I read this article ... and our X8 it seems vulnerable to an remote attack usdd
read article and check this test with browser:
remote attack usdd test page
i use GingerDx v029 with stock kernel is the attack is successful, my imei code appeared, I do not know if with other ROM, you will experience also with your rom and report if you want.
the solution appears to be to use a new dialer called Dialer One, free on Google play.... or some Web users have reported that the code appears to be ineffective when run on browsers other than the default, which could be a temporary solution.
This is just blatant scare-mongering!
No issue found here!
...for me with GDX v029 stock kernel and stock browser .... imei code has appeared, and the attack is successful
:silly:
And did your entire world implode? No - it's a proof of concept page, that's all..
with all my respect, but I think you did not understand the significance of this test
...and if you open a page in a that he wrote 10 times your puk wrong and you did lock your sim? or cancel and your photos or your contacts
I do not believe in the Mayan prophecy for 2012 ....the world will survive .... but you may lose a good time or good memories
meditates
ciao ciao
Keep to legitimate websites and you'll have no such issues..
Being safe online = Don't be stupid online!
:cyclops:
nice speech, but the security flaw persists my friend :angel:
It's a known issue on many phones, seems JB is not vulnerable, and if I remember correctly neither are CM roms but not too sure about it..
Problem lies in the way the dialer handles those requests. But if it shows the IMEI it is not said the remote wipe using this vulnerablety is also working. You are potential vulnerable to it.
An option is to install a second dialer so a pop up screen will appear, the code will not be activated automaticly that way.
_Arjen_ said:
It's a known issue on many phones, seems JB is not vulnerable, and if I remember correctly neither are CM roms but not too sure about it..
Problem lies in the way the dialer handles those requests. But if it shows the IMEI it is not said the remote wipe using this vulnerablety is also working. You are potential vulnerable to it.
An option is to install a second dialer so a pop up screen will appear, the code will not be activated automaticly that way.
Click to expand...
Click to collapse
I don't think CM7 is invulnerable ..I remember one of my friend saying that the test took him to the dialer and showed the IMEI
POTATO!!!!
Related
Hey Everyone,
Wanted to tell all of you about a neat app we're developing, called Flexilis.
It's a mobile security suite for Windows Mobile devices, that keeps your device and data safe from loss, theft, hackers, viruses, malware, spam, and more.
We've currently opened signups for our private beta testing, if you're interested in checking it out, just hit up http://beta.flexilis.com and sign up, and feel free to chat about the product here
If anyone has questions or runs into trouble, just shoot us an email at [email protected] and we'll help you out!
-Chris
Community Director,
Flexilis Inc.
[email protected]
Also, if any of you request an invite and it hasnt gotten granted within a day or so, let me know and I'll take care of it.
If you weren't asking for so much personal information, you might actually get people to try your app...
we're actually working on revising that, the reason we ask for the phone number is because it's used to sms you your download link for the software later on in the process, we're in the process of moving that to later on in the process, as well as an explanation of why we ask for it.
Thanks for the feedback!
-Chris
NRGZ28 said:
If you weren't asking for so much personal information, you might actually get people to try your app...
Click to expand...
Click to collapse
Hey man,
nice thing with this soft, that we give the phone number is not so a big problem i think. could you post a little bit infos about the program? Cause on your side there a not many informations.
But i ithink i'll give it a try...
I just have one little question, on you privacy page you write:
When you use the Flexilis Services, our servers automatically record certain information about your usage. These logs may include information such as the IP address, mobile device identification number, phone number, operating system, version information, wireless carrier, web requests, browser type, browser language, referring pages, landing pages, pages viewed, or other usage information.
Click to expand...
Click to collapse
Why do record the pages we visit?
we're still working on a little bit of a tour/walkthrough area of the software on the front page, as we get closer to public beta, but for now there's nothing there yet. My first post in this thread gives a brief summary of it though. Feel free to shoot me an email at [email protected] with any questions!
-Chris
There's nothing in the software that tracks the pages you view or anything, what that refers to is on our end we track what pages users use on the flexilis website the most, much the same way other websites do, to track what pages and content on our site our most popular, etc.
JeckyllHavok said:
I just have one little question, on you privacy page you write:
Why do record the pages we visit?
