Nexus 5X weird behavior (malware?), possibly caused by FB Messenger or Pixel Launcher - Android Q&A, Help & Troubleshooting

Some very weird things started happening on my phone earlier today. It's a Nexus 5X, running 8.0 Oreo, with the October security patch. I'm not rooted and I'm careful about what I install. The phone is fairly new, from this summer.
I will begin with describing what I did in the hours before this started. I can think of two things that possibly could have started it:
1) Two of my Facebook contacts sent malicious links to me an hour before. It looked like Youtube videos but was not. I did NOT open any of these links, knowing directly they were harmful (not sure if you can be affected by just receiving them, not clicking on them?). I received them in the Messenger Lite application (an official app from Facebook with scaled-down functionality).
2) A few hours before the Facebook links, I sideloaded an APK containing the new Pixel Launcher. I got the APK from Android Police/APK Mirror.
Can't attach links, but Google for: Hands-on with the updated Pixel Launcher, including the new Pixel 2 features [APK Download]
The APK was working fine and nothing seemed odd with it (I used the launcher for a few hours). As long as Android Police know what they uploaded, this shouldn't be the cause for my problems. I bet on Facebook Messenger instead. (People that click such malware links typically get their Facebook accounts hacked, however my account seems fine and my account didn't spam others with the same link. I did not change password or did anything else to "recover" my account yet).
So what happened after this on my phone?
Here is the first thing I noticed. I open Play Store to install updates. It turns out I have one update pending, it's called BankID. This is a major Swedish app used by nearly every smartphone user in the country, and it's for signing into government websites, bank websites, insurance company websites, and much more. When I click update in Play Store two things happen almost instantly:
1) Six pictures are downloaded from Messenger Lite to my phone. That makes no sense, how could clicking a button in Google Play trigger something to happen in Messenger Lite? In fact I tried it three times, with the same behavior every time. (Well, actually opening the Messenger Lite photo album, there are only photos there I already downloaded, so nothing new seems to be added there - but the photos were probably re-downloaded I believe).
2) The BankID update downloads to 100 % (the downloading takes a little longer than expected), then it halts and does nothing, i.e. it's not installing. No error message, it just stops there. I can choose to abort and try again, which I do three times or more, with exactly the same behavior.
Also, I now notice Play Protect hasn't run for two days, but when I try to run it, it seems to be down. After ~30 seconds of scanning it says "App verification temporarily down". "App verification temporarily down" could very well be connected with the halted update I just described? It still says it hasn't run for two days after this.
When I experiment, I notice other things that are very weird indeed.
1) Notifications in Gmail, Snapchat and possibly other apps aren't coming through. By opening the apps, I can sync manually.
2) When I move a file to a new folder using the Downloads app (Files app, stock one) I get a error message saying the move operation failed. This also triggered the photo notifications from Messenger Lite (same behavior as described above, with six photos). However, after a while the moved pictures are indeed in the right folder, even though the error message saying otherwise.
3) After some time I remove "app data" for the Google Play app. When I open it after that, there are now three app updates pending (e.g. Google Wifi also). But the same behavior occurs, when I try to download one or all of them, I get the Messenger photo notifications and the updates halt at 100 % without installing. So the BankID app - which could be targeted by attackers for obvious reasons - could just be a coincidence. It could have happened with any app I suppose, this was the only one pending right then. But still, why couldn't Play Store detect other pending app updates until I refreshed it the way I did? Was Play Store blocked from connecting to Google (or forced to connect to some other server, perhaps?).
What did I do after all of this?
I uninstalled three apps:
-Facebook Lite
-Facebook Messenger Lite
-Pixel Launcher APK
However the uninstall process was very odd. A process called "Package Installer" had a notification saying "Uninstalling Lite" and "Uninstalling Messenger Lite". It didn't seem to be working, it was stuck after some time. I restarted my phone and the apps seem to be gone now, at least they aren't listed in Settings --> Apps. So the uninstall process was successful I suppose, even though it didn't seem to work.
After I restarted my phone I also noticed:
-When I install Messenger Lite from Play Store now, it's easy to uninstall it the way it should be - in mere seconds.
-When I open Play Store, updates are now installing fine. Play Protect is also scanning fine now.
Everything looks back to normal now. But I'm not trusting my device. I'm gonna factory reset it. Before I do, I wonder:
-Can I feel safe the wipe would erase whatever malware I might have had on the phone?
-Is there something I could do to let us know what caused this? Upload a log here somehow?
The only piece of advice I have received as of now is: "Try restarting in safe mode, installing some AV software, and generally looking for suspicious processes." I haven't done that yet, would it still be a good thing to do? Must I install AV software before rebooting into safe mode, or could I install it directly from safe mode? (App suggestions, AV software?).
Usually I'm very careful and security-minded. I haven't had something like this happen before. So I'm very intrigued and mad about this. I'm gonna change my Google account and Facebook account passwords later on I think (I already have 2-factor authentication enabled).
One last thing: When I install Pixel Launcher on my non-rooted phone, it's not running as a system app if my understanding is correct. (At least it shouldn't be). But none the less, when I wanted to uninstall it I had to go into Settings --> Apps and tap "Show system apps" to find it in the list. Is that normal? Perhaps it doesn't mean anything, I just want to know.
Thanks for your advice in advance. Anything else to add? What should I do know? All you might have to say is appreciated.

Come on now guys, someone must be able to help?
If I factory reset the device, will it be clean? I didn't mess with custom ROMs, root, the bootloader or something else. (I suppose the bootloader is locked).

Related

Spyware, and how to figure out what installed it.

Ok, maybe I'm in the wrong place. But here goes.
My phone is trying to send text to paid numbers behind my back. I'm using prepaid so it doesn't work. I get a "You have insufficient funds to send this text" message daily, at random times.
I have no pirated apps. Everything on my phone came straight from the market. However, I've not installed a single one of the apps that was on the recent list all over tech sites.
I'm planning on reflashing with a different rom and changing all the passwords that were stored on my phone.
BUT.
Before I do this, I want to find out which app is causing this behavior. Any Ideas on how to find out what is sending random text from my phone (they don't show up in the messaging app)
viogrep said:
Ok, maybe I'm in the wrong place. But here goes.
