Installation from unknown sources, riskware

goldyau Post time 2017-1-16 09:26:41 | Show all posts [Copy link]
127 8908
View: 8908|Reply: 127

Installation from unknown sources, riskware

[Copy link]

2

threads

15

posts

129

credits

Senior Member

Rank: 2

credits
129
Post time 2017-1-12 19:36:36 | Show all posts |Read mode
Hi there!
my UMI Diamond arrived two weeks before the end of the last year and it was two great weeks.
But on 2nd January I saw that there is some application My apps installed over night...that was really strange and I uninstalled it first thing after I woke up. Also I saw that installation from unknown sources is on, which was off when I got the phone. I disabled it.
....and two days later, two apps were installed over night! and instal. from unknown sources again on!
After this I installed antivirus and antimalware from google play and they found nothing. But after day or two, there was a notification from antivirus, that there is riskware application (again My Apps), but it did not prevent it from (installation,) starting. I uninstalled it again.
After this, I deleted phone data, reset it to factory and flash last version of ROM.
Now, I am using phone for two days  again, connected it to internet, gmail etc. another antivirus program that I installed warned me about enabled installation from unknown sources! two times in 24 hours it was enabled by something in the phone, but no app installed on themselves yet.

I will try deleting ROM totally and flashing after that again, but I really do not like this self installation of programs as it looks like it is part of official ROM...
         

4

threads

48

posts

409

credits

Platinum Member

Rank: 3Rank: 3

credits
409
Post time 2017-3-1 23:38:50 | Show all posts
First of all to say it as clear as possible @bencebacsi : The Malware is INSIDE THE FIRMWARE UMI OFFER ! Its still the same firmware thats there since December. You can flash it any way you want the Malwarefile inside the SystemUI.apk will not go away from a fresh flashing cause its build into the firmware and its in there on suppose, if not the phone would not decrypt it at startup. No phone does behave like this if its not planned!

Second: Please dont repeat over and over again that their is no Virus, its there and i have proven it, you are offending our intellect by still claiming there is nothing. What do you think the following lines of code in the f.class or f.java (the name depends on the decompiler you use) does :

private static boolean b(Context paramContext)
  {
    boolean bool = true;
    if (Settings.Secure.getInt(paramContext.getContentResolver(), "install_non_market_apps", 0) == 0) {
      bool = Settings.Secure.putInt(paramContext.getContentResolver(), "install_non_market_apps", 1);
    }
    return bool;
  }
Third : When where is nothing then why dont i or anyone using my version of the ROM does not have the problem anymore ?

Fourth : If its not there on suppose why cant someone not simply delete the file spende.zip from the SystemUI.apk, please dont answer because its needed by the System cause thats not true, make a file completly full of hex 00 with exact the same size make the first three bytes a PK Header und you can exchange it, so it cant be needed cause its empty this way.

Fifths : Why does Umi not release a new Rom or the Kernel Source so we can compile an AOSP or CM/LineageOS Rom ourself ?

My thoughts on this : Umi sells the Phones under price and tries to get some money back from advertisements from the installed apps. That would also explain why this file is in the lower priced phones but not in the Plus. That would also explain why Umi does not release a new Rom or the Sourcecode of the Rom.

@Joerg82 : Well maybe because i wanted the Rom to be clean and Umi has no interest in that ;)

Comments

pdj
All true. So Umi what are you waiting for?!?  Post time 2017-3-2 00:29

1

threads

4

posts

40

credits

New Member

Rank: 1

credits
40
Post time 2017-8-23 01:59:02 | Show all posts
Hi, I have a Diamond X with the same problem. I've been engulfing ads and annoying screens for weeks. After using the app "Malwarebytes" this detected several infections:
GStore
/data/app/com.export.six-1/base.apk
Settings
/data/app/com.android.keyguard.systemsss-1/base.apk

Also, when you feel like the notification bar goes crazy, going down and up ...

We got ripped off?
UMI, for when a solution?

1

threads

12

posts

70

credits

Senior Member

Rank: 2

credits
70
Post time 2017-3-4 16:24:45 | Show all posts
Ziggy replied at 2017-3-1 23:38
First of all to say it as clear as possible @bencebacsi : The Malware is INSIDE THE FIRMWARE UMI OFF ...

Zig You are absolutely correct. In my UMI Diamond X was the same file in another System image (Diamond has 64bit OS and Diamond X 32bit OS). The file spende.zip ist crypted in official ROM from UMI and also if you unpack the Partition SYSTEM.IMG you will not find it. This file will be decrypted in runtime and the result from virustotal is in image hier. I don't trust this phone and i sent it back to Amazon.

spende.jpg

0

threads

1

posts

9

credits

New Member

Rank: 1

credits
9
Post time 2017-2-22 16:44:25 | Show all posts
I have exactly the same issue.
bought two UMi Diamond phones.
After a week, both of 'em were with random pop-ups and stuff.
I've never connected these phones to PC.

Strange app

Strange app

Strange permissions

Strange permissions

0

threads

6

posts

39

credits

New Member

Rank: 1

credits
39
Post time 2017-1-16 21:39:24 | Show all posts
bencebacsi replied at 2017-1-16 09:26
That's the FactoryTest app, which is a system app used by the EngineerMode and in some versions it ...

I don't think it's off-topic, since I reported the same behavior of unkown sources switch and magically re-appearing "My Apps" app on the phone. I posted in addition the screenshot of the app with access to system settings and the non-English name because I tought it was related to the topic of this thread.

