I am running a recent CM11 nightly on my Nexus 4. I have recently noticed some suspicious behavior. First, I installed a guitar tuner that I use a lot (gStrings) which would not start because it said the Microphone was being used by another app. This persisted through several reboots. I chalked it up to a bug with CM or and incompatibility with the latest Android and forgot about it.
Then, last night my prepaid balance lapsed and immediately I started receiving messages saying "Your MMS message could not be delivered. Insufficient prepaid balance." The problem is that I very rarely send MMS and I certainly haven't sent any in recent memory.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
It could be a fluke, and the two above things may not be related, but it was enough to make me want to investigate further. I am planning on flashing back to stock just to be safe, but first I'd like some help tracking down whether or not there is an issue here or enough to believe my phone has been compromised somehow.
First I checked my logcat and noticed a few suspicious things:
I see several cancelNotification messages from MMS:App and several composemessageactivity calls from PackageManager. Here are a few from a time I wasn't sending any messages at all:
Code:
12-22 13:47:28.333 I/PackageManager(685): Adding preferred activity ComponentInfo{com.android.mms/com.android.mms.ui.ComposeMessageActivity} for user 0 :
12-22 13:47:28.373 I/PackageManager(685): Scheme: "mms"
12-22 13:47:28.373 I/PackageManager(685): Adding preferred activity ComponentInfo{com.android.mms/com.android.mms.ui.ComposeMessageActivity} for user 0 :
12-22 13:47:28.454 I/PackageManager(685): Scheme: "mmsto"
12-22 13:47:28.454 I/PackageManager(685): Adding preferred activity ComponentInfo
I also see calls to an MMS notification sound that I've never heard before. I also don't know what AwesomePlayer is (something built in to Android?):
Code:
12-22 15:39:34.304 D/AwesomePlayer(208): printFileName fd(44) -> /system/media/audio/notifications/F1_New_MMS.ogg
I pulled my mmssms.db from the phone and looked through it and didn't see anything that jumped out at me, but I admit I don't really know what I'm looking at.
Next I checked what apps have permissions for sending messages and didn't notice anything unusual. Google Voice and Twitter are the only user apps listed with access when I checked with xPrivacy (xPosed plugin). F-Secure App Permissions also show Twist, Google Search, Hangouts, and Google Play. But it looks like from the logcat the stock mms app is being called, so maybe something malicious wouldn't show up here?
I have not installed any apps I would consider "shady" and have never touched any pirated apps, but I do have a few installed from outside the play market. These are:
AdAway
dSploit
xPosed Installer
xPrivacy (xposed plugin)
Here is a complete list of apps installed on my device: http://snippi.com/s/uh08y66
I downloaded Webroot and AVG antivirus and ran scans. AVG flagged dSploit as a "potentially unwanted program" and warned that my device is rooted and I have 3rd party app installs allowed.
Is the above evidence enough to believe my phone is compromised or is there another possible explanation for the MMS activity? Like does T-Mobile maybe use some component of MMS to keep in communication with towers, etc?
Any ideas what else I can look at to try to get to the bottom of this before I flash back to stock?
You that reddit guy form /r/android ?
My adivce. FULL CLEAN WIPE.
flash a stock 4.4.2 image.
Qwerty123 \m/ said:
You that reddit guy form /r/android ?
My adivce. FULL CLEAN WIPE.
flash a stock 4.4.2 image.
Click to expand...
Click to collapse
Yea same guy. I'm definitely going to wipe it. The reason I installed CM11 in the first place is because I was getting interested and trying to learn more about security - so I was hoping that I could gather a little more data on this and see if I could figure where I went wrong. I guess the lesson is the same one at the beginning of every spy movie: don't trust anyone. Especially the guy who says that to you.
get droidwall, firewall to block apps that don't or shouldn't access the net, I did this to block dolphin browser using my data when I wasn't aware, some apps send yourself txts, you notice this when receiving them in flight mode.
perhaps restore to an earlier backup.
I thought xposed framework had security flaws unless they fixed that, one reason why I never tried
Don't you agree to c.m statistics when you flash C.M roms now if so it collects data and has to be sent some how.
Never looked into it myself and haven't run a c.m rom for a while but it's worth looking at.
Sent from my Nexus 4 using Tapatalk
Related
So I got a text from T-Mobile telling me that I went over my 2GB Data limit for the month. I was really confused because I barely even use 1GB in a whole month. I checked my settings and I saw what I have posted in the pictures. What can I do to stop this? Anyone ever had this happen to them? Any help will be appreciated!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Same problem as u. From my understanding it's the 4.3 update that is continuing to try and download in the background. There is a few fixes floating around but none of them have work for me.