My phone is trying to send text to paid numbers behind my back. I'm using prepaid so it doesn't work. I get a "You have insufficient funds to send this text" message daily, at random times.
I have no pirated apps. Everything on my phone came straight from the market. However, I've not installed a single one of the apps that was on the recent list all over tech sites.
I'm planning on reflashing with a different rom and changing all the passwords that were stored on my phone.
BUT.
Before I do this, I want to find out which app is causing this behavior. Any Ideas on how to find out what is sending random text from my phone (they don't show up in the messaging app)
Click to expand...
Click to collapse
Install a android antivirus and firewall like Lookout.
Sent from my GingerBread Eris using XDA App
lookout finds nothing. All the other AV software fails to install. "Unknown error -18"
i have plenty of free space.
viogrep,
I wrote a novel, but then thought I should just ask a few preliminary questions:
Q1) does the error message contain any useful "hints", such as the destination number ?
Q2) if you use a logcat - capturing app, does anything show up in the logcat right around the time the message is generated which might provide some further clues?
There's a lot of different techniques you can use, but they require a bit of effort - not only to perform, but to explain, too.
Q3) Are you willing to post up the output of the "ps" command to a pastebin?
Q4) What apps on your phone request "SEND_SMS" privileges? You can find out with
Code:
strings /data/system/packages.xml > /sdcard/strings-pkgs-xml.txt
and then poking through the "strings-pkgs-xml.txt" file. When you see (for instance)
name="android.permission.SEND_SMS"
the immediately prior package is what requested it. Either that or you can do something tricky like
Code:
strings /data/system/packages.xml | awk '/<package name/{pkg=$2;}; /_SMS/{print pkg, $2;}'
bftb0
1. No destination number in the error. Sorry.
2. Also, no clues in logcat from what I've seen.
3. PS > http://pastebin.com/iUAfP9Yb
4. Besides the default gapps, the only other app with SEND_SMS priv. is Koxx Pure Messenger. (Purchased from the market, Have had for awhile, the sms sending is new)
Going to try to call my provider and see if I can get the number that's been denied because of funds.
*edit* No luck with provider.
I'd really like to know whats doing it so I don't install the same app once I flash. Luckily I keep nothing important on my phone. Its gmail account is actually a duplicate with my original forwarding to it. I'm a tiny bit overprotective over my email(address). :x
viogrep said:
4. Besides the default gapps, the only other app with SEND_SMS priv. is Koxx Pure Messenger. (Purchased from the market, Have had for awhile, the sms sending is new)
Click to expand...
Click to collapse
I know that it isn't necessarily this simple, but if that really is the only other app besides the GAPPs with SMS priveledges, especially coupled with the knowledge that the SMS capability is new, I think you have your answer.
If you tried a new ROM and restored all but that one app, and the problem never happens again then you can be 95% sure. Only way to be 100% sure is that after a certain length of time without a problem (a week?) you reinstall Koxx and then if the problem starts happening again.
I looked through your "ps" listing.
Didn't see anything too obvious sticking out at me; there were a couple of non-market apps running though. I know that there is no theoretical reason why non-market apps would be malicious - on the other hand, I sort of wonder why they are not on the market... you know what I mean? What is stopping them? (In the case of Tubemate - which was actually kicked off of Google's market, my suspicions are even higher. I realize it was not kicked off because of malware; but still...)
These were the only processes that were either not on my phone, or I didn't really recognize.
Code:
com.dylan.tube = [Non-Market App] Tubemate
com.gau.golauncherex.notification = GO Launcher EX (READ SMS)
com.levelup.beautifulwidgets = Beautiful Widgets (LevelUp)?
com.revsodev.volumecontrol = [Non-Market App] Volume Control (Cyrket?)
com.swype.android.inputmethod = Swype?
com.tencent.research.drop = QQPlayer (no perms req'd?)
net.bajawa.battery = BattStatt (no perms req'd?)
org.sipdroid.sipua = Sipdroid VoIP + video
The Road Warrior has an idea which is sort of useful; but I'll modify it to use binary division.
Start with a freshly installed, clean ROM, and only install half of your apps. (I would put all of your most frequently used apps in the first half, and delay any non-market apps as long as possible). Here's how this goes:
- if the "half" you put on the phone is trouble-free (long enough to know the SMS popup thing is not going on), then, install half of the remaining apps, and wait again to see if there is a problem.
- if the "half" you put on the phone develops trouble, then you know that the problem app is in that group. Wipe the phone and re-install all prior "halves" (that caused no trouble), but split the current half (the group containing the suspect app) in half, and only install that. Proceed in this fashion until you are down to the app which causes the trouble.
If you have 128 apps on your phone, and you wait 1 day between installations, it will take 7 days to find the malicious app. (And if you don't get a failure within the first two days, your phone will have 3/4s of it's apps installed - that's not too bad).
The thing is though, even if you had an app compromise your phone, it might not be an "app" that is doing the dirty work any longer. For example, the most recently discovered malware ran rooting exploits against the device, and once successful, downloaded and installed "other stuff". That "other stuff" could be native binaries. So, examining permissions in the system manifest doesn't necessarily guarantee that you have exhaustively looked at your phone, or discovered all possible means of interacting with the SMS system.
It might be "just an app", though - and if it were me, the first ones that I would suspect are non-Market apps, or apps that *cough* got downloaded from "freeware" sites.
Thanks for the responses. I actually did a fresh flash last night. First thing I installed was tubemate (running through non market apps) and it did it. Ironically I added some money to my account to see if I could get the number it was trying to text. Apparently it still couldn't go through.
Sent from my FroShedYo V10-ERIS using XDA App
I had a game from a Chinese developer that stole my gmail. Log into yours from the website and see if you get a red warning.
Sent from my GSBv1.9 ERIS using XDA App
viogrep said:
Thanks for the responses. I actually did a fresh flash last night. First thing I installed was tubemate (running through non market apps) and it did it. Ironically I added some money to my account to see if I could get the number it was trying to text. Apparently it still couldn't go through.
Sent from my FroShedYo V10-ERIS using XDA App
Click to expand...
Click to collapse
I'm always amazed when something I suggested actually works. LOL. It's just that I'm used to things being more complicated than I hope.
Glad you figured out the trouble!
Thanks bt and RW for the help.
As far as the gmail thing... I use a different gmail address on my phone with email forwarded (different pass)...