Click to expand...
Click to collapse
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
No worries
1] once it's authorized the first time, it shouldnt have to authorize again, what kind of phone are you authorizing it on? we're making some fixes to the authorization process to make it even simpler that should roll out in the next release.
2] if you're outside of the US, you might need to add your country code and such if that's the case, let me know, or send me an email to [email protected] so we can look into it.
3] per all authorization questions, it'll try til its authorized, again we're fixing this.
4] per the it being hidden from task managers, we've given this some discussion, for right now it's a security feature to try to prevent theives from disabling the software, though we might fix that in the future to have the app visible in there somehow.
As far as being more indepth on all of the features, we are working on a tour of sorts to explain it all before the beta goes public.
Thanks for the feedback!
-Chris
mrcaze said:
I'm still not sure what your program do, but it certainly doesn't behave the way I expect.
1) Why to require authorization so often?
2) Contrary to the stated phone number is not accepted for authorization. Only email.
3) I don't really know what you mean by "a few minutes", but currently Flexilis is authorizing my phone already for more than two hours. I see no progress bar and I don't understan what's going.
4) I can't stop authorization process.
5) Why the authorization process continues even when I close all connections? Did you invent new method of communication?
6) The program is hidden from task managers and process viewers. What for?
I didn't sniff the traffic but currently behavior of your program reminds more of malware rather than security software.
My conclusion: As I don't understand what your program is doing, I'm not going to test it anymore until additional guidance is provided.
Sorry, if I'm sounding harsh. It's just writing style (tough work, you know )
Click to expand...
Click to collapse
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
fredcatsmommy: sorry it didnt work out for you. hopefully in the future when that's fixed (should be less than a week), we can lure you back, it does some amazing stuff, but we do run into bugs from time to time due to the vast number of windows mobile devices out there, and only having a small test bed of them to work with. Keep your eyes peeled, and we'll have that fixed soon!
fredcatsmommy said:
Authorizing a device ... what a hassle. I finally gave up since I couldn't tell if it was doing anything. No more testing for or feedback from me.
Click to expand...
Click to collapse
I think you need to tell us what the app actually does?
I have read this and your site and still don't know what it does?
Will hold off on trying it till I know.
How long is the initializing and activating supposed to take?
seriously, the authorizing bugs should have been worked out before releasing a beta here. we cant even tell if its running, authorizing, stealing information from our devices, etc.. I surely hope this is a legit app youre pushing, if so, FIX IT, so we can at least see what it does.
thx
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Advertising your application for beta purposes is usually not a problem. But, it seems you are here more for "recruiting" testers than anything else. Looks like you joined for this purpose only.
My suggestion to you, is to give a little more description on your develpoment. Seems there are too many questions going unanswered here.
jhw549 said:
I installed and authorized with no issues what-so-ever... contrary to what everyone else is saying everything seems to work just fine. works great and doesn't seem to take much memory... not a single complaint here!
Click to expand...
Click to collapse
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Polargoat said:
what device do you have? did you do anything special to get it working?
I have a sprint vogue and installed to main mem and the data conn. is constantly active.
Click to expand...
Click to collapse
I have an HTC Mobul/Titan using default Rom/Radio with WinMo 6.1
To install it I just did what I would any other and installed it onto internal memory...
Correction: The application works just fine if you don't have push e-mail (aren't connected to a remote exchange server), I have been having problems all day with my push e-mail from mail2web which I use to forward my work e-mail to my phone. I have therefore decided to remove it as I can't afford to have it interfere with work.
The Fingerprint Scanner SDK (originally posted at http://forum.xda-developers.com/showthread.php?t=1202577) for Android has been released by Authentec. Currently there is only one device(Motorola Atrix) with a fingerprint scanner, but if you release your application with support for the fingerprint scanner (once you get the hang of it it is really not hard to use at all) then users of phones with fingerprint scanners will most likely be happier with your application.
Google has stated that Google Wallet will use fingerprints to unlock the payment system, so clearly more capable devices are on the way (source: http://www.qrcodepress.com/google-unveils-safety-measure-for-their-upcoming-mobile-wallet/853399/). Including fingerprint scanner capability in your application will also future-proof it as AuthenTec will have the same framework in place in other phones that will use their fingerprint scanner (Authentec is a leader in biometric security systems for lots of devices).