Sent from my Nexus 4
jlg19753 said:
Same problem as u. From my understanding it's the 4.3 update that is continuing to try and download in the background. There is a few fixes floating around but none of them have work for me.
Sent from my Nexus 4
Click to expand...
Click to collapse
Can you link me to those fixes? I've looked around and I haven't found anything
Sent from my Nexus 4 http://forum.xda-developers.com/showthread.php?t=2383691
[Q] Google Services - huge data usage
If you have a custom recovery, try yourzgapps.
I think you should have a look at your google+ backup options... It's probably backing up all your pictures.
SubyWill said:
So I got a text from T-Mobile telling me that I went over my 2GB Data limit for the month. I was really confused because I barely even use 1GB in a whole month. I checked my settings and I saw what I have posted in the pictures. What can I do to stop this? Anyone ever had this happen to them? Any help will be appreciated!
Click to expand...
Click to collapse
google + settings, make sure your picture backup is set to wifi only.. each time you flash a new rom check that to ensure it's not hogging your data
To fix the google service data feast without losing battery life or connection to the servers do the following:
1) Download autorun manager.
2) Open it and picked advanced(recommended).
3) In setting check show system entries.
4) Go back to the main screen and on the left top corner pick system apps.
5) find google service framework and expands it.
6) find systemUpdateService$Receiver and uncheck it (should be the last one).
7) You can also uncheck systemUpdateService$SecretCode just in case( I got it disabled).
I check my Google+ settings and everything was checked off. I'm going to download autorun manager and try that. Thanks!
Install FOTAKILL http://forum.xda-developers.com/showthread.php?t=2249350
kishke said:
To fix the google service data feast without losing battery life or connection to the servers do the following:
1) Download autorun manager.
2) Open it and picked advanced(recommended).
3) In setting check show system entries.
4) Go back to the main screen and on the left top corner pick system apps.
5) find google service framework and expands it.
6) find systemUpdateService$Receiver and uncheck it (should be the last one).
7) You can also uncheck systemUpdateService$SecretCode just in case( I got it disabled).
Click to expand...
Click to collapse
Will this cause a wakelock
bringonblink said:
Will this cause a wakelock
Click to expand...
Click to collapse
FOTAKILL is the solution and has been for years and years. Its a simple flash of an apk, give it a try
bringonblink said:
Will this cause a wakelock
Click to expand...
Click to collapse
No wakelocks at all.
kishke said:
No wakelocks at all.
Click to expand...
Click to collapse
Seems to have done the trick:good:
My phone is stock, no changes other than a few apps have been disabled.
I am getting an unwanted popup after I receive a call. It wants me to install Instagram, or another program. I have scanned with Malwarebytes but it finds no viruses.
Any help in getting rid of this appreciated. Please see the attachment.
Thanks.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Do you have ES File Explorer (think I see it in the background)? Try uninstalling that app and see if the ads persist. ES File Explorer may be presenting adverts and popups.
Thanks, but that did not work. Onto the next guess!
are you using a custom launcher? some of them provide ads on your ohone.. also try removing any apps that are known for showing popups
Chinese apps tend to have overlays like that, especially those cleaning/boosting apps. Get rid of those and see.
When it pops up, do you see anything more in the expanded notification bar? If yes, then press and hold on it and tap on "app info/detail". From there you can see which app is displaying these pop ups and disable notifications.
Thanks, Using ADW. Removed and still there.
Don't have any of those, but good guess.
No way to expand the notification nor any way to get more information. Talked to Motorola support and they had me clean the cache and that did nothing either.
Last case resort, start uninstalling apps one by one with the newest one first. When the pop ups stop, you've found the problem.
tomlogan1 said:
No way to expand the notification nor any way to get more information. Talked to Motorola support and they had me clean the cache and that did nothing either.
Click to expand...
Click to collapse
Prior to using the last resort method provided by riggerman, you can view how much data/wifi each app is using that is currently installed on your device. This can be done by navigating to network info in your settings. Then simply compare that data to which app is eating up your memory at the time of the pop up. A more in depth method would to use an app that is designed to gather in depth data on installed apps specifically for the user, such an app would be Android Addon Detector available in the Play Store (link: https://play.google.com/store/apps/details?id=com.denper.addonsdetector). I wont write up the way to do it cause I don't have that kind of time at the moment, and it'll do you good to teach yourself given the internet and the app FAQ and developers site because knowledge is power, and knowledge also helps to quickly deal with little piece of bull**** that land on your path in life, such as annoying popups
Removed 2 backup apps and seems to have gone away, thanks.
Had the same popup problem. I said STOP in response it has gone away.
