Help with unknown smartphone that showed up on my Google Account devices - Off-topic

Hi guys.
I need some help here... I was having a look at my google account page, at the security part when something very strange showed up...
First let me say that I'm a long time user of 2 factor authentication on google and also on other platforms. No one else have access to my password, and it's a strong one (upper/lower case, numbers, special chars...). No one have access to my smartphone, not even my wife, and it's fingerprint protected.
With all these security measures in place, still today I discovered that unknown smartphone that I never used, I don't even know anyone close to me that have a smartphone of this model (OnePlus 6), it simply appeared as if it has synced (!!!) with my google account at march 28, 3:37am...
When I go to Google's device management, I can remove access from my account to my own smartphone (motorola G7 power), but I simply can't do anything about this strange smartphone... The only thing it shows is the time it synced with my google account and the location (just Brazil, it don't even show the city. I live in Brazil)...
I've posted a question on Google help forum, still I'm asking you guys if any of you have some insight to give me, some help... I'm really concerned about this possible breach.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

ericknoletomendes said:
Hi guys.
I need some help here... I was having a look at my google account page, at the security part when something very strange showed up...
First let me say that I'm a long time user of 2 factor authentication on google and also on other platforms. No one else have access to my password, and it's a strong one (upper/lower case, numbers, special chars...). No one have access to my smartphone, not even my wife, and it's fingerprint protected.
With all these security measures in place, still today I discovered that unknown smartphone that I never used, I don't even know anyone close to me that have a smartphone of this model (OnePlus 6), it simply appeared as if it has synced (!!!) with my google account at march 28, 3:37am...
When I go to Google's device management, I can remove access from my account to my own smartphone (motorola G7 power), but I simply can't do anything about this strange smartphone... The only thing it shows is the time it synced with my google account and the location (just Brazil, it don't even show the city. I live in Brazil)...
I've posted a question on Google help forum, still I'm asking you guys if any of you have some insight to give me, some help... I'm really concerned about this possible breach.
Click to expand...
Click to collapse
It's a breach alright.
The attacker might be using your account on the browser on a device.
Or The user string is spoofed to avoid detection .
We don't know how your password was compromised so lets assume that
1)You might have compromised by reusing the password on another site .Some phisher/hacker might have retrieved it from a password dump.
2)Device or browser or keyboard or OS is compromised.
3)Glitch at Google side. The device shown is in error.
Regardless of that , you should change password from a safe environment. Do a password change from a fresh browser instance .
On a side note , you can check if your email-password has been compromised using the site below.(Troy Hunt is a trusted security researcher)
https://haveibeenpwned.com/

Had changed my password a month ago, just changed again as soon as I saw this on a safe computer.
Edit: the only new app I used close to this incident was Remote Fingerprint Unlock, which was featured on XDA... Still I don't know if anything was compromissed by this app or if it's a glitch on Google side... Going to wait for Google reply.

ericknoletomendes said:
Had changed my password a month ago, just changed again as soon as I saw this on a safe computer.
Edit: the only new app I used close to this incident was Remote Fingerprint Unlock, which was featured on XDA... Still I don't know if anything was compromissed by this app or if it's a glitch on Google side... Going to wait for Google reply.
Click to expand...
Click to collapse
I doubt Remote Fingerprint Unlock requires Google Credentials directly. If at all , the windows password should be compromised .

karandpr said:
I doubt Remote Fingerprint Unlock requires Google Credentials directly. If at all , the windows password should be compromised .
Click to expand...
Click to collapse
Agree with you, I just talked about it because it was the only different factor. I've installed Remote Fingerprint Unlock march 26. Then this incident occurred march 28. Anyway... I need an answer from google...

