1. Download our Official Android App: Forums for Android!

Support Unwanted & Unauthorized App Install

Discussion in 'Android Help' started by AllanMills, Sep 1, 2016.

  1. AllanMills

    AllanMills Lurker
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    2
    Joined:
    Aug 31, 2016

    Aug 31, 2016
    2
    1
    16
    Male
    Hello. First post here. TIA for any help.

    Device: Brand new (2 weeks old) Samsung Galaxy Note 7, Android version 6.0.1, unrooted

    tl;dr -- twice strange apps have been installed on my phone without my active involvement; scans show no virus/malware; both times happened after I installed an app from Play Store to try; don't know how/why it happened or how to make sure my phone isn't compromised even after removing apps

    Detailed version: since getting my Note 7 (which I love after upgrading from my Note 3 which was the best phone up to now I've ever had), a couple of times I was looking through the Play Store for apps to try (and I've forgotten the actual apps involved the first time, so I'll just relate what happened today, but the cases are exactly the same insofar as what happened).

    I was looking for a camera app to hopefully expand upon/improve the capabilities of the stock camera app (and I don't know if it's a Samsung-specific app on this phone or a generic Google/Android camera app). So I downloaded Open Camera from the Play Store based on the description, ratings, etc.

    Similarly, just to try to test the gaming capabilities of the new phone's processor (I don't game a lot on my phone generally, aside from Solitaire, but just wanted to see what graphics would look like, etc. So, I'm just browsing through games on the Play Store, and decide to download a free racing game called simply "Racing In Car".

    I played the racing game about 10 minutes, got bored with it, and uninstalled it.

    A while later (like 2 or 3 hours -- not immediately), I get a notification that an app was scanned after install by the antivirus on the phone (it's a McAfee product that is part of the insurance I bought from Verizon for the phone's replacement, and it's set to automatically scan apps upon install). The app was also scanned by the AntiMalwarebytes app I have on the phone. Both reported no problems.

    However, the app in question was not one I'd even heard of (it was called AppLock), and appears to be some kind of security app (and there is a version available in the Play Store). I immediately uninstalled it. When I went to the Play Store for info on this strange app that suddenly downloaded and installed without my knowledge or desire, the Play Store offered me to Update the app and said it wasn't installed through the Play Store.

    In my settings, I confirmed that I had the default setting checked to not allow apps to be installed from "untrusted sources" (or it may say "unknown sources").

    I had already uninstalled the racing game, as I mentioned, and I went ahead and uninstalled Open Camera as well, since I'm not sure which app (if either) was the actual culprit here, though I suspect the racing game more likely since it does have ads (which I don't remember interacting with at all, other than maybe closing a pop-up or something).

    So, from that rather book-length explanation (for which I apologize profusely if it wasn't clear enough), I have these concerns:

    (1) How would an app that I got from the Google Play Store (and whose description and reviews I looked at pretty closely before installing) download and install an app without any active participation on my part (I imagine, given the nature of the Android OS as I understand it, it would have to do with permissions I granted the app upon install)?

    (2) How can I be certain (aside from a factory reset nuke-it-and-let's-start-from-scratch-baby scenario) that there is nothing amiss when two apps I reasonably trust (McAfee virus scanner and the AntiMalwarebytes app) are reporting nothing suspicious even though this occurred?

    (3) Apart from rooting my phone (which I don't care to do), is there any log file or other information I can look at to try to diagnose exactly what app did what in this process? (Of course, that brings up my own limitations with regard to not even knowing what to look for or look at even if it were accessible to me, so perhaps the point is moot in any case -- but I am still curious if it could be done.)

    Thank you for any insights or suggestions. If you have read to the end, you are obviously (whatever your other characteristics, good or bad) a person of grand endurance -- so congrats on that.

    Allan

    P.S. Oh yes, I might also say that I never had this issue or anything similar on any other phone or device, and I do consider myself reasonably well-educated about proper safety and security issues (e.g., Ubuntu is my OS of choice on my laptop). But I do feel rather clumsy after this go-round (but nothing a cold beer can't resolve on that front). :)
     

    Advertisement

  2. Hadron

    Hadron  
    VIP Member
    Rank:
     #8
    Points:
    2,218
    Posts:
    21,688
    Joined:
    Aug 9, 2010

    Aug 9, 2010
    21,688
    14,884
    2,218
    Spacecorp Test Pilot
    Dimension Jumping
    One app can only install another if it has the necessary permissions. There are apps, such as Addons Detector, which can scan all of your installed apps and show you which ones have those permissions, or you can inspect the permissions of installed apps one by one. It's always worth checking that permissions seem reasonable before installing an app (though Google have been "streamlining" the app install process for years, i.e. making it easier for people to ignore this precaution).

    I doubt very much that Open Camera is the problem. An open source app is by its nature easier to scrutinise, and it not only lacks the permission to install other apps but it doesn't even have internet access, so I don't see how it could be responsible. If this is the "racing in car" game then there's nothing particularly attention-getting in its permissions either (internet access, but ad-supported apps will always have that), and anyway an app shouldn't be able to cause problems after it has been uninstalled.

    So a nastier suspicion is that it all dates back to the first incident, and the timing of the second was just coincidence. It's probably worth checking whether any of your current apps have the permission to install other apps - obviously the Play Store will have this but there should be few if any others. Any that have that for no good reason are suspect.

    An even nastier possibility is that at some point you installed something that contained a rootkit malware. There are apps out there that can use the same exploits that "rooting apps" use to install malware downloaders to /system. That is nasty because these would not be removed by a factory reset (which only removes user apps and data, doesn't touch system). But if you've only installed from the Play Store this seems very unlikely, and I don't know whether the Note 7 would be vulnerable to these things (because they use security holes the most up-to-date phones are less likely to be vulnerable).

