I jumped on the bandwagon and installed the 2.1 Leaked rom for my Droid Eris as soon as possible.
Last week my gmail accounts password was stolen. Also, my gmail account was sending out spam.
I ran a ESET32 Anti-virus security scan and found no threats. Afterwards I ran Malwarebytes and also found the same results, nothing. I changed my gmail password and all other accounts associated with my gmail.
I am a competent computer user and keep my Windows 7 64bit install clean, tidy, and updated. I use Google Chrome to browse the web carefully and I only visit websites I trust. Although it is very possible, I find it highly unlikely that my system was infiltrated.
I assumed I screwed up somewhere and my desktop was hacked.
Heres where the interesting part starts, Although I changed my password around a week ago, apon logging into Gmail today I was notified about my account being accessed on June 3 (3 days ago) from 6 different Chinese Ip's. I changed my password and security question today and closed all of the email sessions located in China.
My system shows 0 threats after running ESET ENOD32 Anti-Virus and Malwarebytes.
I don't have any other device that stores my Email password besides my Droid Eris.
I could be stepping out onto a limb here, but I still have to enter my Gmail password everytime upon opening the Android Market. I know this has been listed as a bug before. Also, I can't enter my password to enter the Market unless my 3G AND GPS is turned on. It does not work if the GPS is off.
Could it be possible that everytime I enter my GMAIL password into the Market app, it sends a copy out to China?
Why does my GPS have to be turned on to accept my password?
Is the "leaker" from china who released the 2.1 ROM to XDA a trusted source?
Help me out guys!
update to the latest leak and you wont be having these problems
rohanic said:
Is the "leaker" from china who released the 2.1 ROM to XDA a trusted source?
Click to expand...
Click to collapse
The leak, although it appeared to come from riverrunner, actually was leaked by one of the devs that has put in a lot of work in making the eris awesome.
Like Royel said, update to the latest version of the leak and you shouldn't have any of the password login problems.
Not sure about the gmail problems, but I've been running all the leaked versions and had no problems so far.
This post prompted me to check on my account also
Confirmed, IP in China has been logging into my gmail account also.
LexusBrian400 said:
This post prompted me to check on my account also
Confirmed, IP in China has been logging into my gmail account also.
Click to expand...
Click to collapse
Where do you find out how to check.
Log in to Gmail, scroll all the way to the bottom. It will show which IP you last logged in from. Next to it is a link, I think it says "details". A window will pop up showing you all IP addresses that your account has been logged in from.
korben dallas said:
Where do you find out how to check.
Click to expand...
Click to collapse
I am a new user, so I can't post links to the how to. Basically log in to gmail, click on settings, scroll down to the bottom where it shows how much storage you are using, just below that in tiny print is "last account activity", click on details.
I just checked the details on my account and I am getting no logins from China, or anywhere that isn't me.
Just a thought, but have you checked to see if it's the same IP address each time? If so, you may be getting a weird IP address from VZW that google is geo-locating to be from China even if it isn't.
Unless we start getting a lot more people confirming this, I would say it is probably not an issue with the leaked rom but more likely something else (virus on your computer, an app that logs into google accounts for you).
wow, weird. i've often checked my "last account activity."
i'll randomly get some logins (all mobile logins) from another state (Michigan... right next door to me). i imagine it's just due to the IP that i'm getting on my phone...
now, i've NEVER seen anything from China before... and i've run just about all the leaked ROMs out there
strange indeed... i'm assuming all the "china" IP's were mobile logins?
I just checked mine and I had multiple logins from two different IPs. The ones from a desktop were my IP (in Oklahoma) and all of the ones from a mobile device were from a Florida IP. I logged off all of the other accounts and changed the password to a long string of letters and numbers, then logged in on both my desktop and my phone. After that the same two IPs were logged in, so apparently my verizon IP is somewhere in Florida.
I'm not sure why they would use an IP in china, but it could be a similar thing happening to you guys.