ericknoletomendes said:
Hi guys.
I need some help here... I was having a look at my google account page, at the security part when something very strange showed up...
First let me say that I'm a long time user of 2 factor authentication on google and also on other platforms. No one else have access to my password, and it's a strong one (upper/lower case, numbers, special chars...). No one have access to my smartphone, not even my wife, and it's fingerprint protected.
With all these security measures in place, still today I discovered that unknown smartphone that I never used, I don't even know anyone close to me that have a smartphone of this model (OnePlus 6), it simply appeared as if it has synced (!!!) with my google account at march 28, 3:37am...
When I go to Google's device management, I can remove access from my account to my own smartphone (motorola G7 power), but I simply can't do anything about this strange smartphone... The only thing it shows is the time it synced with my google account and the location (just Brazil, it don't even show the city. I live in Brazil)...
I've posted a question on Google help forum, still I'm asking you guys if any of you have some insight to give me, some help... I'm really concerned about this possible breach.
Click to expand...
Click to collapse
NFC
Sent from my Samsung SM-N900 using XDA Labs

Related

Market country restriction workaround?

Does anyone have a workaround for the Android Market country restriction?
I wanted to download the official last.fm client, but apparently it's availability is restricted to a handful of countries, and the .apk is so far not available anywhere else.
Could I somehow adjust a setting in my rooted G1 (ADP1.41) to make it appear as I'm accessing the Market from within USA? Can I make use of any of the free web proxies available, by editing a config file on my phone?
Thanks,
Christopher
When it shows in the top of feature section, you will be able to download it..
I've been waiting for it to appear in the Featured Apps bar for three days without luck. :-(
So a more permanent fix/workaround would be preferred...
Thanks,
Christopher
Hi,
Unfortunately, I think the Market restrictions are tied to the SIM card in the phone - not anything in the phone itself.
I bought my G1 in the US, unlocked, for use with a UK sim card. When this SIM card is in the phone, I couldn't get to iSkoot amongst other things, but if I put the US SIM that came with the phone (note this was not tied to a dataplan or activated even for voice!) I could then see and download iSkoot in the marketplace over WiFi.
Regards,
Dave
grenness said:
Does anyone have a workaround for the Android Market country restriction?
I wanted to download the official last.fm client, but apparently it's availability is restricted to a handful of countries, and the .apk is so far not available anywhere else.
Could I somehow adjust a setting in my rooted G1 (ADP1.41) to make it appear as I'm accessing the Market from within USA? Can I make use of any of the free web proxies available, by editing a config file on my phone?
Thanks,
Christopher
Click to expand...
Click to collapse
maybe a website?
http://www.android-community.org/content/show.php/Last+FM?content=92929
download the app you wanted and install it manually. thought i have to say, i dont know how much the website is updated.
baderfgt said:
http://www.android-community.org/content/show.php/Last+FM?content=92929
Click to expand...
Click to collapse
That's not the official last.fm personal radio application.
foxmeister said:
Unfortunately, I think the Market restrictions are tied to the SIM card in the phone - not anything in the phone itself.
Click to expand...
Click to collapse
So I tried the obvious - removed the SIM and started the phone with just wifi connected. No problem accessing the Market, but still no last.fm personal radio application... Could be the phone remembered that my SIM was Norwegian, or that the SIM left a footprint somewhere.