If it gets taken I just stop the forwarding and make a new one. Makes things a more simple. Sure, they can see past emails, but they cant request passes/info from other sites... (I also monitor the login IPs in gmail, religiously. Just a habbit.)
viogrep said:
Thanks bt and RW for the help.
As far as the gmail thing... I use a different gmail address on my phone with email forwarded (different pass)...
If it gets taken I just stop the forwarding and make a new one. Makes things a more simple. Sure, they can see past emails, but they cant request passes/info from other sites... (I also monitor the login IPs in gmail, religiously. Just a habbit.)
Click to expand...
Click to collapse
You're welcome. You could just change your password from the web if your phone gets stolen.
Especially since it's the gmail address you use on your phone that everything is sync'd to, not the one that's forwarding to it. So if you got another Android phone you'd lose all your contact info and bought and installed apps info, calendar and such. Unless you sync them manually which is so much harder in my experience.
Or you could use one of the many free apps out there that would let you remotely do many things to your phone. Turn the GPS on, triangulate your phone, make your phone scream, do a factory reset to erase everything...
Just a suggestion.

[Q] update.appfansworld.com in Chrome browser

I am getting an annoying spam/popup whatever in my Chrome browser. It's very deceiving and I've tried restarting Chrome, the phone, clearing cache but it still pops up all the time. It's from "update.appfansworld.com" and gives me an initial message about memory being low or something. Attached is a screenshot. Anyone know how I can get rid of this?
If this is an app.
Go to settings > application manager
Find the system ui upgrade app and uninstall it.
Is it a popup? If so try an ad blocker. Or figure out what site's giving you this junk.
If your user agent string is reporting as android (in Chrome it is) they can tailor ads to look like "updates".
If you get the "memory slowed" message hit cancel or the back button.
Sent from my Verizon NC5 Galaxy S4 w/ GEL and Xposed
Fixed this problem on my phone by going into the App Info for the Chrome App and Deleting All Data. Just had to resign into Google, and it has not come back so far.
Update.... Went one week with no pop up. Got one again from app fans world. Com again last night. Not the UI one though. This one said my browser crashed, which it hadn't. Spent several hours trying to get it to repeat, but it never did, nor did it today. Just as a final check, I ran Malwarebytes, and found only one instance of malware on my phone, but not thinking it was actually malware. It was the root uninstaller file for Smart Ram Booster Pro. I uninstalled the app anyway as I don't really use it. Will give an update on this in a week or so. Looking online, this is becoming a widespread issue.
jakel1.jf said:
Update.... Went one week with no pop up. Got one again from app fans world. Com again last night. Not the UI one though. This one said my browser crashed, which it hadn't. Spent several hours trying to get it to repeat, but it never did, nor did it today. Just as a final check, I ran Malwarebytes, and found only one instance of malware on my phone, but not thinking it was actually malware. It was the root uninstaller file for Smart Ram Booster Pro. I uninstalled the app anyway as I don't really use it. Will give an update on this in a week or so. Looking online, this is becoming a widespread issue.
Click to expand...
Click to collapse
Yeah I tried deleting data in the chrome browser but that didn't prevent it from coming back. I'll look forward to a solution if you find one.
After clearing the data under app info it stopped for a week for me. It was popping up every other page almost before that. Now, it popped up again just once, and I did a couple weeks worth of browsing in a couple hours after it did, just to see if I could get the pop up again to inspect it better, but it just won't come up again. I don't know if it is gone, or will pop up again sometime later. Weird.
I have been following a guy on the Verizon forum dealing with this. He was going to run his phone in safe mode, and try activating one 3rd party app at a time, using Terminal to see if he could find an app that was causing this. That didn't work though as while in safe mode with no 3rd party apps activated, it still happened. He is now going to reset his phone, reinstalling apps one at a time to see if he can find an app causing it. This will take more than a week though, as he will take time to test chrome for awhile after each app is installed. One thing to note is that the app.fansworld.com site was only created 12.18.14. It could be any app you installed slightly before to any time after that date, or even any update installed then. I am almost thinking it is something to do with Chrome, as I don't install anything except from the Playstore, and only a thing or two that I can remember during that time frame. I am going to both uninstalled all chrome updates, and try a different browser, to see if it still happens. If it does, I am going to factory reset my phone, and see if I can fix it.
jakel1.jf said:
I have been following a guy on the Verizon forum dealing with this. He was going to run his phone in safe mode, and try activating one 3rd party app at a time, using Terminal to see if he could find an app that was causing this. That didn't work though as while in safe mode with no 3rd party apps activated, it still happened. He is now going to reset his phone, reinstalling apps one at a time to see if he can find an app causing it. This will take more than a week though, as he will take time to test chrome for awhile after each app is installed. One thing to note is that the app.fansworld.com site was only created 12.18.14. It could be any app you installed slightly before to any time after that date, or even any update installed then. I am almost thinking it is something to do with Chrome, as I don't install anything except from the Playstore, and only a thing or two that I can remember during that time frame. I am going to both uninstalled all chrome updates, and try a different browser, to see if it still happens. If it does, I am going to factory reset my phone, and see if I can fix it.
Click to expand...
Click to collapse
I assumed it was a chrome thing since that's where it always pops up for me. I guess I could try another browser...
I did click on the page (clicking cancel or update does the same thing) as I figured I will be reseting my phone anyway. No matter how many times I click on it, all it does is redirect me to the Dolphin Browser page on the playstore. This makes me really suspicious because the developers of Dolphin Browser wouldn't ruin their extremely good reputation by doing this. I think the redirect is a cover for something else. Maybe a keystroke logger, or something just as malicious. Rolling back Chrome didn't get rid of the page that pops up. No popping up with new browser so far, went with Maxthon, but it is early. Really starting to think a complete wipe and reset is necessary. After all, the pop up is only what we are seeing, what else might be going on we can't.
Quick question... Have you downloaded any (.flv or.m2v specifically) video files during the time frame? Read a recent article about hackers using them to exploit vulnerabilities. Right now it is suggested not to download those 2 file types at all.