While blocks of IP addresses are allocated regionally (hence the different IP registries such as ARIN, RIPE, and APNIC, this happens at very small prefixes (huge blocks of IP addresses).
Geo-location of an IP address is imprecise for a wide variety of reasons. (Despite what you see on popular "crimefighter" TV shows). An AS (BGP Autonomous System) can emit packets from multiple points within their network, depending on instantaneous routing conditions; this is especially true for large national carriers such as Comcast, Verizon, Sprint, AT&T, etc.
One thing that no-one mentioned here is that every one of the Leak ROMs were cryptographically signed by somebody at HTC. If there is malicious code in the ROM, it came from HTC. Seems kind of unlikely. Feasible, but still seems unlikely.
bftb0
Leak isn't sending out passwords. In fact, if i remember right your pass isn't stored on the phone, a key is.
Virus scan won't catch everything, especially new things.
1) Do any OS upgrade on your PCs, I recommend for non techies http://tinyurl.com/m7r5h or for techies http://tinyurl.com/mkly.
2) change all your passwords
3) dont cross use passwords
4) choose complex passwords >10char in length.
jcase said:
Leak isn't sending out passwords. In fact, if i remember right your pass isn't stored on the phone, a key is.
Virus scan won't catch everything, especially new things.
1) Do any OS upgrade on your PCs, I recommend for non techies http://tinyurl.com/m7r5h or for techies http://tinyurl.com/mkly.
2) change all your passwords
3) dont cross use passwords
4) choose complex passwords >10char in length.
Click to expand...
Click to collapse
2nd to that, also Another great one for techie http://www.archlinux.org only if you like getting ur hand dirty and learn more about how Linux work from ground up, less hassle than doing Linux from Scratch lol, although it's fun, very rewarding experience and it'll come in handy when you want to do ROM cooking since it's based on Linux.
Does anyone know where the E-Mail account settings files are kept? A replacement phone is scheduled to hit me on Wednesday, and if I can help it, I would prefer not to setup my myriad of e-mail accounts all over again. It sure would be nice if I could just copy them to my computer and copy them back to the replacement phone.
TIA
I solved that problem by forwarding all my email accounts through gmail.
I prefer to have separate accounts, as discussed in posts #11 and #13 of the thread below:
http://forum.xda-developers.com/showthread.php?p=27810568#post27810568
xv-6800 said:
I prefer to have separate accounts, as discussed in posts #11 and #13 of the thread below:
http://forum.xda-developers.com/showthread.php?p=27810568#post27810568
Click to expand...
Click to collapse
So in other words, you can't simply use gmail because its too much hassle to remember to select the correct account to reply from?
I believe most settings info is stored like this:
/data/data/nameofapplication/
What do you mean? The way I have it set up ENABLES me to select the proper account to reply from. Google does not offer this capability.
Regarding the path:
I have a .data folder on the root. Inside that is a nested mail folder which contains nothing but another empty nested folder entitled attachthumb.
Do I need a special app to see what I need to see?
xv-6800 said:
What do you mean? The way I have it set up ENABLES me to select the proper account to reply from. Google does not offer this capability.
Regarding the path:
I have a .data folder on the root. Inside that is a nested mail folder which contains nothing but another empty nested folder entitled attachthumb.
Do I need a special app to see what I need to see?
Click to expand...
Click to collapse
Don't know what you're talking about because i'm using the stock Android AOSP version of the gmail app and I have 5 accounts set up on it and can select which one to reply from. It automatically selects the correct account if I simply hit "reply" from an email, however I can force it to reply from any other of my accounts too. Not all gmail accounts either. I can send mail from my cox.net account directly from the gmail app on my phone.
Anyways, you need a root file explorer. You will go to the "/data/data/" directory, then look for a directory containing the name of your email app (like /data/data/com.google.android.gm/ for gmail, etc)
That directory contains the settings and data from that app. Copy it, place on your new device in the same folder after installing the app on the new device.
a.mcdear said:
Don't know what you're talking about because i'm using the stock Android AOSP version of the gmail app and I have 5 accounts set up on it and can select which one to reply from. It automatically selects the correct account if I simply hit "reply" from an email, however I can force it to reply from any other of my accounts too. Not all gmail accounts either. I can send mail from my cox.net account directly from the gmail app on my phone.
