[BBC] eBay pulls sales of 'spyware phones'

[Discover]

eBay pulls sales of 'spyware phones'

Online marketplace eBay is blocking the sale of a Chinese-made Android handset after reports the model is pre-installed with spyware.


http://www.bbc.co.uk/news/technology-279...hannel=rss&ns_source=PublicRSS20-sa

[WuddaWaste]

This is hugely concerning. I remember reading about some of this a while ago on some other Chinese phones. The Lookout App flagged a process or two on my friend's phone as potentially being this.

Here at CPA we do have documented process for removing Chinese bloatware. I'll have to double-check to see if it addresses the software that is in question for the phone mentioned in this article.

How to remove Pre-Installed Bloatware:
http://www.chinaphonearena.com/forum/Thr...re-removal

Cliffs Notes Version:
- Run MTK Droid Tools
- Go to the Root/Recovery/Backup Tab
- Choose "Remove China"

I'm also personally a fan of Titanium Backup. From there, you can uninstall any regularly-installed or factory-installed program. If you're unsure about it, you can "freeze" it first, which is effectively like disabling it.

[loaded_scissors]

Very worrying indeed, I use online banking on my phone on a daily basis on my Pulid F17. Nothings gone missing yet, but who knows? The F17 is a clone of the N9500 by a different name. I haven't found anything on my phone yet.
The thing is that spyware is a very catch all term. Some people would consider certain cookies to be spyware, or things that produce spurious adverts. I think its blown up a little more because it could in theory install any new app/trojan on your phone, though this ability can be explained fairly innocuously, you've got to be able to update your software somehow in countries that don't have access to the android market. I'd be interested if anyone can actually identify some spyware/trojans on their phone, as the BBC failed to point at exactly what the code of concern is.

EDIT: This story mentions "...the Android.Trojan.Uupay.D trojan masquerading as the Google Play Store"
http://www.slashgear.com/star-n9500-chin...-17334108/

[cookiedough]

Apps like framaroot and stuff like that are flagged by given scary names too. I've used china brand phones for couple years. The SMSreg is sometimes flagged and MTK Droid Tool removes it. But i've never had any problem with this. i normally leave it alone. I log into my admin accounts, banking, everything. never had an issue.

I believe it's overkill by ebay and maybe some complaint from samsung, HTC and such. Well looks like Aliexpress and vendors with their own online shops will now be gaining the fruit of ebay's decision if they really have stopped selling all China brands.

Anyway, if it's true, it's one more reason to not by cheap clones with software you no idea where it came from. Stick with the name brands who have something to lose by getting a bad rap for this. It doesn't necessarily mean you'll be fully protected, but is one way to protect.

[aus9]

Heck if you like to worry how about something more universal that affects Windows users, Mobile users and even sweet innocent good looking Linux users

(OK I lied I am not sweet)

your router may have a weakness.....and may take some time to have new firmware
----some companies seem a little slow to admit there might be an issue.
Your Bank's router may have a weakness
Your ISP etc etc

http://www.openssl.org/news/secadv_20140605.txt

Although its off topic, openssl has put out a new tarball
and you should check to see how to update your ca-certificates

Maybe a more experienced Android user might like to comment?

Using your web browser you can test any of your banksites etc that normally use

Code:

https://www.somedomain.com

eg the following site passes the latest vulnerbility which is -----CVE-2014-0224
https://www.ssllabs.com/ssltest/analyze....google.com&hideResults=on

test site
https://www.ssllabs.com/ssltest/

what you are looking for as well is a certificate issued AFTER the latest openssl release
---but that does not prove its using the latest

the date you are looking for is after June 5 2014.....to pass CVE-2014-0224
or a version that is not vulnerable

good luck

####################

back on topic as I use Linux I can't use

How to remove Pre-Installed Bloatware

nice tip from WuddaWaste

Instead, I install En versions of various apps
Use a root file manager = Root Browser to first go to /system/apps
uninstall Chinese app
long press the app and delete it

don't forget to have a backup before trying it

good luck

#####

edit 68

It looks like you can update your certificates but Android uses different names
they use the term keystore

in your system we appear to have
/system/lib/ssl
/system/etc/security/cacerts

this might be useful but I have not tested yet.....any comments from experienced Android users?
http://www.codeproject.com/Articles/7865...-authority

[nicoco44]

Hi,
I have bought (last week) an jiake i9500w via ebay.
I have just read information about trojan in star i9500. Does jiake is the same company than star. May I have the trojan in my phone ?
Last question, ca we remove the trojan after rooting ?

Thank you

[Sniper47]

This is nothing to be concerned about for your phone.

If you want to check, use https://play.google.com/store/apps/detai...lesecurity . If Android.Trojan.Uupay.D is on your device, it should find it.

[aus9]

hmmm I have lost ability to give thanks here
----am I too naughty?

2) thanks Sniper47 for your link, my previous virus scanner was not giving me a recent virus defination list

Therefore I hope you don't mind me mentioning that the uupay issue was discovered on another device by
Kaspersky prior to the G app

rant starts.....name not mentioned for a reason
I installed recommended app.....and it did not appear under G in apps, in fact I could not easily spot it
but I admit my eyesight is not always the best
rant ends

For those who prefer Kaspersky here is some images and tips....I have only just installed this app----free version

Don't scan until you go into settings and turn off trust for system apps
----since that is the nature of the threat


go back and do full scan

Here is a detected, known vulnerabiltiy.....I umm left it on but know how much I can't mention its name so have obscurred the name of the exploit?



Finally after doing it....its nice to know how many checks scanner makes
and date of defs



Altho I am not a security expert in Linux and even less so in Android
IMHO go for a product that gives you transparency.
https://play.google.com/store/apps/detai...m.kms.free

good luck

[Sniper47]

To be very clear, for the possibly Star brand firmware, the virus was first detected and announced by GData. Of course the virus may have existed and been known prior to the recent discovery on Star.

I've installed the GData just to see what you were talking about. Seems straightforward. Close the screen asking for reg info and tap scan.

You haven't been naugty. Well, maybe you have but not that I've seen here. The thanks lingo has been changed. It's '+Rep' now. The little text button will be changed soon.

[nicoco44]

so the GDATA software will find the malware if install on the phone.
Will it remove it or have I to root my phone to remove it ?
I'm still waiting for my phone, I just want to prepare evrything befor I receive it?

Generally, have I to use an antivirus if I use only applications from google play store ?