Factory reset my phone, which was a small hassle, but it has fixed it, and the other small bugs and slow downs that appeared at the same time. Back up your files... Pics and such you want to keep, and reset. Your phone should automatically re-install all your apps, although you will have to redo some of your settings. After you save your files to wherever you want, I saved them to my pc, just go to settings.. Then back up and restore.... And select factory reset or reset phone, however it is listed. Your phone will then be like brand new, and you will only have to re-set up a few things as most things will reinstall by themselves with their previous settings. Like I said, a small hassle, but it fixes the problem, and you again know your phone and data is secure.
It started doing it again today. Reset didn't work. Talked to the guy on verizon forum, and he is going through all files to locate it's origin. Will just have to wait until he is done. FYI--It started happening in other browsers too.

Are you getting the terraclicks ad virus?

I think I have got a virus in my phone. Sometimes when I open any link in Chrome, a random popup opens which usually redirects to the play store somewhere. Once I opened 9gag.com and it opened 9gag's play store link. It even happened with android authority blogs that when I interact with the page i.e touch or scroll anywhere, a random ad link just pops up. Not only this but the original page is replaced by a facebook page whose URL contains something about a campaign i.e its ID etc. History shows a website terraclicks.com and google search on terraclicks shows that it's a PC virus.
Not only with Chrome, I even got the same popup while opening a link using facebook's own default internal browser.
I used Avast to scan for viruses including all files but it found no virus. The same thing is also happening in my brother's phone and we don't share anything between phones. There's a laptop in my home which also shows terraclicks in its history. So I think the virus is spread over all the devices, but I am still unsure as to how to remove it while mobile's antivirus detects nothing.
ad virus
Yes i have the same problem.Please help.
well I installed ccleaner and cleared three things:
All apps cache, chrome history and empty folders. It disappeared for some days but last night it came again to me. Now I have repeated the process again, let's see what happens now..
Usman i have factory restored my phone but it is still there. I dont know what to do now
khan khan said:
Usman i have factory restored my phone but it is still there. I dont know what to do now
Click to expand...
Click to collapse
which internet are you using? I am using PTCL
Do you also have this on another mobile or on computer?
no, there is only one mobile and it is only happening with it.
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
zelendel said:
It's most likely a simple ad that is displayed when they detect your device and want you to download their app I stead. Use an ad blocker and you will be fine.
Click to expand...
Click to collapse
It's also appearing on computers. And I can say it's not coming from the website's owner because I personally work on a website and one time clicking on its logo triggered the ad. That website would never put an onClick ad on its logo.
terraclicks ad virus
You should install a new window on your computer which will definitely remove these ads but what to do with this in the android. I have installed every antivirus , antimalware and have performed a reset too but no effect.
OMG, I was also infected with Terraclicks. All I can find is removal guides that have nothing to say about Android system.. Can I just reinstall by browser or reset my phone to factory settings? I would prefer the second option because I have lots of photos that are important to me on my device. thanks
It's almost a year since the original post on this thread, and still searches for info on this insidious malware, Terraclicks shows just non-android solutions and generic adware removal info.
Like several other posters I have tried dozens of AV and anti-malware apps but nothing works so far.
Has anyone found a solution??
Clear all apps cache, browser cookies (it will log you out of all websites in the browser), and browser history (only if needed).
Try the above steps one by one and give some time between them to see if the problem goes away without doing the other steps.
It probably comes from visiting cheap websites like those sharing apk files or songs etc. They don't give a damn about the users.
For me this was solved by making uTorrent pro inactive, the adds stopped.
Once I uninstalled it they never came back.
Assuming you have cleared your Chrome cache etc, I suspect you have an app which has been installed which is causing this. In my case it was an .APK which I had downloaded externally (because I couldn't get it from the Play Store). As it happened, this particular app made itself a device administrator (you can check by going into Security, Device Administrators) and it also had greyed out the ability to uninstall it. The app was also running as a background process which is how it keeps spawning those ads. Nothing picked it up as Malware (Malware Bytes, Trend, CCleaner). That was the giveaway to me, that something wasn't right with this app. This would also explain why a phone reset wouldn't remove it, because that typically reinstalls all your apps (except in your case) the app would have probably come from the Play Store. Since removing the app, I've had no problems and the dreaded problem has gone away. Now I am a lot more careful about which APKs I loaded. Good luck
I had this issue and it ended up being one of the apps I downloaded. Once in uninstalled the correct app the problem ended. If you do factory reset, then redownload all your apps, then the problem would come back because you redownloaded all the apps you originally had. This is especially true if you use an app that's not in googles playstore so what he is saying sounds almost exactly the same as what happen to me.
Thank you that fixed it. I downloaded showbox of a site. N it messed up my phone.

Remove System Apps

Hi Guys
I have a quick question - How do i remove system apps on the Tab S3.
Everytime i go to remove and app thru Tit Backup - It restores it after reboot.
Rooted with SuperSU - Id like to uninstall Knox etc but cant?
I had this on the S8 - Is this to do with the Kernel needing to be permissive? Any help would be welcome.
fkofilee said:
Hi Guys
I have a quick question - How do i remove system apps on the Tab S3.
Everytime i go to remove and app thru Tit Backup - It restores it after reboot.
Rooted with SuperSU - Id like to uninstall Knox etc but cant?
I had this on the S8 - Is this to do with the Kernel needing to be permissive? Any help would be welcome.
Click to expand...
Click to collapse
I think you have no R/W access to the system. Did you flash the no-verity-opt-encrypt patch when rooting? Download root essentials from the play store. There you have the option to mount system R/W. After enabling that removing the system apps should work.
Verstuurd vanaf mijn SM-T825 met Tapatalk
Thanks... Completely slipped my mind about the RW access
I'll give it a go
Nope didnt work - Trying to delete anything of the system partition doesnt go anywhere
Solution I found for my Galaxy S7 was to use /system/app mover available from F-Droid.Org
Move apps first to be User apps, reboot and you can uninstall them.
Judging by the number of Thanks on this thread, I can see that problems with apps have been an issue with rooted Tab S3s for quite some time.
The problems I am having are actually the reverse, however; whenever I delete system apps my device becomes all but soft-bricked (Android strips me of many user privileges).
Makes me sick for a device I paid $500 for and own.
Now this is for a recent root "professionally" performed just the other day by OneClickRoot using Magisk.
Having said that, I would suggest that anyone having difficulty removing apps really doesn't want to experience the consequences of what happens when you do.
So far OneClickRoot has been MIA as far as providing assistance for an improperly performed root that voided my warranty and which I cannot use.