Click to expand...
Click to collapse
I think there may be a misunderstanding here. My phone has 2 apps. One is entitled Mail, the other entitled GMail. The GMail app only allows for GMail accounts. I am using the other Mail app. KZOODROID said he was forwarding his other accounts to a GMail account, which does NOT allow what you and I are doing with the Mail app. Not even logging into GMail via a web browser allows you to do this, because on the web replies still go with GMail text saying "Sent of behalf of..."
FWIW, the Mail app on the phone does NOT select the correct account if you are using your GMail account to POP another account, or you have other accounts set to forward to your GMail account, and those messages are pushed via GMail. In both those instances, when you hit Reply, the reply will be sent via your GMail address. You MUST select the desired account you want to reply from (provided you have it setup in the Mail app), if you want the reply to be seen as being sent from the same address that it was originally sent to.
Now, if you truly are pulling mail from your other non-GMail accounts (or the messages are being pushed from those mail accounts' servers), then yes, when you hit Reply on any of those messages, it's just like hitting reply on a regular mail client on a desktop computer, and the replies take on reply information from the respective mail accounts.
Anyways, you need a root file explorer. You will go to the "/data/data/" directory, then look for a directory containing the name of your email app (like /data/data/com.google.android.gm/ for gmail, etc)
That directory contains the settings and data from that app. Copy it, place on your new device in the same folder after installing the app on the new device.
Click to expand...
Click to collapse
I figured as much. Does the root file explorer get installed on a PC, or is it an app you download to the phone, and then use on the phone to copy such values to an SD card?
Any suggestions on which root file explorer?
In the gmail app, hit menu then compose, at the top of the new email is a pull down menu with your @gmail.com account listed first and a down arrow. If you open this menu all your email accounts linked to gmail are listed with the option to send as for any account. I believe you can only add the accounts to gmail from a PC, at least that is how I set it up under the settings button, check mail from other accounts, send mail as, import mail and contacts, its all there. This way you never have to worry about adding multiple accounts again or copy files, its always there from now on.
Root Explorer is an app in the market, cost a buck I think, well worth it. ES File Explorer does the same thing and can connect wirelessly to other devices and is free. I use both.
Edit: calling it forwarding was probably the wrong term to use as you are granting gmail permission to check for email on the other accounts and if it finds new emails it grabs them and pushes them to your phone. You can then repond to them either using the account they came from or with your gmail account as I described above.
kzoodroid said:
In the gmail app, hit menu then compose, at the top of the new email is a pull down menu with your @gmail.com account listed first and a down arrow. If you open this menu all your email accounts linked to gmail are listed with the option to send as for any account. I believe you can only add the accounts to gmail from a PC, at least that is how I set it up under the settings button, check mail from other accounts, send mail as, import mail and contacts, its all there. This way you never have to worry about adding multiple accounts again or copy files, its always there from now on.
Root Explorer is an app in the market, cost a buck I think, well worth it. ES File Explorer does the same thing and can connect wirelessly to other devices and is free. I use both.
Edit: calling it forwarding was probably the wrong term to use as you are granting gmail permission to check for email on the other accounts and if it finds new emails it grabs them and pushes them to your phone. You can then repond to them either using the account they came from or with your gmail account as I described above.
Click to expand...
Click to collapse
Yes, what you're describing must be set up on the PC. And, when you send an e-mail you can select which account you want it to SAY it's being sent from. But, the header on the message will still show your GMail account.
When you grant permission to have GMail check your others accounts, you're telling GMail to "POP" or pull the mail from the other account. Problem is that GMail again puts its "spit" on the message, instead of maintaining the original message header. That becomes a problem for me, and likely others in business, in that because of this, when you reply using the GMail convention of selecting a particular address, the recipient sees plain as day that the message was sent "on behalf of" whatever email address you chose to send from. Not very professional.