Running XXXNoLimits, OOS 10.3, Elemental X kernal
Did not update anything this week. Now, under settings-google there is "covid-19 notifications". Had to have been either carrier pushed or a google back door. I don't even have a google account on my phone!
Shows "on/1app" but when I push it the screen just goes dark until I hit back.
Titanium and App ops can't find it.
I keep bluetooth off and only turn location on when I need Magic Earth Maps, then turn it back off, however, the pisses me the f**k off that it has been loaded on my phone.
I have a Samsug Tab running Lineage and it is not there, but the tab is wifi only. Tried Lineage 3 times on my phone and can not get Signal messenger to work and that is a deal breaker for me.
Anyway, how do we get rid it this??
Is this the screen you are referring to, but with different info populating it?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I don't have any Covid apps installed so for me there are no settings to turn on or off; this form of contact tracing is not yet available where I live.
The big question is what app on your phone is being detected as a contact tracing app.
Sent from my ONEPLUS A6013 using Tapatalk
How do the notifications look like? Regular notifications? Perhaps take a screenshot when you see another one. You should be able to trace which app (or system element) is spewing out these nuisances by long pressing the notification and take more actions by tapping the gear icon top right...
@franken..... I actually don't get to that screen, but that is the right place. Checked a another Android and that is the screen it goes to, mine just goes black.
@timmmmm...haven't gotten any notifications as I don't have any covd apps.
Settings does, however show "on/1 app". I am guessing a glitch since I have leashed google w xxx, Titanium, and App Opps.
I have not done the last system update. Don't have a google account, but do have a google Fi sim card since I live overseas and it works here.
I read google pushed this out as a new setting, for those that download covid apps, blah, blah, blah.......but HOW?
And how do we get rid of it. Article I read on a UK new site said "usage and diagnostics" is where you can turn it off and on, my phone was and is set to off, but I still wanna get rid of it.
That's part of a Google Play Services update, you can't remove it.
If you don't opt-in explicitly, it should not have any effect.
Do you really want to trust that? I personally wouldnt trust anything said or done at this point. For sometime my phone's been acting weird. Note 9 completely stock. But my g7 power rooted since day one with a global variant still runs like a charm. I'd rather just remove it or better yet permanently disabled it through some exploit.
Kelynaw said:
Do you really want to trust that? I personally wouldnt trust anything said or done at this point. For sometime my phone's been acting weird. Note 9 completely stock. But my g7 power rooted since day one with a global variant still runs like a charm. I'd rather just remove it or better yet permanently disabled it through some exploit.
Click to expand...
Click to collapse
What exactly do you think the phone is doing with that Covid-19 notification setting without an app to drive it? Contact tracer apps need to plug into the local health authority, and only a few places in the US are doing it because people are so suspicious of big tech. I would gladly participate but it's not available in my area.
Sent from my ONEPLUS A6013 using Tapatalk
The only way to get rid of it is to delete Google Play Services. That's how they snuck it in. On Android Pie it's simple. Just debloat via ADB using pm list packages prompt and voila! it's gone. On Android 10 it works the same EXCEPT none of the google apps, firefox, instacart, or anything like that will WORK. So you can de-google all you want - they've baked it into everything. It's something I'm struggling with now since I was forced to upgrade.
Hi everyone, first of all I just wanna say that this is the first thread I make here, english is not my first language, but I'll try to comunicate as effectvely as possible.
I'm noticing some weird and kinda creepy behaviours with my Yotaphone.
I bought this YotaPhone 3 about two years ago and I succesfully modded it some months ago flashing the Yota 3+ firmware as shown in this guide (no root).
In the last couple weeks I noticed an excessive battery drain, battery life has been cut in half for apparently no reasons, I'm not using my phone more than usual and i couldn t find any reasons relatable to anything I could have done.
Here is what i found out:
I use a Pi-Hole on my home network, a Linux network-level adversitement and Internet tracker blocking application which acts as a DNS sinkhole, that I mainly use to block ads, trackers and souspicious websites. I was occasionally checking out the Pi-Hole control panel, like i do every couple weeks, and this graph showed up:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Red bars are all queries related to my phone IP address)
There were almost 70 thousand queries from the domain "yotatechnologies.com", continously sent form 12:00 to midnight. As you might know YotaPhone decleared bankrupt last year and is not providing any kind of support anymore, in fact that domain is down and most of these queries ended up with a SERVFAIL replay, cousing multiple retries. But... some of the queries were apparently succesfull and were forwared to my DNS provider (Open DNS).
(the blocked ones, in red, were sent after I blacklisted the domain)
As I investigated more i found out that hundreds of thousands other queries were sent during May.