MotoDEV Article Guide:
http://developer.motorola.com/docstools/library/writing-fingerprint-enabled-apps
Read and Download the (simple) SDK at their site:
http://developers.authentec.com/
Example of SDK Usage (pulled from the SDK)At the time of this writing, it is my understanding that before you release the application you need to have them review it to meet their security specifications... They don't want you using this fingerprint scanner library and making their work look bad. It's a fair deal to me. I'm not sure if this is how they want it though - maybe that is just for Advanced SDK or maybe I'm just wrong (taken from their site) It appears right now that there is a mismatch between the developers and the makers of the authentec site... apparently there is no requirement for using the fingerprint scanner, so develop away!
I have an Atrix and the fingerprint scanner is amazing, once you use it you will never go back to patterns or pins. As such this guide was written by a user of the Atrix - future devices might not use the exact methodology but it should be nearly identical.
I have the Advanced SDK but I have not used any of the advanced functions yet. After using the code (And getting it to finally work) I have found some things that are not documented or are documented incorrectly in the SDK docs and I have come here to post items that will save you great time. If you find others I hope to hear about them so I can add it to the list - I'll even credit you (maybe with a post number so you can score some thanks points!)
The swipe fingerprint screen won't show up - but I'm getting a result (mine was always 14)
AM2 (Authentec fingerprint framework - there are a lot of unsubscribed terms in the documentation so just go with me here) requires Internet Permission (perhaps to verify the key for the advanced SDK, it might not be done locally - without a key advanced SDK functions will not load). If you don't, all uses of the tsm.jar will not work. Not listed at all in documentation
AM2ClientLibraryLoaded() doesn't work with the code they provide!?
You must Instantiate Authentec.AM2ClientLibraryLoaded() - SDK Docs shows as static but it is not used in the example program they give.
It goes into verification but does not show anything and locks up the fingerprint sensor.
Do not change the 'screen' in the examples of sScreen... I thought that was the title of the window that would appear, but apparently those strings are built into it... it would work better as static fields passed as integers. For values look at the next answer.
What can I use for sScreen (viaGfxScreen(string))?
The documentation says nothing of this but these are different types of verification screens. There is fingerprint scanning only and then there is the unlock style one where you also get the PIN. I'm guessing a modifed version of this is how the lock screen works.
"lap-verify" is fingerprint and PIN
"get-app-secret" is fingerprint only - hit and miss right now... will update when I get it perfected
Why does it lock up?
Only 1 app at a time can access the fingerprint scanner. Motoblur seems to access it occasionally and I think that's why it died on the Atrix's Froyo 1.8.3. It seems mostly fixed but as you develop you will most likely lock it up as you debug. Having a wrong sScreen variable will kill your FP scanner. If it locks in your app you will lose the ability to unlock the device with the FP scanner.
Use DDMS to kill com.authentec.TrueSuiteMobile and the lock will work again. This might work on 1.8.3 but I'm not sure it works that way. If the application exits with the home button, it seems to also lock it up. I'm looking into a way to avoid this..
I can't register my application, it's failing with code 6 - (System Error)
I encountered this one myself when using my Api key for com.mgamerzproductions.gibbertalk - I changed it to com.mgamerzproductions.gibbertalk.testing and it no longer worked. They did tell me this in the email that it is only for one package - so make sure you choose wisely, or bribe the people giving out the API keys to give you another one. I wish it was more specific (API_KEY_NOT_AUTHENTIC or something)
I'm still having problems. What can I do?
You can use these tags for debugging in logcat:
AMJNI (AuthenTec Mobile - permissions - server)
TrueMobileSuite (some gfx log info - swipe fingerprint screen)
AndroidRuntime (will tell you crash related things, as debugging for errors will produce too much to read at once)
Any other things would be greatly appreciated for all of use Developers so speak up if you have something I don't have listed and I'll add it.
If you want to use the encrypted storage provided by the framework you'll need to apply for the Advanced SDK. You have to give them a description of your app, and it has to be security related (obviously that's the whole point of the fingerprint scanner and they don't want you to abuse it).