But, when you have multiple accounts setup in the AOSP Mail app on the phone, when you choose a different address to reply from, the app actually sends the message from that e-mail account, so the recipient sees only the info from that account, which is the way it should be.
Don't get me wrong, GMail is great for personal use, but when it comes to professional environments, you don't want people you're doing business with to see some generic e-mail address, you want them to see something coming from the company's domain. For example, would rather do business with someone with an e-mail address like [email protected], or [email protected]?
In fact, that's the biggest complaint with GMail and Android in the business world. Not enough native business support. And, that's fine for Google because there are more individuals in the world than companies, meaning more unit sales at higher prices. Problem for people like me is that cell carriers have heavily adopted Google's OS, which right now limits how much we can rely on Android phones in the work place. It's sad, because the hardware is technically awesome these days, and the OS itself has a lot going for it, but it's little things like the mail issue that show much of a babe in the woods Android is in the business world, and that makes it not quite ready for business prime time use... yet! It is getting there, though. Whoever wrote the Mail app is obviously an early business adopter who recognized the need, and as more people start to see things like what I've been able to do with it, albeit it's a workaround, I'm sure more business-savy developers will jump on the wagon, and make it easier to do more things conducive to "business" in the future. The ironic thing is that individuals are the ones driving Android because people with real jobs don't have time to dive in and figure out the workarounds that would show them the potential, you know?
I think Microsoft and a lot of the business world has realized that Google has not done enough to demonstrate an keen interest in the business world, and I predict that at the end of the year when Windows Phone comes back, it will likely come back with a vengeance and address all the stuff Android is lacking at the moment. After all, Microsoft ruled the business world for so long, they know what needs to be done. With the economies suffering, they've been smart not to try to bring something to market in an industry hampered by business spending freezes. But, the time is near.
Anyway, thanks for pointing me to the root file explorers. Will I need to root the phone before being able to use them to save those email account settings, or will they work on an unrooted device since I am only copying files? I ask because I don't want to go to the hassle to root and unroot again since I have to send the phone back to VZW when the new one arrives, does that make sense?
You have to be rooted to access the files using a file explorer.
When I send emails through gmail on my phone using the send as function I'm not getting anything like you are talking about in my emails. They show up as being sent from the account I choose not from gmail. However if you right click the email, select properties then open up details you see that it came from the gmail account but its buried in all the lines of code. And how many people actually do this? My clients that I work with don't really care where an email came from just that I answered. If I worked for a larger company like say Verizon than I could see that it matters but then again I'm not having that problem with gmail it works just as described for me.
xv-6800 said:
I think there may be a misunderstanding here. My phone has 2 apps. One is entitled Mail, the other entitled GMail. The GMail app only allows for GMail accounts. I am using the other Mail app. KZOODROID said he was forwarding his other accounts to a GMail account, which does NOT allow what you and I are doing with the Mail app. Not even logging into GMail via a web browser allows you to do this, because on the web replies still go with GMail text saying "Sent of behalf of..."
Click to expand...
Click to collapse
I don't know what I did, but mine no longer say "sent on behalf of..". I believe it was something I configured on the gmail settings from the website, not from the app on the phone, but the settings have carried over.
If I send email from my cox account, it comes to you from [email protected]. If I send you an email from my work address, it similarly comes from [email protected].
I use the stock gmail app for all emails. I've removed all else, exchange, mail, etc. So I know for a fact that gmail will work the way you want it to, its just been so long since I've set it up that I can no longer tell you what I did.
as far as copying your files from one phone to another, you will need to be rooted, and you will need a file explorer. This is something like ESFile Explorer from the play store. Its installed on your phone, not the computer. You shouldn't need a computer for anything, actually, after you're rooted. All of this stuff can be done with simple apps and your sdcard and your phone(s).