But what they do not know (yet) is that I screen recorded the sessions while they had remote access to my PC and were rooting my device. I haven't yet investigated whether there are newer files they could have used, but I do know that I was prompted to update Magisk on my device almost immediately afterward.
It does seem clear that Android came out with some kind of a patch that thwarted the plan. And it was seriously harrowing.
Anyway, with the guidance of the screen recordings I was able to do some experimenting with app removal and unroot/reroot at my leisure.
It didn't take much in the way of app removal to throw the system into a state of angst like I've never seen (I rooted my Galaxy S3 phone a long time ago on my own and it went peacefully and without incident). I never once touched [removed] a single core system file on this S3 tablet (of course, that may be understating it; apps like Chrome could be considered to contain core system files - after all, it is an Android). I also did not remove Google Play Services or Google Play because I kinda had a hunch.
Incidentally, I used ES File Explorer to remove the apps. A decent reputation with Google. Downloaded with Yalp Store. (After removing the apps, some time later I went back to the root section of ES and got a notification that said "Sorry. That feature is not available on this device.")
At the moment I am back in re-rooted state and experimenting with an app disabler/freezer. So far so good. It's interesting to see what I haven't been able to disable - Chrome being one of them. The others (Music, Movies, Maps, Hangouts, OneDrive, etc. were disabled without incident). I'm wondering if this experiment is demonstrating which apps I can safely remove with the root.
Oh, I disabled Google Text-to-Speech and once in a while I get a feeble notification alerting me that it has stopped which is fine by me. I'm sick of them stalking me all over the Internet let alone logging my every keystroke.
Anyway, that's my story and the current forecast where uprooting is concerned.
I looked at oneClickRoot. It wants access to all your accounts. Why does it need that? That scares me. I also don't see how it would root your device without tripping Knox. Maybe it doesn't, I don't know.
Sent from my [device_name] using XDA-Developers Legacy app
jd1639 said:
I looked at oneClickRoot. It wants access to all your accounts. Why does it need that? That scares me. I also don't see how it would root your device without tripping Knox. Maybe it doesn't, I don't know.
Click to expand...
Click to collapse
JD, sometimes roots trip Knox and sometimes they don't. They didn't advise me of that either way.
I'm not sure why they want access to all your accounts. Maybe it's just because a root requires total access to your device.
There's nothing you don't see while they are performing the root so I don't think it's much to be concerned about.
Picking up where I left off with my original post, I soon discovered Terminal Debloater developed by Magisk (a means of removing apps systemless-ly!).
OneClickRoot didn't advise me of that method (and still hasn't gotten back with me, incidentally). Of course, they do make money selling extended support packages (and it's worth noting that they didn't flash TWRP to my device either).
I thought if Terminal Debloater didn't do it nothing would. And it didn't work, even though I didn't uninstall Google, Google Play Services or Google Play.
I mean, it got rid of the apps just like ES File Explorer did, but my device once again became nearly unusable (unable to open Google Play Store or Amazon Appstore among other features of my device). But systemless-ly? Not so sure about that.
Resetting the device remedied the problem(s) and reinstalled everything without requiring a re-root (minus 3rd party apps that I already had installed, of course). I had forgotten about the previous backup that I had performed with Titanium Backup but it was like 4am and I was getting foggy, you know - there have been a lot of late nights lately. My device was still rooted after the reset and I was able to reinstall Magisk Manager with an .apk (Google Play Store banished it). Maybe that's what they meant by systemless uninstall - the relative ease of reinstall.
So I think that after all of this experimentation it is fair to say that unless you have goals other than uninstalling meaningless stuff like that withTV app it isn't going to work out. And for an app freezer/disabler to work properly you need a root. And an app/freezer disabler won't disable them all. I still have a lot of Google apps it won't disable like Gmail, Chrome, Photos, Movies & TV and Google Play Music (although I realize most people aren't interested in disabling Google apps). I could probably safely remove YouTube, Maps and Drive (I was only able to partially able freeze the former but I was able to fully freeze the latter). There are others I could probably uninstall too - OneDrive, other Microsoft apps, Weather, etc. - it would just seem pointless though since they are already frozen. So maybe freezing is a good enough reason to root for those who only want minimal removal of apps and still want Google where the sun doesn't shine.
Anything that can be frozen can probably be safely removed with the root but I haven't experimented with that. It might require a 4th reset and/or reroot. But you will never have total freedom to do what you want.
As far as OneClickRoot, it is fortunate that I paid with PayPal because I am going to file a claim based on many factors. They asked me why I was rooting my device and I told them I was going to remove apps. They didn't advise me on that either way. They didn't tell me that the root would trip Knox. It says on their Galaxy Tab S3 page, "After the rooting process is completed and done, you may start installing carrier-blocked applications" "you may positively eliminate preinstalled crapware" and "Remember that after rooting, you are the administrator of your own phone so have the freedom to do anything you want with your phone." If they made the mistake of referring to a phone on their tablet page then that's their bad. I do not yet qualify to post links on this forum, but you can find the page by using DuckDuckGo to search "Galaxy S3 Tab OneClickRoot" and it's the first search result).
I paid them $60 total to root my device; the first time I thought I removed too many apps and that it was my fault so I paid them an additional $20 to re-root it. Turns out it really wasn't my fault at all because with the 2nd root I uninstalled even fewer apps than the first time (and like I said before, never any core system apps or even any major android apps like Google Play Services). I figured out how to unroot it on my own (with firmware files from SamMobile and flashed with Odin) and then screen recorded the 2nd root.
At the end of the day I'm not sure it's really worth it to root just to remove a few apps and void your warranty if you're still covered (I have only owned my device for just over a week).
But then, not everyone has the same objectives I do. I am completely crazy serious when it comes to my privacy. One might ask why I even purchased this device and it's because it affords customizations that Apple doesn't (or so I thought). But I can still run Linux. And, of course, I have no intent of setting up a Samsung account or a real Google account. I bought a cheap sim card from TracFone to use with my old S3 phone to set up a fake Google account (because of course you have to have a phone to register a Google account). My TracFone account is under a fake name, my phone number has a Chicago area code (I live across the country), my Google account will be under a fake name and I use a paid VPN on my device(s) using a Chicago IP address. They deserve it.