If you like the guide, and you are on MotoDev, I wouldn't mind a kudos in the contest http://community.developer.motorola...print-Enabled-Apps-quot-article-in/td-p/17206
RESERVED
Reserved for OP at a later date
Pictures of my use right now (more later)
Spoke to OP, moved to main Android development, as this would be of more interest to the development community in general, as I'm sure other phones will be using fingerprint scanning (and this sdk) in the near future.
Originally posted in the source thread:
heilpern said:
I tried to post in the linked thread, but as I'm a new XDA poster the system wouldn't allow me to.
The INTERNET permission is required, however there aren't any connections made off of the device. The system uses sockets internally and INET sockets are used rather than UNIX sockets.
> Why does it lock up?
> Only 1 app at a time can access the fingerprint scanner.
This should not cause the system to lock up; it should cause your app to delay briefly and either continue with your request or return to you with an error. If you can duplicate some other result reliably, please share details.
> If someone also can upload and create an eclipse project it would be must easier to import and view their source code they post. I tried but eventually gave up cause of so many problems.
The eclipse projects for these examples are very simple -- with the exception of the .project you have everything you need in the example directories. Worst case is you can create a new Android project and replace its manifest, sources and resources with those provided by the examples. Then point the build path at your tsm.jar and you'll be ready to go.
Click to expand...
Click to collapse
What I meant was that if an app is asking for the fingerprint reader (not the app entirely, but actively asking for the FP reader scan), and motorola does something in the background with the FP scanner (on atrix), it can lock it up. This was heavily apparent on Atrix 1.8.3 but in the new update it seems to have been mostly fixed.
Errors: If you bring up the window with anything but lap-verify or get-app-secret, the window will lock up (and i think fingerprint reader will lock up as well - if you return to the lockscreen you'll see it never finishes initializing it) I can attempt to reproduce this error but I want to finish some development I am doing now.
heilpern said:
com.authentec.TrueSuiteMobile drives the UI, directly or indirectly depending on exactly what's going on (indirectly in the case of the lock screen, for example). If this package is killed it will restart with the next fingerprint operation however it will disrupt any currently active verification attempt (causing the requesting app to receive an error -- probably the USER_CANCELED error).
Click to expand...
Click to collapse
I never really kill it except if it locks up. Haven't tested what it returns (perhaps null)
heilpern said:
Here's something you can do to experiment if you're using StoreCredential -- swipe one of your existing fingers (the index fingers) and you'll store data to that particular finger. Swipe a different finger (multiple times as prompted) and eventually (after three swipes if all goes well) you'll be asked which finger you just enrolled (and your credential will be stored to that finger). This new finger can be used for subsequent Store Credential requests (without the automatic training session) and to release data stored with Get Secret... but only the index fingers can be used to unlock the Atrix.
Click to expand...
Click to collapse
Yeah, in the original thread I had that image posted... It's in the framework but it never was used... I'm not sure if it was there for this purpose or was just cancelled at the end because it was incredibly confusing... I don't get why you would need all those credentials. It's not like your phone will get passed around that much. You swipe new fingers just like you would if you were registering a finger, then you choose the finger... but the accuracy of the 'pick a finger' one is pretty bad.
Would love to see a test apk where we can try this out...
Nothing available right now?
My application works with the FP scanner... its not done yet though.
These are the included APK's that are the code samples they use:
Download tsm-apk-pack.zip from Host-A
Will it support HTC Desire HD? It won't right?
The fingerprint scanner is a hardware device, just like a laptop fingerprint reader. Its not touchscreen, unfortunately.
Trolling from my ATRIX 4G on probably the crappiest main US carrier
Mgamerz said:
I can't register my application, it's failing with code 6 - (System Error)
I encountered this one myself when using my Api key for com.mgamerzproductions.gibbertalk - I changed it to com.mgamerzproductions.gibbertalk.testing and it no longer worked. They did tell me this in the email that it is only for one package - so make sure you choose wisely, or bribe the people giving out the API keys to give you another one. I wish it was more specific (API_KEY_NOT_AUTHENTIC or something)
Click to expand...
Click to collapse
I agree that a more telling error code would be a better option. Error 6 is eAM_STATUS_ACCESS_ERROR but that value can be returned for other problems as well.