Man, this is irritating.
grenness said:
So I tried the obvious - removed the SIM and started the phone with just wifi connected. No problem accessing the Market, but still no last.fm personal radio application... Could be the phone remembered that my SIM was Norwegian, or that the SIM left a footprint somewhere.
Man, this is irritating.
Click to expand...
Click to collapse
Check your PM's.
i got it off the featured apps on the top...
im actually looking into setting up a proxy on the phone when using wifi, for some reason its not working
if its not showing up on the top, what i had to do was power off and power on and then it came up.
i think the guy above me pmed you the apk, if not let me know and i'll PM it to you.
Fake IP or fake region for Tmobile G1
I have a G1, I live in Vietnam. I know there're iskoot, truphone, linda file browser, and some awesome software on market. But I can't find them. My friend lives in US and using Tmobile, he can find and download them. Why? I paid 400 bucks for a new phone and Tmobile don't share me software from market. Please research this and develop something to help poeple not using Tmobile and from another country.
funbacon said:
Tmobile don't share me software from market. Please research this and develop something to help poeple not using Tmo
Click to expand...
Click to collapse
Actually the decision to restrict to country is purely by the developer of the software in question. T-Mobile isn't involved.
Here is an ongoing thread in the apps subforum discussing the matter:
http://forum.xda-developers.com/showthread.php?t=476160
yeah not very fair to you!
hey people, can anyone tell me why I can see ALL the apps and install ALL of them?
And tell me which is the app that restricted to region so I can try to see?
Im using my G1 in Vietnam with Viet Telco simcard.
as jashsu said, this is all on the dev.
however the "restraints" are there for a reason,
remember android is a "baby" the forecast for the market is (imo) when its up and running each country's devs are going to have paid apps for their region...
im guessing its to differ from the iphone store thing, sux but we still really dont know how the market is going to evolve...
a quick work around.
disable data
turn on wifi, and set a USA (or country of the app you want to get) proxy on your router (since im unable to see or find were to do this on the phone itself)
and you should be good to go...once the phone gets a USA IP everything shows up.
khoaitaychienvn said:
And tell me which is the app that restricted to region so I can try to see?
Click to expand...
Click to collapse
If I recall correctly, the official Last.fm client is such an app. Search for "last". This is what the icon looks like:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
schizox said:
however the "restraints" are there for a reason,
Click to expand...
Click to collapse
Just for reference, some possible reasons an app might be region restricted:
-Licensing: Apps may serve or contain content which the developer licenses from a third party. The terms of the license may limit the distribution of the content to certain regions. A common example is music streaming in apps like Last.fm and imeem.
-Export restrictions: The exporting of certain technologies, in particular cryptography, is subject to government regulation.
-Support: In order to support an app, the developer will have to account for factors like user support and managing bandwidth. Reducing the number of regions to distribute simplifies the task of properly supporting an app.
-Localization: An app that only gives the weather forecast of cities in China obviously has little purpose in the North America region. The developer may not want to expose it for users outside of its intended geography.