Re: a reply e-mail sent from a different address set up on your GMail account:
I've tested this many times over the the years, as well as again last night. Regardless of whether the message is sent from GMail on the web or the GMail app on the phone, the result is the same, GMail ALWAYS inserts that "on behalf [email protected]". That's part of their marketing strategy, and there is no option to remove that. Period.
If you look at a reply sent in this way in a REAL e-mail program, not a mail applet on your phone or a web browser, you see that statement plain as day. For example, below are 2 snippets of what you see when you view such a message received in Outlook. No right-clicking or anything, I just open the message to read it. One was sent from the GMail app on the phone, the other from GMail via a web browser. You cannot help but see this statement, because that's what Google wants people to see to further their market awareness strategy.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Let's put this particular issue to bed, shall we? I am not criticizing anyone's use of this "feature". I am simply showing the facts of how it works. If the option works for you, fine. I own multiple companies, and personally, I don't want people to whom I send messages see some gimmick like that on any of my e-mails, nor do I want any of employees sending company messages like that either. And, many businesses obviously feel the same way.
Again, I am not here to criticize users of GMail. The "on behalf [email protected]" is undeniably inserted in any reply sent from a different address set up on your GMail account. The only reason I ended up hijacking my own thread is because someone suggested I use my GMail address for everything, and I stated why I preferred not to. A misunderstanding of the option's behavior came up, and I figured I would show how the option REALLY works so that anyone else who happens upon this thread doesn't get misled by Google.
So back to the original topic of this thread:
Thanks for the info on the file explorers. I think I better just re-enter the email account info again on the new phone. This is a warranty replacement issue, and it's not worth risking something going wrong on the phone being sent back, or Verizon seeing some trace that I modded it. I'm sure they would have no problem blaming me for the original problem with the unit, then sticking me with the cost, which would likely be that so-called phony $600 retail price. :crying:
xv-6800 said:
Re: a reply e-mail sent from a different address set up on your GMail account:
I've tested this many times over the the years, as well as again last night. Regardless of whether the message is sent from GMail on the web or the GMail app on the phone, the result is the same, GMail ALWAYS inserts that "on behalf [email protected]". That's part of their marketing strategy, and there is no option to remove that. Period.
Click to expand...
Click to collapse
I use a "real email program", both Outlook 2003 and Windows Live Mail and neither of them show "on behalf of gmail". It only shows the send as email account that I choose. Something is either wrong with the way you set up gmail to use send as or the email program you are using is doing it. Its not a conspiracy by Google as you seem to be the only one having this issue.
I wasn't here to start an argument with you. Check the image in my attachment and tell me if you see a "on behalf of" in there cause I can't find it...
LOL I didn't say it was a conspiracy. And, I doubt I am the "only one" that has this problem. ;-)
Google obvious does it for market awareness, which is understandable. As a company, they SHOULD try to brand everything they can, just like companies do.
Anyway, I used to use Outlook 2003, and am now on 2007. I also checked my GMail settings (again). The only options you have in regards to send as are:
When replying to a message:
Reply from the same address the message was sent to
Always reply from default address
And, I have the first one checked.
I don't want to continuer to beat this dead horse, but out of curiosity, in your Outlook can you see the From field in the spearate section above the message itself?
Aha! I just discovered that on January, 2012, Google added a new option that supposedly addresses the aliasing "on behalf of". Of course, it's not where you would think it is. It was added to the spot where you setup the Send As address to begin with. I will check it out.
If you know how to set up a basic mail server, there's also a simple workaround for you:
1) set up an smtp server, perhaps just in a virtual machine on a home computer, and then create the necessary rules on your router so that you can access it from the web.
2) Configure this smtp server to accept all your various email login credentials and send email from all your various addresses.
3) create a line in your /system/etc/hosts file on your phone to redirect smtp.gmail.com to your IP address at home. Do not modify anything for imap.gmail.com.
4) profit?