I downloaded an app to monitor my data usage (Glasswire) and I found a really strict correlation between this last graph and this one, showing the data usage of "android system" during May:
As you can see those spikes in data usage coincide with the spikes in the queries from that domain showed in the previous graph.
This is my battery usage from yesterday during one of those spikes:
I don't know what's happening and I can't give you more informations at the moment about this as I don't know exactly how the Pi-Hole works. For now I blacklisted the domain on my home network, to see if i notice any improvements in battery life during the next days. I would like to know if any other of you has ever issued the same problem (or something similar) and came to any conclusions or solutions.
I'm not assuming it's a conspiracy (yet), I'm way more warried about the unusual battery drain then a possible data stealing. But I would love to know more about it and come to a solution as quickly as possible.
Thanks, I hope this thread will be usefull to others too.
It's kinda normal as it is from a russian company, there are 2 possibilities, or they are stealing your data (which is the most probable one) or sending telemetry stuff.
the first one is more probable because of some russian apps that come in preinstalled, pretty sure there is a hidden system app pushing those requests.
try to debloat it using ADB, if the problem still continues, then root it and block the website using the hosts file.
Or it maybe be a compromised, corrupted or poorly written app.
Whatever it is, it's got to go.
Did you disable the auto update check? System -> Updater -> upper right 3 dots -> Preferences -> Auto update check.
Yotafreak said:
Did you disable the auto update check? System -> Updater -> upper right 3 dots -> Preferences -> Auto update check.
Click to expand...
Click to collapse
Yes, that's the first thing i did, but nothing changed
Hello,
I've a OP 8Pro running on Android 11 (11.0.9.9.IN11BBA), since the last hot fix with the recent security updates and fixes released by OP I'm facing an issue when using mobile data, if i try to browse google discover services I get the prompt as if i'm not connected to internet, then when trying to browse on google chrome i get the error "ERR_NO_SUPPORTED_PROXIES", however, if i open pages in private mode all is working fine, other services like WhatsApp or others apps are working fine and there is internet connection through 4G.
I tried clear up cache & data of google apps, reinstall google apps, reset default APN from the carrierr, reboots and other suggestions I've found browsing around forums but so far no luck... and is currently frustrating since common google things are not working.
Hello @pepi0
I have a One Plus 7 pro with Android 11 and I have the same problem. Did you found the solution?
Thanks a lot
Any news on this, I've got the same issue and alsoo tried everything the thread starter tried without luck
I've been struggling with this problem for more than a year and came up with the conclusion it has something to do with planned obsolescence or Oneplus phone.
My Android phone is 5 years old (Oneplus 5T) and I have the issue only with google apps. I've also tried to clear up cache & data of google apps, reinstall google apps, reset default APN from the carrierr, reboots and other suggestions but absolutely no change at all.
I found a temporary solution:
Whenever the app is not working, disable and enable mobile data and go back to the app .
It works for me for every google app but chrome.
I decided to buy a new phone with Black Friday and the issue is solved on the new phone, but I couldn't add any of my current credit cards to google wallet, because of a more annoying and unsolvable bug...
Since the new phone did not offer a huge User Experience difference from Oneplus I'm returming the phone and went back to my old OnePlus.
For the chrome issue I've decided to switch to another default browser and voilà!
Sorry it's not more helpful but hope it might be of any use...
Hey! It's me again!
Seeing that it seemed related to OnePlus phones from every message in the thread I just called OnePlus support and got the following troubleshooting:
1) Go to Google Play Store settings and set App Download preferences to "Ask me everytime"
2) Open Google Play Store App info, then reach the 3dots menu on the top right and uninstal updates.
3) It will ask if you want to replace the app with Factory Version. Tap Yes
4) Do the same for every Google App having issues
5) You might need to restart the phone or the apps won't work
The key is to NEVER update the apps again and make sure they wont update automatically. It's kind of annoying to say the least but (for now...) I won't have to buy another phone.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hi, need to add that I've LG G8s, not an OnePlus. But the exact same symptoms. Reverting the GApps isn't a possibility for me, since LG rolled out 2 big updates, the last one before christimas, bringing the device to Android 12.
I tried several things the last months:
e.g. I tried the SIM card of my girlfriend, who has another provider, and everything worked on mobile data. So I asked my provider for a new SIM card, reset APN, no changes, no GApps working...
I then ended up hard resetting the device and installing everything from the scratch again, no change.
But I've made another interesting observation... Installing a VPN (WIndscribe) and connecting to it while on mobile data will make all GApps work again. As soon as I disconnect, the're offline again?!
So my conclusion as a noob, there must be some wrong settings (in the system, google dependent), which even with hard reset an APN reset aren't fixed. Any ideas?