Michigan: Police Search Cell Phones During Traffic Stops

http://www.thenewspaper.com/news/34/3458.asp
A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.
"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."
Is there a way to protect oneself from these kinds of devices ?
Ptrout said:
A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.
"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."
Is there a way to protect oneself from these kinds of devices ?
Click to expand...
Click to collapse
Cellebrite UFED supports all known cellular device interfaces, including serial, USB, infrared, and Bluetooth. Extractions can then be brought back to the forensic lab for review and verification using the reporting/analysis tool.
---
I'd say the best way to prevent this from happening is request what right they have to look at your private handset without a warrant unless they have probable cause or if someone is in imminent danger and your phone has information that can stop that.
Other than that, without technical details of how the information is pulled it is nearly impossible to say how
Thats insane
Ptrout said:
Is there a way to protect oneself from these kinds of devices ?
Click to expand...
Click to collapse
Turn off the phones
Not liking the obvious invasion of privacy.
gamachan said:
I'd say the best way to prevent this from happening is request what right they have to look at your private handset without a warrant unless they have probable cause or if someone is in imminent danger and your phone has information that can stop that.
Other than that, without technical details of how the information is pulled it is nearly impossible to say how
Click to expand...
Click to collapse
The problem seems to be that, when you get a license on that state or any state, its not a a right, but a privilege. And as such, they can state what ever clause they want in it, and you can agree to abide by or refuse and forfeit license.
Fear being that more and more states will adopt this kind of tech and practices.
Yup
Married to a State Trooper and both of us HATE this! They claim it has to be done to see if you were Texting during an accident....and my spouse told me that you CAN deny the officer control of your phone, BUT you run a chance of being arrested and you will receive a ticket...basically, you can't decline it! Also, I live in Detroit, which is a border city with Windsor, Ontario...and my friends had their Blackberries taken at the border. I bought a "minute phone" to take across the border when I visit them, so that my Droid won't fall into the hands of the "Gubment! Can anyone say "1984"?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
That's a picture of our cellebrite machine at work. I use it all the time it helps when people go to a new phone and don't want to lose any data from there old phone. Anyways here's a couple things you guys need to know about this machine. It does transfer messages, contacts, music, audio/ringtones, and pictures. From sd card and internal memory. Now getting information off of it requires the phone to have a sd card in it, usb mass storage enabled, and usb debugging. All 3 things have to be enabled for it to transfer. Anyways if you want to avoid this, then just put a lock on your phone. If they can't get pass your lock screen to enable usb debugging or activate mass storage then they can't pull anything off of it. Even if they try bluetooth, etc. If your in a jam, do a factory reset, cellebrite can't pull information from your phone if it's not there. Cellebrite can not restore deleted data, it just transfers it. I have no idea why state troopers are using it to check if you were text messaging. Because it would much faster to just check the messages and see when it was sent. This is all pertaining to android phones. All the other phones out there are a little different. For example the iphones I can just plug it and start transferring, etc.
magicriggs said:
View attachment 573493
That's a picture of our cellebrite machine at work. I use it all the time it helps when people go to a new phone and don't want to lose any data from there old phone. Anyways here's a couple things you guys need to know about this machine. It does transfer messages, contacts, music, audio/ringtones, and pictures. From sd card and internal memory. Now getting information off of it requires the phone to have a sd card in it, usb mass storage enabled, and usb debugging. All 3 things have to be enabled for it to transfer. Anyways if you want to avoid this, then just put a lock on your phone. If they can't get pass your lock screen to enable usb debugging or activate mass storage then they can't pull anything off of it. Even if they try bluetooth, etc. If your in a jam, do a factory reset, cellebrite can't pull information from your phone if it's not there. Cellebrite can not restore deleted data, it just transfers it. I have no idea why state troopers are using it to check if you were text messaging. Because it would much faster to just check the messages and see when it was sent. This is all pertaining to android phones. All the other phones out there are a little different. For example the iphones I can just plug it and start transferring, etc.
Click to expand...
Click to collapse
Thanks so much for this info.... hubby and I were discussing it this morning and you've cleared up several questions we had.
I know the article was too optimistic about the machine's capabilities. Still, its pretty good. This is what hacking on a salary does >_>
As to the obvious violation of your rights, refuse to give up your phone without a warrant. I guarantee you this is bull****. Find out the laws in your state, get some reading material to defend yourself with. I'm sure they'll try to scare you with some legal rhetoric but chances are it won't hold up in court. You need to find out what arguments they're using and what legal counters to use.
Fight the good fight, people. NEVER give in to this bull****.
craziest thing ive seen WTF!