All just so I can get a few paid - but important - apps. If it weren't for that, Google account be damned. I sold my black little soul to Amazon a long time ago but their selections are limited.
---------- Post added at 09:31 PM ---------- Previous post was at 08:48 PM ----------
Oh, and for those who aren't rooted and simply want to uninstall system apps for more space, you can force 3rd party apps to SD by enabling that feature in Developer Options.
Go to Settings > About tablet > Model number > Software information
Click on Build number 7 times. That will activate Developer Options which you will then find at the bottom of the column on the left side.
Click on Developer Options and scroll way down to Force Allow Apps on External.
Then scroll up to Running Services and observe what's going on behind the scenes. Especially if you have denied (and even frozen) location permissions, deactivated bluetooth, limited background processes to "none" and deactivated automatic updates. They will grab at ANYTHING - your bluetooth, phone, etc. You can stop the processes but they still keep coming back. It's fun to give them an occasional punt anyway.
I did manage to finally disable blutooth but that *had* to be frozen. Disabling in settings wasn't good enough. Google Location Service cannot be stopped ever.
I should set up the fake Google account on my S3 phone with the Chicago IP address and then play Ingress in my real neighborhood just to taunt them.
Blue team!!!!
You do know there is a root method by ashyx in the development section, right. Also, I'd just freeze apps with tibu. That way if your system starts to freeze you can just unfreeze them.
Sent from my [device_name] using XDA-Developers Legacy app
jd1639 said:
You do know there is a root method by ashyx in the development section, right. Also, I'd just freeze apps with tibu. That way if your system starts to freeze you can just unfreeze them.
Click to expand...
Click to collapse
Hi JD.
No, I didn't know about ashyx. Thanks for that though. I might end up looking into it. I'm wondering if a root is just a root, though? There are a couple of apps that have given me errors that said "Your SU binary is functional but might not work reliably on some Android 4.3+ ROMs. If you encounter any issues in TB, please try SuperSU instead." I got that error from Titanium Backup today and I think also from Malwarebytes the other day.
So I'm wondering if uninstalling Magisk and installing SuperSU instead might make a difference.
I reallly have no clue. I'm going to try it though. As a last resort I will probably try re-rooting. Have you used ashyx? If so, were you able to remove apps without a hassle?
Also, is that your Porsche? Nice . . . . . if you're in Minnesota, bet you can't wait until June lol.
I'm from the Midwest orignally - I guess it was kind of a rough winter, no? I know last winter was.
You'll get the same message with supersu as magisk in TB. It's not an issue. And, yes, I use @ashyx method for root. It's worked for all firmwares so far, but I'm almost sure it won't (twrp) if Samsung ever gives us Oreo. But I have confidence in ashyx that he'll modify it so it will, he's the man!
jd1639 said:
You'll get the same message with supersu as magisk in TB. It's not an issue. And, yes, I use @ashyx method for root. It's worked for all firmwares so far, but I'm almost sure it won't (twrp) if Samsung ever gives us Oreo. But I have confidence in ashyx that he'll modify it so it will, he's the man!
Click to expand...
Click to collapse
Hi JD. Long time no see. Or so it seems.
My head has actually been far removed from the Tab this past week. I actually had my S7 rooted just a couple of days before the Tab and so I have been juggling both devices. I think I'm about to pop a blood vessel. I honestly would have rooted them myself but there was just too much scattered information and since I was dealing with two devices I had OCR do it.
But anyway, I haven't been much invested in the Tab over the past several days. I broke a few too many green antennae again and bricked my S7 for the third time. Whenever I have fresh firmware flashed to my device I get those uninstall apps and become possessed. At least I can reinstall the firmware and re-root on my own now.
Things sure have changed since the S3 (phone) and the Galaxy Tab Pro (which was introduced before app permissions became an option). I never did root that device. I guess that's about 4 years old now.
I do believe my S7 was rooted with the ashyx method. I saw a file or something somewhere. It is easier to remove system files on that device but more complicated as there are so many more of them being a phone and all.
As far as Oreo . . . . .ugh. Something about the potential for crush injuries doesn't seem really appealing. I can imagine the "system" is only going to become more oppressive and Google more invasive. Right now I'm still trying to figure out wtf Nougat is.
Besides, Nougat will be a good OS for a long, long time. The OS on my S3 phone [Lollipop?] is still adequate. And developers are still trying to perfect apps for rooted Nougat OS's. A lot of stuff is still buggy.
I'm not *quite* as fanatical about privacy on my S7 since my phone number was tied to my Google account long before I decided to stop being lazy about privacy issues. But once I get the paid apps I need I immediately freeze Google Play Services and Google Play Store. And before I use the store I remove my SD card before they can rape my app settings and data. And, of course, I pay for a Google Play gift card with cash. It's extremely difficult going to these extremes but I am still new at it on my devices so it will just take time to adjust. I went through the same grief with my PCs but it's all good now. My banks and creditors no longer hassle me when I use private browsing and a VPN when I log in. Google will never give in though. Ever. And that really is something scary.
I actually did acquire Windows 10 Enterprise for both of my PCs after many fruitless and failed attempts at tweaking my registry. Now I have full access to Group Policy Editor and live in relative privacy [and peace] where Microsoft is concerned. Wish android had a Group Policy Editor.
Anyway, as far as where I left off with app uninstalls on my Tab, I had only just flashed the stock firmware on that before I bricked my S7 so there are still what I call "secondary" Google apps like Maps, Gmail, Movies & TV, etc. Those are frozen, however. It still might be a couple of days before I get to uninstalling those but I will update. I have no life. I need to come up for air lol. It is important to me to post about this experience; I guess I feel somewhat like an activist in a sense. Google just runs roughshod over everything and everyone like they OWN, you know? And they don't. They don't own me, or you, or our devices. And so this is for people - not "advertising IDs" - who feel similarly and don't want Google invading their devices and private information.
Umm . . . . I know there are a lot of individuals who want to root their Tab S3s and I may at some point post instructions on how to do that using Magisk (it really is simple) but right now I just feel that it would be unethical to do so until I can figure out which apps are truly safe to remove without bricking. And, of course, I can post instructions on how to flash the stock firmware as well.