It's an issue. I bought a phone with some malware preinstalled on it, from a contracted and advertised retailer of UMI. I think it should be investigated.

0

threads

1

posts

9

credits

New Member

Rank: 1

credits
9
Post time 2017-1-16 19:36:48 | Show all posts

Well, the same issue here...
I have ordered the phone from Banggood, it was shipped with some suspicious-looking preinstalled apps. I have uninstalled all of them, but they (or other apps, like "My Apps") magically (re)appeared again after a day or two. Furthermore, the phone switched on the mobile data every night for a short period of time. Furthermore the "installation from unknown sources" setting was modified from Off to On a number of times (I switched it off and the next day it was on again).

After a week I made a factory reset, flashed the official ROM and clear all the caches. Since then I have no problem with the phone - touch wood... The official ROM seems to be (almost?) pure Android, with no suspicious preinstalled apps. So maybe it was just some foul play by the Banggood store and not by the UMI company. I certaninly hope so, because the phone is pretty good for the price, and now I am thinking of ordering the new UMI Z - but definetely not from Banggood...

0

threads

1

posts

17

credits

New Member

Rank: 1

credits
17
Post time 2017-1-16 19:32:31 | Show all posts
Same issue, Allow installation of apps from unknown sources keeps activating on its own set anti virus to pin code changes to settings, it notifies me of the change after it happens but then I have to enter a pin to access setup to turn it off again.


0

threads

24

posts

99

credits

Senior Member

Rank: 2

credits
99
Post time 2017-2-21 13:17:48 | Show all posts
Ya ya... Umi don't take care about this. After 3 months se keep on have trojan/malware/adv that i have not buy with the smartphone. I bought a smartphone "with the purity of Google Android 6" as everyone Can see in the product page of London / Diamond. 3 months that i have a brand new smartphone and i don't use It "with confidence". I cannot use It. Thanks Umi for the OTA releasing as quickly as we notice u the issue.

4

threads

48

posts

409

credits

Platinum Member

Rank: 3Rank: 3

credits
409
Post time 2017-2-16 06:03:44 | Show all posts
Well thought i did that when i opend a new Thread in this subforum where i released the rom
But here is the link for those of you who might have missed it

http://community.umidigi.com/thread-6536-1-1.html

4

threads

48

posts

409

credits

Platinum Member

Rank: 3Rank: 3

credits
409
Post time 2017-2-8 16:31:10 | Show all posts
You are not telling the truth! I dont mix up the file, i am speaking off SystemUI.apk and that apk contains the virus/malware in an encrypted archiv called spende.zip. When you boot up the phone its encrypted by the system and laying then in /data/data/com.android.systemui/files in its unencryptedversion on the phone! Copy it from there and you clearly see its and zip archive / apk then. Scan that file for virus you get 29 hits from virustotal.com. also i decompiled that file and it contains some intresting code. I know Umi pays your bills but please dont try to make us look like idiots the file is there anyone with root can copy it from his phone and look at it

1

threads

2848

posts

7034

credits

Moderator

Rank: 7Rank: 7Rank: 7

credits
7034
Post time 2017-1-14 05:33:50 | Show all posts
Do you have sd card installed?

2

threads

15

posts

129

credits

Senior Member

Rank: 2

credits
129
 Author| Post time 2017-1-15 00:13:18 | Show all posts
No, sd card is not installed.
And after last flash, two times a day is the setting for unknown sources installation changed by itself. None apps installed yet on their own, but I cannot use the phone normal way
Post time 2017-1-15 08:23:32 | Show all posts
Dear goldyau,
That setting never changes just by itself and until now nobody else has reported a such issue. It's probably caused by a third party app with permission to modify the system settings. Please go to 'Settings --> Apps --> tap the cog at the upper right corner --> Modify system settings', and disable the setting at each suspicious app. Since I don't know what apps are installed on your phone, I don't know which one can be suspicious. I cannot reproduce your issue either.

2

threads

15

posts

129

credits

Senior Member

Rank: 2

credits
129
 Author| Post time 2017-1-15 17:36:14 | Show all posts
That is the strange thing...After last flash I installed only Eset and Malwarebytes. Nothing more. And even before, when it started, I've had installed apps that I also have on my other phone and no issues there.
After last flash I turned off modifying system setting even for some default apps. Nothing seems to help.
Today I will try flashing an older version of system. And also I will disable modifying of system settings for every app that is there (except system ones) and we will see.

0

threads

6

posts

39

credits

New Member

Rank: 1

credits
39
Post time 2017-1-16 03:37:59 | Show all posts
bencebacsi replied at 2017-1-15 08:23
Dear goldyau,
That setting never changes just by itself and until now nobody else has reported a suc ...

Hereby I report the very same issue.
Screenshot in the attachment. What is that system component service???

Screenshot_20170115-201940.png

0

threads

6

posts

39

credits

New Member

Rank: 1

credits
39
Post time 2017-1-16 03:38:57 | Show all posts
Now it has no access to system settings, but the original setting was 'Yes'.
Post time 2017-1-16 09:26:41 | Show all posts
iamthecustomer replied at 2017-1-16 03:37
Hereby I report the very same issue.
Screenshot in the attachment. What is that system component s ...

That's the FactoryTest app, which is a system app used by the EngineerMode and in some versions it simply doesn't have an English name. Your post seems to be off topic here.
12345678910... 13Next
You have to log in before you can reply Login | WELCOME TO UMI COMMUNITY

Points Rules

!fastreply! Top !return_list!