●●● [NEW][HOW TO] ●●● Google's Android Device Manager / Security ●●●

●●● [NEW][HOW TO] ●●● Google's Android Device Manager / Security ●●●
From Google...
"Have you ever lost your phone in between the couch cushions or forgot it in a restaurant? Or maybe searching for your phone before you rush out the door is part of your morning routine? Let the new Android Device Manager help you out! It's one of a few simple features you can use to keep your device—and the data you store inside—safe and secure.
Locate and ring your misplaced device
If you ended up dropping your phone between those couch cushions, Android Device Manager lets you quickly ring your phone at maximum volume so you can find it, even if it's been silenced. And in the event that your phone or tablet is out of earshot (say, at that restaurant you left it at last night), you can locate it on a map in real time.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Protecting your personal information and data
While losing your phone can be stressful, Android Device Manager can help you keep your data from ending up in the wrong hands. If your phone can’t be recovered, or has been stolen, you can quickly and securely erase all of the data on your device.
Availability and getting started
This service is now available on devices running Android 2.2 or above; to use it, you also will need to be signed into your Google Account. There will also be an Android app to allow you to easily find and manage your devices. Stay tuned!"
How to start using
*note: This is not a standalone app. Google is pushing the update in batches so you may not have access to it yet.
1. Navigate to Settings > More... > Security > Device Administrators and check the box Android Device Manager and hit activate
2. Check to see if access to Android Device Manager is in your Google Settings application.
3. Go here on your computer's web browser and test it.
If you don't see access to it in your Google Settings app, its likely that the feature is not yet available to you.
Nice. Works on my Nexy but not my phone yet.
Sent from my HTC One using Tapatalk 2
activated on n7 and google can't locate it or ring it.
wifi on, location access on (even gps)
works great..... but I rarely take it out of house
d
I enabled it on my phone and my Nexus 7...Worked but i dont loose my devices
It doesnt give an option to track it. And the ring button doesnt do anything =X
So is this pushed in like some other Google apps like the Play Store, GSF, etc, which is independent of the ROM, or is this only going to show up on standard Google images and later trickle in from carrier images etc?
EDIT: Its on my AOKP phone, so must be independent
overrule said:
It doesnt give an option to track it. And the ring button doesnt do anything =X
Click to expand...
Click to collapse
I'm having the same issues.
will it erase all the data in my n7? It shows that it will =/
Sent from my Nexus 7 using xda app-developers app
ace-user said:
will it erase all the data in my n7? It shows that it will =/
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
No, it shows that it CAN.
I have this enabled now but how would I use it if I did lose my device.......
Where would I go what commands etc are needed
Sent from my Nexus 7 using xda premium
I just tested and it works with my N7. Assuming you followed instructions and have everything activated. To use just go to Google android device manager website. Either from a PC or another mobile device. Then I'm assuming you have to log in Google account if device being used to browse website is not your device. Once in, you will see the devices you own that has the android device manager feature activated. Then you have a choice to ring the device or wipe its data. Of you press Ring tab, your device will ring at max volume. Even if you previously set it silent or low volume. Either before or while its ringing, it will locate your device. For more details go to Google settings app. Them android device manager. Then press the options tab up top. Then go to help. It gives a lot more details there. Plus tells you how to locate device of its showing unknown location bit you know its on and connected.
Device can only be located if its on. You can preset remote wipe. Spo that as soon as thief cuts it on and connects to a network, it will secretly wipe everything. Pretty cool feature. Just tested. I went to website from my phone then located and rang my N7. Worked fine. So I made sure to activate this cool new feature on all my android devices. Better to be safe than sorry. Might be needed one day.
I will have to try this. I use android lost to find my devices. For some reason the android device manager won't show my D4 or Nexus 7, I guess I need to send some data to google to have them see that they are on
bwalz said:
I will have to try this. I use android lost to find my devices. For some reason the android device manager won't show my D4 or Nexus 7, I guess I need to send some data to google to have them see that they are on
Click to expand...
Click to collapse
Just to make sure here.... You did click the device name for a drop-down list of all devices, right? It only shows one device, you have to pick the device you're interested in.
This threw me a little the first time I went to the website, expecting a list of devices, not a single "Device" with a drop-down to pick the specific device.
Not as fully featured as Cerberus, but it will make a nice backup just in case.
Sent from my Nexus 7 using xda app-developers app
It finally showed my n7 but won't locate it even though its enabled as a device admin and location services are on.
Sent from my Nexus 7 using Tapatalk 2
My Nexus 7 shows up, but keeps saying "location unavailable". I can click the ring button and it rings immediately. Tried with wifi location services on, tried with GPS on (and 6 sat's in view), no go. Maps finds me instantly. Pretty worthless if it's not reliable.

What is the "SE for Android Status" in the "About Device" settings mean?