    There are ad scripts on some websites which will try to download apps when they detect a phone browsing them, but that shouldn't let it install the app (unless you are using a browser with that privilege, and there is no reason for such a thing to exist IMO). But if the install happened when you were web browsing that's another possibility to consider.
     
    Bg260, badcatz, scary alien and 2 others like this.
  3. Jfalls63

    Jfalls63 Android Expert
    Rank:
     #31
    Points:
    818
    Posts:
    3,913
    Joined:
    May 15, 2015

    May 15, 2015
    3,913
    2,844
    818
    Male
    Electrician
    Satsuma,Alabama
    Bg260, AZgl1500, badcatz and 3 others like this.
  4. Hadron

    Hadron  
    VIP Member
    Rank:
     #8
    Points:
    2,218
    Posts:
    21,688
    Joined:
    Aug 9, 2010

    Aug 9, 2010
    21,688
    14,884
    2,218
    Spacecorp Test Pilot
    Dimension Jumping
    Oh dear, a carrier adding its own direct bloatware installer to the ROM. Another reason not to use carrier-branded devices...
     
    Bg260, badcatz and scary alien like this.
  5. AllanMills

    AllanMills Lurker
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    2
    Joined:
    Aug 31, 2016

    Aug 31, 2016
    2
    1
    16
    Male
    Thanks for the thoughtful and insightful reply Hadron. I marked this solved because I think your response covers the relevant possibilities. I will look at the App Addons app you mentioned and do some more digging around. Thanks for some helpful starting points for me to consider.
     
    Bg260 likes this.
  6. scary alien

    scary alien not really so scary
    Moderator
    Rank:
     #9
    Points:
    2,138
    Posts:
    22,282
    Joined:
    Mar 5, 2010

    Mar 5, 2010
    22,282
    23,583
    2,138
    Male
    space alien ;)
    Indy
    Just a couple of add-ons to the excellent posts by @Hadron and @Jfalls63:

    Google Play Developer Policy Center says:

    The following are explicitly prohibited:
    • Viruses, trojan horses, malware, spyware or any other malicious software.
    • Apps that link to or facilitate the distribution or installation of malicious software.
    • Apps that introduce or exploit security vulnerabilities.
    • Apps that steal a user’s authentication information (such as usernames or passwords) or that mimic other apps or websites to trick users into disclosing personal or authentication information.
    • Apps that install other apps on a device without the user’s prior consent.
    • Apps designed to secretly collect device usage, such as commercial spyware apps.

    I'm guessing that DT Ignite that @Jfalls63 mentioned in the cause in this case and wondering if your purchase of the device gave your implicit to this :( :eek: :thinking: ?

    The install apps permission that @Hadron spoke of is the "INSTALL_PACKAGES" (along with a newer REQUEST_INSTALL_PACKAGES) says this:

    INSTALL_PACKAGES
    Added in API level 1
    String INSTALL_PACKAGES
    Allows an application to install packages.
    Not for use by third-party applications.

    Constant Value: "android.permission.INSTALL_PACKAGES"​

    So again, not sure if implicit consent was given at device purchase time if DT Ignite was the culprit.

    If it's a Play Store app, then there is an issue.

    Also, as also previously indicated, there are installation "options" (methods) that can do silent installs--yet another reason to be very careful about what goes on in your rooted device.

    Cheers!
     
    Bg260, Hadron and Jfalls63 like this.
  7. badcatz

    badcatz Well-Known Member
    Rank:
    None
    Points:
    88
    Posts:
    239
    Joined:
    Nov 12, 2010

    Nov 12, 2010
    239
    210
    88
    Male
    DT Ignite is evil and it is the very first thing I disable when I reset my phone. You can't uninstall it but at least you can turn it off. Once disabled it will not install anymore crapware.

    BTW, I use Open Camera and apart from being a bit slow saving files it is an excellent app.
     
    Bg260, Jfalls63 and scary alien like this.
  8. AZgl1500

    AZgl1500 Android Expert
    Rank:
     #42
    Points:
    618
    Posts:
    6,399
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,399
    3,141
    618
    Male
    Retired and loving it.
    Oklahoma grasslands

    The Verizon apps will update, and as you noted will scan for problems anything that is new. Provided they are given permission to do so.

    You have not mentioned "Program Disabler Pro"
    I highly suggest you install that and pay the small fee for it, it gives you total control of all apps on a Samsung phone.

    Once it is up and running, it will show you everything at once and as you scroll down, you turn OFF anything you don't want. Note the names of what you don't want, and try to uninstall them... IF you can't they are part of the ROM, but they will be disabled from running.

    as for why something installed w/o you asking it to, can only surmise that somehow, something got into the queue for you to download, and then the next time WiFi came up, there it comes.

    been there, seen that one a lot.
     
    Bg260, Jfalls63 and scary alien like this.
  9. AZgl1500

    AZgl1500 Android Expert
    Rank:
     #42
    Points:
    618
    Posts:
    6,399
    Joined:
    Feb 3, 2011

    Feb 3, 2011
    6,399
    3,141
    618
    Male
    Retired and loving it.
    Oklahoma grasslands
    Oh, BTW, I have disabled Verizon's antivirus app, and removed the McAfee AV apps, or another other AV app.

    the phone is snappier, and you don't need them, as long as you stick with the Play Store

    Since you have the S7, it has MM on it, and you can check each app independently and turn off any permissions you don't want. ( a rephrase I think of what others have said. )
     

Share This Page

Loading...