This should essentially force anything on your phone that tries to send any email from smtp.gmail.com (mainly the gmail app) to reroute to your own smtp server, which is now configured to send emails from any of your addresses.
xv-6800 said:
Aha! I just discovered that on January, 2012, Google added a new option that supposedly addresses the aliasing "on behalf of". Of course, it's not where you would think it is. It was added to the spot where you setup the Send As address to begin with. I will check it out.
Click to expand...
Click to collapse
Now I feel like an ass, I used Windows Live Mail on my laptop to test this, sent emails from all my accounts and never saw anything except the send as address and I never saw the "on behalf of gmail". So for giggles I sent a test message to my work account on Outlook on my desktop and there it was plain as day. Now why does Outlook show it but Windows Live Mail doesn't?
I feel like an ass, too, so don't worry.
When I sent that last message, I went in and set the "no alias" thing, then sent a message, and am STILL waiting for that test reply message to arrive. I wonder if it ever will, now that I set it with the new option.
I should clarify that the new "anti-alias" thing also adds other options, like whether or not you want the reply sent via google's servers or through your own. Problem with sending via your own is that Google only offers certain sending ports, which are different than those which my companies use, and Google only allows you to choose from 3 ports. So, that's useless to me. I opted to use the Google servers, but now I'm not sure if that throws yet another kink into things, because I am STILL awaiting the test message arrival. It's been 30 minutes now. So much for using the new feature for time-sensitive communication, never mind of the message is sent at all! ;-)
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
starfcker69 said:
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
Click to expand...
Click to collapse
I have the IMEI # of the phone added to my account, also the model number (registered in Russian Federation). Could the IMEI be useful? I can PM if interested.
Imeis are quite useful to many people...Just don't pursue this on xda.
Sent from my Galaxy Nexus using xda premium
My account too was almost hacked.
I signed into youtube and a notice was shown that someone from ip in china tried to log into my google account and it denied them and i changed my password. No weird apps nothing.
The thing is probably the app you downloaded.
Just because it has 100 downloads doesn't mean its malware but you need to check permissions always.
Even big games like "Paper Toss" has been know to sell peoples info to companies.
When you read permissions. There should be a list of all the options the app requests.
Be Smart. If you download a calculator, It shouldn't have access to your personal identy, messages and the big key is internet access.
If you download a calender it may need access to contacts but it it also needs internet access, its probably is storing your contacts and sending them out to a site that then sells to a company and lastly, your grandparents receive phone calls asking if they want to buy a service and use your name as who referred them.
Also. rooting is a good option. With an app on here called pdroid or droidwall you can download those apps but it will alert yyou when the app wants to use a permission (like internet) and gives you the option to allow or deny.
good luck
I have one update. I think that after I changed my password and went to two step verification, the purchases of "free" apps and media stopped. It's been four days and nothing new added. So far so good. Thanks for the replies. BTW, Google of no help.
I'd still like to know how the Gmail account was compromised - I may never know.
similar thing just happened to me (Galaxy Note) appeared on my account from no where. When I contacted google if they can help or if they are interested in tracking him down, all they said was we cant help you. And change the pw. Obviously I know that I need to change the pw. I know Apple would have tracked it down somehow if it was an iphone. My pw has 22 characters number letter symbols yet it was hacked.
Since google is not helping me I installed Android Lost app on this NOTE and waiting to get a location update via email. I know it wont do anything much and I cant do anything against him or her since no paid apps were downloaded. Still I would like to do something to crooks like this. He only had 6 apps installed (facebook,viber candy rush) and terminal emulator (which worried me).
I really hope that Android close their unlimited backdoors in the OS.
So I finally upgrade my LG simple 1G phone to a VZW Galaxy S4, allowed it to update to MK2, setup my gmail account (not G+ though), take care of organizing it like I want, etc. Next thing I notice, that in my gmail I start getting dangerous looking spam ("update your Amazon credit card info", "update your ###### info", and the image had a link which would've sent me to a Yemen domain. Nothing happens without a reason, and the only thing that changed was I gave the phone my gmail logon. I did not directly give account info to any of the other vendors advertised on the bloatware on this phone. I should add that prior to this I was familiar with the spam I'd get in gmail (and gmail would flag it into spam folder) and it was consistent and never made it into my inbox.