What is the "SE for Android Status" in the "About Device" settings mean?
I went into the about device settings and noticed the " SE for Android Status" and my date is January 13th. Here is mine..
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What does the "SE for Android Status" do for the device? Can it be hacked? What would make that date change? What do you guys have for the date?
Thats just letting you know that If im correct "selinux" or something else is set to enforcing. Im running skyhigh kernel and its set to permissive. Theres a difference between the two. Google permissive vs enforcing and it should tell you. Im not sure about the date btw. Its some sort of security feature in which kitkat has it enforced meanwhile older android versions are permissive. Hope this helps!
xRevilatioNx said:
I went into the about device settings and noticed the " SE for Android Status" and my date is January 13th. Here is mine..
What does the "SE for Android Status" do for the device? Can it be hacked? What would make that date change? What do you guys have for the date?
Click to expand...
Click to collapse
SE Stands for "Security Enhanced". It is a good thing and having it turned off is a bad idea. I'm not sure what causes the date to change. Mine says Jan 20th.
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
Checking out Fedora's gui for SELinux it's easy to understand. It's Linux's implementation of access control similar to looks local security policy or Group Policy in MS Windows. Any kernel that has this is pretty awesome.
If it was in a permissive state that would be worthless but since Samsung has it enforcing it's actually working.
What it does is say "this user has this access to do this particular thing." This would apply to system accounts as well (ie accounts that run behind the scenes that run the operating system.) By using access control you (in this case Samsung) can permit or deny even service accounts least user privileges to do only what they're intended for. Like, if I had a web server I could have an account whose only permission is to start and stop the web service. That way if it's credentials are compromised the attacker can only turn that one service off and on but it couldn't get access to random folders or databases on the server. Android L implemented this only recently.
Now, you can't just put out policies like this and walk away. You'll probably need to tweak it if something doesn't work right or you found another fine-grained thing to lock down (you could spend a lot of time making an overly fancy security policy).
Samsung has a setting under Security/Security Update Service to download new policy templates. I'm guessing that's what the date is all about. 99% sure that's what it is. I'm impressed they actually do maintain SELinux that often. I don't know if Android L has a policy update mechanism like this but it would be cool so I'm impressed Samsung did this.
I used to use Group Policy in a Windows domain but I didn't enforce many policies. Just little things like forcing everyone's Internet Explorer homepage to our company's intranet page or point them to get Microsoft updates from a local update server versus everyone's computers normally downloading from Microsoft Update... saves bandwidth and I could tell when computers weren't getting updated. Too many GPOs can slow down login times. Plus, I'd be tinkering with it all the time if I was trying to make the ultimate, mega secure policy... and there's a lot of potential to block things that are unnecessary to block or might make legit programs not work. Obviously Samsung has a nerd that does this I guess.
Amazing explanation! Thanks!

