Preinstalled Adware?

ernest · Post time 2016-10-20 00:36:26

Edited by ernest at 2016-10-20 00:40 \n\n
ok i'll try tonight or tomorrow and if I succeed I'll upload it somewhere
but then it means that we both have received a phone which does not have a 'standard' firmware, isn't it?

in the end, it was cheap but not worth

ernest · Post time 2016-10-21 05:39:51

I did it but I higly doubt its ok. When doing the readback I had to enter a start and an end address.
Now, the scatter file I have, says preloader ends at 001CC1F

but I could not enter 1cc1f since SPFT requires addresses to be 4096 aligned
so i've entered 1d000 which is the next aligned address

this is totally arbitrary and i really think is not ok
the .bin file came out almost identical to the one in the 20160826 firmware, except for few different rows

ernest · Post time 2016-10-21 05:43:27

The file produced from the readback

MarcinP · Post time 2016-10-21 23:12:01

If your phone is latest version your screen/touch could be from other supplier (umi change screen/touch supplier for umi max and super) and latest version of your phone could have latest driver which is not including in all available softwares. You need open phone to check screen/touch numbers or try check when your phone was made and try get preloader from them.

mad1237 · Post time 2016-10-23 04:04:46

same problem
???????????????????? here

mad1237 · Post time 2016-10-23 04:08:06

i think its spy on users ?

Shentao · Post time 2016-10-24 16:32:05

Edited by Shentao at 2016-10-24 16:33 \n\nHi Ernest,

thanks, I will take a look into this! I have also received feedback from UMI's support (yay) and they will take a look into that problem)

Back to the topic: The question is, whether this adware has been placed systematically on the rom or whether it was just an accident and we can get rid of the problem with a clean rom...

ernest · Post time 2016-10-26 23:41:31

hi Shentao
did UMI's support got back to you?

Chundoundo · Post time 2016-10-29 13:36:49

Edited by Chundoundo at 2016-10-29 14:27 \n\n
Just the same adwares in firmware even afrer SPFT updated from 160719 to 160826.
I found this apps not safe (as it connected to chinese IPs):

s=system, a=app, p-a=priv-app
/s/p-a/Launcher3.apk - built-in launcher - Trojan.Android.Agent.dqfsll
/s/a/FineSearch.apk - chinese fake search Cooee - Android-PUP/Cooee.197d1 \ not-a-virus:HEUR:AdWare.AndroidOS.Coee.a
/s/a/FineVideoPlayer.apk - built-in chinese videoplayer - Android/Inmobi.D
/s/a/webcore.apk - fake Opera Store
/s/a/AdupsFota.apk - OTA
/s/a/LovelyFonts.apk - chinese fonts
/s/p-a/LovelyFontsService.apk - the same
/s/p-a/SystemUI.apk - modified System interface that try to connect to chinese IP and load ads and make strange folder bcjwq Andr/Dropr-FY
- you can't delete SysUI, but can block with firewall

cn adware

SystemUI try connect to cn IP

Check this IPs from SystemUI:
http://geoiplookup.net/ip/103.235.47.74
http://geoiplookup.net/ip/106.39.162.36
http://geoiplookup.net/ip/114.55.145.117
http://geoiplookup.net/ip/120.55.179.179
http://geoiplookup.net/ip/121.69.49.133
http://geoiplookup.net/ip/122.224.95.58
http://geoiplookup.net/ip/180.76.153.60
http://geoiplookup.net/ip/180.97.33.30

ernest · Post time 2016-10-29 21:06:27

hi Chundoundo
great infos! how do you get rid of those apps? i've rooted my phone and then used 'System app remover' but it doesn't seems to work (when I reopen it, the apps are there again)

the real solution would be installing something like a Cyanogenmod. which is kind of impossible due to mediatek not releasing driver sources, if I got it right

Preinstalled Adware?

Preinstalled Adware?

Viewed forums

UMIDIGI Hero

Most Active UMIDIGIer

Warmest Heart UMIDIGIer

UMIDIGIer

Best UMIDIGI Contributor

Moderator

Best UMIDIGI Product Team Member

Die-Hard UMIDIGI Fans