Thanks for the info about the messages, btw. Still trying to figure out how to disable those. There has to be an .obb tweak somewhere for that. As I recall, the primary reason I rooted my S3 (phone) to begin with was to disable the shutter sound on my camera! And that required an .obb tweak. For the life of me I can't remember what app I used to accomplish that.
---------- Post added at 05:36 AM ---------- Previous post was at 05:16 AM ----------
When I get a message telling me that something I don't want has stopped working, it would at least be nice to see a bow on top of that bubble with some streamers and balloons in the background.
:laugh:
The Battle Of Jorte.
The night before last I was making some tweaks to my S7. I had just finished up purchasing some apps I needed from the Play Store and had refrozen that app and Google Play Services. Some time before I had previously installed a day-planning type app called Jorte.
All of a sudden I started getting notifications in my notification area that said "Jorte will not run unless you enable Google Play Services." I tolerated this for a while and then finally thought, "Ok, well, I'll just uninstall Jorte and that will put an end to that." (I didn't really want Jorte anymore - I had installed it along with a couple of other day-planning apps I was making comparisons with and had decided on a different one - one that wasn't "dependent" on Google Play Services.)
So I uninstalled Jorte and realized that there was another app that I forgot to purchase. When I went back into Application Manager to reactivate Google Play Services and Google Play Store they were gone! Well! I wasn't sure if that was a good or a bad thing. I opened my App disabler app and sure enough - they were still installed on my phone, just hidden. How trite! How petty! I was furious.
I decided at that point that I had all the paid apps I needed.
One would THINK that an ETHICAL company without nefarious intentions would take the position that if an individual isn't using their services that they would be more than HAPPY that they be disabled especially if they are "FREE". After all, why waste resources?? To whose benefit is it to leave Google Play Services running in the background when it isn't needed?
I did something then that hadn't yet dawned on me. I have an app disabler that allows one to disable all of the services associated with that app (specifically Google Play Services). Uninstalling "GPS" bricked my device before so that wasn't an option. So I went offline and disabled my mobile data (also something I hadn't done before) and went into the app disabler (which I will not name [yet]) and started disabling everything with the word "sync", "collection", forwarding", "uploading", "geolocation", "account", "transfer", "advertiser", "notification", "analytics", "indexing", "listener", "secret", "logger", "metadata", "reporter", "credentials", "metrics", "watcher", "sharing", "monitor", "phenotype?!", "detection", "stats", "supervision", "VACUUM". . . .amongst several others. (Are you guys getting alarmed yet?.) Out of 276 services I disabled 105. I had to disable them one by one because the app would stop each and every time.
I also disabled 4 out of 6 services belonging to Google Services Framework (which were all that the app disabler were able to freeze).
All of these actions effectively disabled Google from running on my device as observed from Running Services in Developer Options (that, of course, combined with disabling/uninstalling Samsung apps and associated services). Staying offline and disabling mobile data prevented my actions during this process from being reported (and interfered with).
So far over the past couple of days all has been quiet. No more '"________ will not run without Google Play Services" or "________ has stopped" notifications, no more Google running in the background and helping itself to my data like a smorgasbord.
I attempted to apply these same settings to my Tab S3 and it didn't fly. I had to disable ALL of the subservices associated with Google Play Services and I also uninstalled Google Services Framework entirely.
That debacle is for a different post.
I want to add that most any app can be uninstalled on the Tab S3 once the disabling of Samsung, Google Play Services and Google Play is achieved. Prior to this, for whatever reason I had a great deal of difficulty uninstalling Chrome and Google Play Music. If you think really, really hard in advance about all of the paid apps that you want that are critical to your root and whatever other paid apps you want, you can install them and ditch Google Play Services. They got their money and earned what they deserved. There is no reason to keep Google services continuously running in the background. You can get top notch apps that don't depend on them. I have My Backup Pro, Servicely, SD Maid, an APK extractor, a couple of really good disablers/uninstallers, ES File Explorer, Root Explorer, etc. Really consider your privacy - your data is important. Would you let a stranger rifle through drawers at your house? Even if Google has been collecting your data for years, all hope is not lost. You have many years ahead of you. Most of the data they have collected becomes obsolete over time and they don't need to keep collecting it. There are many, many apps that are not dependent on Google Play Services. There's an app called F-Droid that has an .apk installation file that can be directly downloaded from the Internet and which offers LOTS of great apps. They have an app called Yalp Store that shows you which apps Google Play Store offers that don't depend on Google Play Services and you can filter those results. You can even download and install them manually. The developers of F-Droid are privacy-conscious and all of the apps that they offer are geared with that in mind.
I paid a lot of money for my devices - what, $1300 overall? The manufacturers are not entitled to more than that, especially if I have paid for additional apps. I do have a dummy YouTube account - I consider it free cloud storage for my videos in exchange for the the data they have stolen from me over the years (I've got some cool videos, too - I'd link to my channel but it would blow my cover).
To achieve all of this you will need to start fresh - uninstall your apps, remove your SD card, clean your device really well, wipe your device and close your Samsung account. You don't need a Samsung account to run your device. You can decline both Samsung and Google services at setup but all of those choices are meaningless because they take what they want anyway.
There may be a few sacrifices that may be a dealbreaker to some such as Facebook, but there are a few apps that work around that limitation such as Tinfoil for Facebook. You may also be able to log into Facebook using a privacy web browser. I have Firefox on my devices using a VPN, Privacy Browsing and multiple privacy plugins and it works just fine for every website I have visited (I can't speak for Facebook, though, because I don't use it (not for privacy reasons, though - I have unresolved mixed feelings about it). It should be fine to use with a web browser although some websites do badger you to use their app. You can try it though before uninstalling the Facebook app and see how it goes. Granted it won't be as convenient but you can bookmark it and still have access. Twitter is dependent on Google Play. As I was writing this paragraph I just found a highly rated app called Metal for Facebook & Twitter which isn't dependent on Google and which allows you to access both of them. No ads, gets you notifications from Facebook, supports Orbot/Tor, etc. Sounds excellent.
So there's some stuff to consider.
Between both of my devices I had become really mentally/emotionally stressed and exhausted and had a short but intense cry yesterday. I would have benefited from a longer one.
Last night I woke up to discover that Google had added another hundred or so services to the Google Play Services app on my S7 which brought the number up to 300+. (As an aside, the same thing happened on my Tab S3 several days ago.) I'm not sure if I had wi-fi or mobile data turned on when it happened or both - I had been turning them both on and off intermittently throughout the day. All I can think is that Verizon must have been sharing data. It happened on the S3 for a different reason and I caught that while it was happening.