KingRoot Information

This is the information I have gathered on KingRoot (for Windows). Please note that this is information gained by using a network monitor and the software was not reversed engineered or decompiled in any way. I am not responsible for how you use this information or any opinion you may form of this software. Lastly I am not responsible for any files downloaded or links followed from this information! Sorry, had to cover myself from slander and those who don't know what they could be getting in to
It appears to be a server side style of app. The app you install either on your phone or pc is simply the gateway to the server and the app knows how to communicate with the server. All functionality appears to be controlled server side, it should (theoretically) not matter what version of the app you are using. The Windows app for this will install the latest android version on your phone, if you do not have it installed already. It actually installs the KingRoot app but also another app named "KrHelper4Pc". This could be the stuff listed in the links and information below, I do not know for fact. The windows app is also in Chinese (I assume). However, they have an unhelpful English page that tells you how to root with the Chinese (I assume) all over it! https://kingroot.net/root-installation-via-windows-pc/
Here are some links that were found having communication:
1. http://103.7.29.26/download.sj.qq.com/qpmgr/AndroidDeviceV6.zip?mkey=58692fabc55ab7b0&f=105&c=0&p=.zip
- This is weird, it downloads a zip file but can not be opened or extracted. I know sometimes .apk files can show as .zip files, so I changed the extension to .apk and moved to my phone sdcard. Can not parse the package...no idea what this file is or how it works! You can open the zip file with wordpad and see a bunch of garbled text though.
-- http://download.sj.qq.com/qpmgr is shown as unsafe by Microsoft Safe Screen (fyi).
2. http://mp.kingroot.net/qrcode?desc=samsung%2Fklteuc%2Fklteatt:5.1.1%2FLMY47X%2FG900AUCU4COI5:user%2Frelease-keys%7CLinux%20version%203.4.0-5869384%20([email protected])%20(gcc%20version%204.8%20(GCC)%20)%20%231%20SMP%20PREEMPT%20Tue%20Sep%2022%2021:22:27%20KST%202015%7C100302&sceneType=fp&app=3
- This site leads to a QR Code at the following: https://mp.weixin.qq.com/cgi-bin/showqrcode?ticket=gQHZ7zwAAAAAAAAAAS5odHRwOi8vd2VpeGluLnFxLmNvbS9xLzAySEtERkExWHZic2UxdDVTWTFvMVMAAgRFaVVYAwQAjScA
-- Using a QR Scanner on my phone, it leads to a "webpage not available".
3. http://androidpc.app.qq.com/app1/vertis.do?id=20120810003
- Leads to: http://s.pcapps.qq.com/msoft/xml/qqapp_update_20151029.xml which does not display anything, appears to be xml file. Oddly, can not right click and view source though...
Again, this is purely information I have gathered on the use of KingRoot, take it as you wish or as you interpret it. It may (or have) work but there seems to be a lot of other traffic going on, I can not really say if it is necessarily good or bad but I would at least call it "possibly suspicious". The reason I say possibly suspicious is the fact that most "hack tools" are actually not nefarious or do not have bad intentions. They are listed this way to dissuade people from using them. If it shows as a virus, most people will not install or use the program thinking they will get infected when the app is truly not a virus or malicious.
How do I know?
Well, I cant guarantee that any software or app is safe if I did not code it. Back in the day, I used to hack the old Yahoo Messenger login protocol. By doing so, I could create bot programs that could spam, send boot codes to knock them offline and even clone other users. As you can guess, Yahoo did not like this. Yahoo then worked with anti virus companies to get programs like mine listed as a virus to dissuade people from installing them. When this happened, my inbox exploded with people screaming and cussing at me. None of my software is malicious, I would not do that. I ended up releasing my source code to prove it was safe.
Anyways, long story short...for tools like these, it is actually hard to prove if they are malicious, even if a website says so.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my SAMSUNG-SM-G900A using Tapatalk
---------- Post added at 09:14 AM ---------- Previous post was at 09:12 AM ----------
Sent from my SAMSUNG-SM-G900A using Tapatalk
johnkirchner said:
How do I know?
Well, I cant guarantee that any software or app is safe if I did not code it. Back in the day, I used to hack the old Yahoo Messenger login protocol. By doing so, I could create bot programs that could spam, send boot codes to knock them offline and even clone other users. As you can guess, Yahoo did not like this. Yahoo then worked with anti virus companies to get programs like mine listed as a virus to dissuade people from installing them. When this happened, my inbox exploded with people screaming and cussing at me. None of my software is malicious, I would not do that. I ended up releasing my source code to prove it was safe.
Anyways, long story short...for tools like these, it is actually hard to prove if they are malicious, even if a website says so.
Click to expand...
Click to collapse
Well, that "zip" definitely isn't a zip ... if you look at any real zip in a text editor, the first 2 characters in the header are "PK".
(I think that's where "apk" comes from ... "Android PK).
The file is clearly data that the application decrypts.
I installed the program in Sandboxie & will poke around a little when I have time.
It might be slow going since it's all in Chinese.
There was a suggestion that I was a little overly concerned by the "intrusive" nature of Kingroot ... ha! We'll see ...
Following this for sure

Categories

Resources