This being my first android I'd appreciate comments on your experiences with this, and anything you can share on how to better safeguard my info. I hate google, or anybody for that matter, having so much access to my credentials which I normally and successfully hold fairly close. (Yes this is my first smartphone).
I am a Malwarebytes registered user on my desktop and laptop so I downloaded their app onto my phone, but something tells me what caused this spammer to source me was over-sharing of data on google's (android's?) part.
Thanks
MessyPotamia ("because in the land between the Tigris and Euphrates, things are a MESS")
Huntsville, Alabama
I think its pretty safe to say its coincidence. My family owns about 5 Android devices and I myself have three Android devices currently in active use , two gmail account, one for my personal devices and the other for family use and so far, we have yet to get any 'weird' spam issues except for the occasional spam that promises me that I'll get bigger manhood and such. Try playing with the app settings or try another email app. I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app
mha93 said:
I think its pretty safe to say its coincidence. <SNIP> I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Didn't mean that I think G directly sold it off, but something enabled a spammer to target me. Have been getting this same spam about 1x / day since I shared my 10 yr old gmail acct w/ VZW/I545/MK2. Something triggered it, I don't believe in coincidences (my prior CI work, sorry!), and the only thing that changed was my new setup.
Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app
mha93 said:
Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Two days later from my orig post. First, I have not downloaded any suspicious apps (only 2 banking apps, and they're pretty secure), one or two others from app store (but uninstalled them when I wasn't impressed). I set up my wife's yahoo email account as another account under email; one gmail account I use often as another email account; and my regular gmail account is the main phone account. My regular gmail account gets very little spam.
Now I notice my wife is getting evidence her contacts have been harvested, as folks in her contacts (some very old contacts) are replying "Did you send this? " or rejection messages from their .gov or .mil enterprise mail server. She has had registered malwarebytes on her laptop, as do I on mine. Tomorrow I will run CCleaner and HijackThis on both hers and mine. I must say the neither of us visit suspicious places or have any poor practices regarding opening emails or attachments, and our Secunia PSI scores are usually around 98.
This has to have something to do with my new Galaxy S4 and the fact that I gave it my gmail credentials, and her yahoo credentials.
This is not a coincidence.
After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones. So I guess your case is not unique. In all the cases, they managed to solve the problem by changing their gmail password. So what I'm thinking is that your phone is a 'manufacturer refurbished phone' or at least one that was returned to your carrier and repackaged again and that the previous owner left a malicious code or script in the phone. So short of returning to your carrier or to Samsung, I suggest that you change your password, factory reset your phone, update the firmware before logging in to your gmail account and see if it changes anything. The best bet is to return it to Samsung or your carrier on grounds that its a 'defective device' or at least claim that something is wrong with it. Chances are, they will reflash a fresh new firmware onto your phone and would in theory solve and delete any malicious code in your phone. Or they'll replace yours with a new phone. Yeah sounds troublesome but if you want to skip Samsung and reflash a new firmware yourself, head over to the S4 forums and see the method of flashing a new stock firmware. Sorry that your new smartphone causes so much problems. Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app
(Problem solved)
mha93 said:
After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones.<<SNIPPED for brevity>> Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
The source of the spam is most assuredly the YAHOO MAIL ANDROID APP (downloaded 3 days ago from App store and put on her android, not mine). After running (reg'd) malwarebytes, plus CCleaner and HijackThis (all showed nominal) I began to suspect it was on Yahoo's side, and sure enough there are plenty of recent articles about their vulnerability. Removed the app from her Moto Droid.
I particularly enjoyed reading this:
[I can't post outside links, google the search terms "even-yahoo-employees-dont-use-yahoo-mail"]
Meanwhile, everyone here I thank for participating in this thread.