Installation from unknown sources, riskware

Ziggy

I know and i also think that sucks, i am only being realistic ;)

DziedzicPruski

\n\n
That's not the only piece of malware found on this phone. Take a look at this. You can easily check that backdoor described in this article is also installed on our phones.

I'm going to return this phone to the sealer and recommend you do the same.

Ziggy

Sad but true... that one was one of the first i deleted in my rom...

rlfbcn

Same problem here with Umi Diamond X. @Ziggy, I suppose your ROM only works with Diamond, not Diamond X...

UMI, please release secure ROM soon!

DziedzicPruski

\n\n
@Ziggy Yes, I know and I appreciate your work but can you be sure that you have removed all malicious software? Are you sure that nothing else is hidden there? Without access to the source code we can't create real "malware free" rom and UMI is not going to release it (which is clearly a GPL violation btw.)

Moreover I think that waiting for UMI to release clean ROM is also futile. I think that they will take example from DBLTek and will attempt to hid it better.

Sorry guys, I know that this sounds like a conspiracy theory but I've just lost my whole trust in this company.

Ziggy

@rlfbcn I made an Aplha Version and @martec tested it, please ask him if it still runs smoothly.

@DziedzicPruski Nah for me it does not sound like a conspiracy theory i for myself would not even buy a wooden spoon from this company cause they are in no way trustworthy anymore. What the malware free depends, you are right without the sourcecode we will never know if i realy got everything that was in the rom but i am pretty sure i got it.
About the source, i am sure we will never get any cause they have no interest in a malware free version and i bet they hate me for what i have done so far As for the new Version i have the same fear as you that even if they release one they will only make sure to hide their viruses better this time but will never release a firmware without em.

martec

@Ziggy

i using alpha for more than 2 day without reboot etc... And work better than original rom. Very smoth. No issue for me.

i only made change below because TWRP recuse to install if not made change

1. assert(getprop("ro.product.device") == "hct6735m_35gu_m0" || getprop("ro.build.product") == "hct6735m_35gu_m0" || getprop("ro.product.name") == "hct6735m_35gu_m0" ||
   
2.         abort("This package is for "UMI_Diamond_X" devices; this is a "" + getprop("ro.product.device") + ""."););

Copy the Code

and used stock version of 32 bits of open_gapps with edit below, because with mini version keyboard and camera app not will install.

1. stock_gapps_list="
   
2. cameragoogle
   
3. keyboardgoogle
   
4. ";
   
5. 
   
6. full_gapps_list="
   
7. ";
   
8. 
   
9. mini_gapps_list="
   
10. clockgoogle
    
11. maps
    
12. youtube
    
13. calculatorgoogle
    
14. ";
    
15. 
    
16. micro_gapps_list="
    
17. calendargoogle
    
18. exchangegoogle
    
19. gmail
    
20. ";
    
21. 
    
22. nano_gapps_list="
    
23. facedetect
    
24. faceunlock
    
25. ";
    
26. 
    
27. pico_gapps_list="
    
28. calsync
    
29. dialerframework
    
30. googletts
    
31. 
    
32. packageinstallergoogle
    
33. ";

Copy the Code

it's all.

thanks again, with your rom, now this fone is usable.

McRIP

One week is gone after my post (http://community.umidigi.com/for ... &fromuid=268911) and no simple answer from you dear admin, why?
I don't need a completely new ROM, also don't pretend that UMI make a Nougat ROM, only an small and simple patch solving this bug and for this isn't needed 4 month.
Make a Logcat and see what causes enabling 'unknown sources and solve it.
1 day for Logcat; 3 days for solve it and make a small OTA update.

seppl

bencebacsi replied at 2017-3-1 13:25
Please all of you facing this adware/bloatware issue who have never flashed your phone with SP Flash ...

This really turns ridiculous here.

The problem of "unknown sources" turning on was already confirmed by you Administrator bencebacsi at least 3 times in this thread and now you claim no security problem exists? Why does UMIDIGI keep defending instead of just fixing the known problem first?

And to leave no doubts about the situation with my UMIDIGI Diamond:

Ever day morning after turning off flight mode within hours the "unknown sources" switch activates automatically, if it is not turned off again by hand after some random time the app "My Apps" installs itself, and if not uninstalled manually in time this app then installs other apps like "Super File Manager", "Super Locker", "Superb Cleaner", "More Performance" that display full screen advertisements and block using the phone repeatedly for a minute. During this phase the phone turns warm and the battery is drained in half a day that again makes the phone unusable. Multiple factory resets and setup from scratch and also a manual V7.0 firmware flash of the phone were performed with exact same results. The phone was more maintained then really used up to now. The troubles and time spent are in no appropriate rate to the orginally fair price of the phone.

What is done here to customers is called fraud in legal terms, as soon UMIDIGI opens a branch office in EU this act will be taken to court by consumer associations.

Dirtyharry

The malware and automatically installation of app get worse. Now downloading app of 68mb.

Tip: install the app No Root data fire wall. You can select the apps which you want to deny internet access.

Block at least the app >> system UI  & wireless-update
And any other app you don't trust.

It really helps against unwanted apps  but not the unknown source situation.

And last. Check if you have any hidden folders. I found one called adlib which contained apk app files such as seppl mentioned earlier