Note that if a generic API key is needed, TSM-0E08085A-1210171A-001A7465-632E7473 can be used if you name your package com.authentec.tsmgetsecret. You cannot post that package to the Market however if you want a means of creating a test APK with a neutral package name that package/key combination will work.
Has AuthenTec claimed that package name on the market...?
they probably should or someone might take that package...
Mgamerz said:
Has AuthenTec claimed that package name on the market...?
they probably should or someone might take that package...
Click to expand...
Click to collapse
Yes, it's already claimed in an unpublished but uploaded entry.
Hi . question: is it possible to use fingerprint senzor as wake up function? My button is very very hard to push, this function would be great....
As some of you might have heard, there is a security issue on some Android phones (including the SII) that enables someone to create a link which will wipe the data of your device when you click on that link from an Android device like the SII.
I have discovered a very cool App that prevents that from happening. All this App does is to recognize everytime you click on a link which wants to execute some code on your device through the dialer.
It then automatically tells you if it`s a dangerous code and if it`s harmful for your device. If it`s a normal phone number then you can dial it straight from the App.
Simple but very effective App that closes the security issue until Google/Samsung etc. decide to do something about it.
Here`s the link for the App:
https://play.google.com/store/apps/details?id=com.voss.notelurl
I haven`t developed this App so all credit goes to the Developer: Joerg Voss
Thank you so much for this info. Even though I'm using Firefox as my basic android browser. I have to use android's native one from time to time. Now can do that we less worries :good:
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Abrojo said:
My Galaxy 1 was stolen from me in Feb, after that i went through a lent s3 and now proud owner of an s4 (i9500).
So i have two questions on this:
1) is there an equivalent for what a bios password is in a PC?
(have to go short something in hardware to bypass, only is asked upon powerup/hard reboot).
2) Is is technically possible for an app to lock on custom sim? (possibly modifying efs folder)
Thanks!
Click to expand...
Click to collapse
http://bit.ly/174zPh6
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
I use avast! free mobile security (https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity&hl=en),
the anti-theft module has option to block the phone if the sim card is changed
LeJolly said:
http://bit.ly/174zPh6
Click to expand...
Click to collapse
What a woeful answer. Try reading before you be a ****.
In answer, no there is nothing similar to a BIOS lock on Android phones, however like mist813 said, Avast is quite good. If you have root access you can install it as a system apk then even if the thief wipes your phone, it's still there.
You could also try lookout its free. Can do tracking, remote wipe and also takes a photo of anyone trying to unlock your phone.
I don't think there is anything that can prevent someone from just flashing a new firmware and wiping the phone completely.
Sent from my Nexus 10 using Tapatalk 2
I don't think there is an equivalent to BIOS lock in Android. I'm not sure if you tried Lookout or the native Samsung remote control under security settings. Both gives you the options to locate, lock, scream or wipe your data. I tried the locate and scream options and they work. Never tried lock or wipe, but they should also work! Now going to the fact of wether someone can bypass or overcome these security measures, then I personally think it's possible and whatever we do he can find a way to go around it depending on how smart and resourceful he is! If my phone is stolen, frankly speaking I won't waste my time trying to find it or just lock it. All what I'll care about is to wipe the data off, and hopefully these softwares will work if needed!
Sent from my SGS IV using Tapatalk 2
Abrojo said:
Thank you for patronizing me but that didnt answer my question, already been through pages of results when i previous galaxy was stolen (even tried locking from google play). None of the apps listed on a google search for locking and tracking do what i ask.
Centralized cloud based locking doesnt work (a blacklisted imei can get reinstated fairly easy), neither does the standard password Operating System level password.
Thats why i am asking for specific alternative ways of locking the phone that should be (if possible) more tampering resistant.
1) bios equivalent password.(requiering hardware shorting to bypass)
2) custom simlock
Click to expand...
Click to collapse
Okay lets not be a **** this time.
