also on my phone and causing no trouble whatsoever. Kindle, Netflix, Moon Reader Pro, stuff like that. Even on my phone I have far fewer apps than most people use, and am pretty mindful of what I do install.

Beyond that, when I first noticed the apps being installed silently, I contacted a buddy who had just bought the same tablet a couple of days prior, and one of the same ones that appeared on mine was also on his. I have a classmate who owns it as well, and I hope to find them today and ask them if they're experiencing anything similar.

As far is this forum goes though, I was mainly wondering if anyone knows of this happening with any other devices. The obvious response is the one I got, which is that there is some vulnerability laid open by the user that compromised the security of the device. I suppose it is remotely possible in this case, though I don't feel it's likely. But yeah, I was having a hard time finding info on this, and wanted to know if it's typical to certain devices.

 

[mikedt]

Thing is this is a $20 Chinese tablet, unknown manufacturer, anything can be possible, some even have Chinese communist government censoring in them. This wouldn't happen with say a Samsung or a Google Nexus unless you installed something malicious yourself.

 

[Tathagata]

Yeah, I'm a little concerned at this point, either about the manufacturer or the retailer that was selling these things at $20. I've been going back & forth with their customer service since Monday, and it's honestly looking like this tablet was compromised at some point before I purchased it, to be completely honest. Hopefully some sense can be made of this soon. I'm documenting the troubleshooting process as I go, and will describe whatever of it is relevant in here once there is some sort of resolution, or when I hit another wall. Just in case any other owner of this tablet happens to notice the same things I did and comes looking for some information.

In the meantime, just so I can be aware of every possibility, do you (or does anyone) know if it's possible to obtain an Android virus over the internet or via an app that can remain on a device even after factory resets and data wipes?

 

[ArcAiN6]

The device was compromised by Azpen themselves.
I also have an Azpen, the A729 model purchased directly from them. It also has this app (and several others) and just like you, i was seeing random apps installed as well..

Turns out, several of the apps included, are part of the initial flash, and the recovery as well.

The device also come's pre-hacked...

there is an app called "rs_p104_v20" pre installed.. it also is reinstalled from recovery. other azpen users have reported other versions of the app as well *_v10, *_v30)
This app "appears" to serve no purpose, yet it is locked out from being disabled, and uninstalled. yet it appears to have all access to the device, it's data, contacts, network.. everything...

While i haven't decompiled the apk yet, there have also been reports of the preinstalled keyboard being compromised with a keylogger as well.

There are a few others as well, but i can't remember the names of them.

Your best bet, try to sell off this azpen device, and find an alternative. Azpen support is virtually non-existant, and they refuse to provide stock roms, so no way of manually removing these backdoor exploits and security holes.


I would advise anyone seeking to purchase a new android device, do some research, stick with well known name brands, or brands that have something to lose when it comes to bad reviews.

 

[mikedt]

Cheapo off-brand devices from unknown makers, pre-installed with spyware and malware, even Chinese government censoring. That's happened before sometimes.

 

[Organic Marble]

The manufacturer included 2 apps that download software to the tablet without your permission.

Fortunately if you root the tablet, it is easy to get rid of them, and then the tablet is perfectly functional for its low price point. The first app that you need to delete is called "rstech_teni 1.0" (this is the name as listed in Titanium Backup, it seems like it may have had a different name on the apps screen). The other one is called Software Updater or something similar (I uninstalled it before I backed it up, so I am not 100% sure of the name). It is NOT Update 1.5, which is apparently legit.

Once you uninstall these 2 apps, you will not be troubled again. I found it well worth to get the pay version of Titanium Backup, then use it to delete these 2 apps, and a bunch of other bloatware off the tablet. Now I'm quite happy with it considering the price.

 

[Jack nelson]

Hi guys i an trying to put google firmware on that tablet but the system update that is builtin does not let me install it so if you now any 3party apps that can do that please tell me