1) There's nothing equivalent to that bios thing
2) http://stackoverflow.com/questions/...-the-device-on-removal-of-sim-card-or-sd-card
There are also apps that just notify you if sim card is changed for example this https://play.google.com/store/apps/details?id=instigate.simCardChangeNotifier&hl=fi
And of course there are some apps that let you remotely control your phone for example http://forum.xda-developers.com/showthread.php?p=7567932
Abrojo,
You don't really need a third-party app for this.
Please check out the Samsung Dive service. (www.samsungdive.com)
You can track your phone, lock it with a custom password, sound an alarm, etc...
The problem is, the phone needs to have Internet access.
I am using the Cerberus app (https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=en)
This is the best rated Anti-theft app you can find for your Android.
a license costs 3USD if I remember correctly. With one license you can secure up to five Android phones.
Featuers:
Track your phone
Remote lock
Remote wipe
And a lot more options...
A couple of things that I think are extremely useful:
When a wrong password or pattern is drawn to unlock your phone, a picture is taken with the front camera and emailed to you together with the location of the phone.
When the SIM is swapped, you can configure up to three phone numbers that will receive an SMS with the new SIM card number and the location of the phone.
You can hide the app from the App Drawer.
Check it out... very useful
i use also cerberusapp 4 years now. everything is perfect. when u install as system app u can do everything.
Sent from my ThL W8 using xda premium
Apparently there is also rumors of LoJack already being built into these phones, with the possibility to activate it some time in the near future. Don't remember all the details, but I just read an article about that. Not being patronizing when I say it, but Google Galaxy S4 LoJack and look into it.
Also, I am on Verizon, and am testing out their mobile security app that is preinstalled. It's $1 a month, but they allow you to remotely lock your phone, wipe it, and track it should you lose it. I don't believe it embedded at the hardware level, but it is something that gives me a little piece of mind.
Edit: I went to switch to the Norton Mobile Security app, since I use it for all of my other devices, and discovered that the Verizon Mobile Security App - once activated - cannot be uninstalled, force stopped, you cannot clear the data, and you cannot disable it. In order to do so, I first have to go into my Verizon account online, sign in, and unsubscribe from the service. After realizing that, I have chosen to keep the Verizon security app, because it has that extra layer of security. Are there ways of bypassing that, I'm sure there are. But assuming that my phone is stolen by some low level thief and not some crazy high level criminal circuit, I should have no problem retrieving it.
Samsung Dive down?
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Sm007hCriminal said:
I cant seem to have this page load up www.samsungdive.com
Is it down for you too?
Click to expand...
Click to collapse
It's working with me.
Sent from my SGS IV using Tapatalk 2
Gday all . I have noticed strange activity with my phone for the past 3 months . Passwords getting changed , weird apps getting loaded , calls to numbers i dont know etc etc. I downloaded catlog to find even stranger activity with audio commands , as i dont know much about linex or android as im new to this scene. I thought id post on here for some needed advise. Hope you members can help me out a little. When i look at this in text form it says that there was calls made am i being paranoid or is there something im actually reading right..
You didn't give many details, only a summary of ostensibly erratic application behaviour. It's nigh impossible to reach any conclusion in the absence of abundant details. So for peace of mind, I'd suggest resetting everything and start over.
So back up any files, photos, etc that you wish to keep. Then use the Odin program to write a 100% stock firmware to your phone. Followed by a factory data reset. That should remove any spyware, malware, malicious apps or anything else short of physical modifications to your phone - which is an unlikely scenario.
As to a cloned number.. that seems unlikely. But if you believe so, then have your provider change your number, get a new SIM card, etc. Or better yet, simply change providers.
Then you will have a stable base to proceed from.
.
Cjayz77 said:
Gday all . I have noticed strange activity with my phone for the past 3 months . Passwords getting changed , weird apps getting loaded , calls to numbers i dont know etc etc. I downloaded catlog to find even stranger activity with audio commands , as i dont know much about linex or android as im new to this scene. I thought id post on here for some needed advise. Hope you members can help me out a little. When i look at this in text form it says that there was calls made am i being paranoid or is there something im actually reading right..
Click to expand...
Click to collapse
Have you downloaded black (not from Play or official) apps or cracked games from websites? They often are used to mess with your phone and can even cost you a lot of money. I recommend to flash a stock rom and data factory reset afterwards to rule out that option.
Edit: Oeps! Allready mentioned above by @fffft