I thought that I was using Verizon simply for a signal. I don't use their cloud and I don't sync any data to their servers in any other manner. Come to discover there were a couple of settings I overlooked.
Google and Verizon are in bed together - I did discover that much. I really did want to maintain a location with Verizon so I could at least locate my device if I were ever to lose it; they charge enough and I can be incredibly absentminded at times, like using the calculator on my phone while shopping, lying it down on a shelf when picking something up and walking away. But when I went to Verizon's website to see if they offered such a service I was redirected straight to Google. They're kidding, right?
Google is so unbelievably insidious. You really don't know until you try to escape.
I'm a quiet, introverted person - all I want is my privacy, my freakin' Kindle app and a few simple others. And I WOULD get a Kindle, but even the best one only records video in 720p! But no - 4k or no 4k, I'm not about to curl up in a hollow log with a Kindle.
The S3 has been turned off for the past couple of days; both devices present challenges of their own. The S7 is worse I think with Verizon in the mix. My S7 has turned out to be the guinea pig it seems.
I know how to re-root the S7 if I brick it again but I'll spare myself the hassle. I paid One Click Root for the 6-month extended support package and I'll make them work for it. They pretty much dissed me on the S3 so they deserve it.
Right now the S7 is stable (and functional) again - I was up for hours last night after my ghastly, half-conscious discovery disabling another hundred Google Play subservices. Right now I'm backing up to My Backup Pro's cloud and after that I think I'm going to go offline and uninstall The Framework and Google Play Services. Surely Google can't coerce Verizon to cut off data services to a loyal customer.
A few updates and and an apology. . . .but not in that order. Ummm. . . .I realize that this whole Google privacy thing is a touchy subject and I'm really sorry for having brought it up here (kind of, you know?). I mean, in the sense that this is a really helpful place for what it is and I do understand something about getting knocked back in Google search rankings. I'd really hate to see something like that happen.
So this will be my last post on this topic.
This whole endeavor has really been a nightmare - a real war and I have lost tons of sleep. I'm amazed that I haven't hard-bricked my devices. One day I re-rooted my S3 three times. Yesterday I re-rooted my S7 twice. There is no compromising with Google. None. I thought that I could whittle it down to just not using any of their apps, you know? What other business do they have running data collection or location services on my device? I don't have a connected Samsung or Google account, I declined app usage data, location services and diagnostic usage at setup. I disabled all of those plus everything else that could be disabled in settings and everything possible in permissions. Yet settings keep being switched back on which is the whole reason I rooted my devices. THEN after I root, I install these 3rd party freezing apps and watch Google behind the scenes with their 380 hidden services going to town collecting all sorts of data - Bluetooth, radios, geofencing, storage. . . .it's absolutely unreal. They hide and disable apps I paid to 3rd parties on independent websites. . . .I just don't even know where to begin. I started getting screenshots of all of this and they started deleting and disabling those.
Anyway, I don't know how much longer I have now to return my S3 to Amazon but it might be going back in a pine box. It's defective. I mean, seriously. The permissions keep turning themselves off. Inherently defective perhaps, but defective nonetheless. I've had the S7 since November so I don't know what Verizon can do for me but I think California has some laws.
Anyway, I'm in the midst of preparing some killer videos on rooting and flashing stock firmware to both the Tab S3 and S7 and I will come back and post YouTube links to those when they're done. They will no doubt be immediately removed unless Google finds them lucrative enough to keep, and if they are removed I will PAY Vimeo to host (and protect) them.
Oh - heh - before I forget: YES, you CAN remove every single Google app from your S3 EXCEPT for Chrome. It's part of the infrastructure, man. You will brick your device every time you try to remove it. But remember this - and this is CRUCIAL - install an app freezer (better yet, two), then turn off wi-fi making sure to disable auto-reconnect because everything you do is transmitted and they will brick you. You don't want to clue them into anything. Then use your best judgement to freeze and disable every possible permission before you start Also reboot after every app uninstall (or two). It takes a lonnnng time depending on how many you remove but trust me on this. If you intend to maintain a Google account you should be all good.
I acually use TITANIUM BACKUP
for freezing , u freezing & uninstalling system application's:good:
JackieBlue said:
A few updates and and an apology. . . .but not in that order. Ummm. . . .I realize that this whole Google privacy thing is a touchy subject and I'm really sorry for having brought it up here (kind of, you know?). I mean, in the sense that this is a really helpful place for what it is and I do understand something about getting knocked back in Google search rankings. I'd really hate to see something like that happen.
So this will be my last post on this topic.
This whole endeavor has really been a nightmare - a real war and I have lost tons of sleep. I'm amazed that I haven't hard-bricked my devices. One day I re-rooted my S3 three times. Yesterday I re-rooted my S7 twice. There is no compromising with Google. None. I thought that I could whittle it down to just not using any of their apps, you know? What other business do they have running data collection or location services on my device? I don't have a connected Samsung or Google account, I declined app usage data, location services and diagnostic usage at setup. I disabled all of those plus everything else that could be disabled in settings and everything possible in permissions. Yet settings keep being switched back on which is the whole reason I rooted my devices. THEN after I root, I install these 3rd party freezing apps and watch Google behind the scenes with their 380 hidden services going to town collecting all sorts of data - Bluetooth, radios, geofencing, storage. . . .it's absolutely unreal. They hide and disable apps I paid to 3rd parties on independent websites. . . .I just don't even know where to begin. I started getting screenshots of all of this and they started deleting and disabling those.
Anyway, I don't know how much longer I have now to return my S3 to Amazon but it might be going back in a pine box. It's defective. I mean, seriously. The permissions keep turning themselves off. Inherently defective perhaps, but defective nonetheless. I've had the S7 since November so I don't know what Verizon can do for me but I think California has some laws.
Anyway, I'm in the midst of preparing some killer videos on rooting and flashing stock firmware to both the Tab S3 and S7 and I will come back and post YouTube links to those when they're done. They will no doubt be immediately removed unless Google finds them lucrative enough to keep, and if they are removed I will PAY Vimeo to host (and protect) them.
Oh - heh - before I forget: YES, you CAN remove every single Google app from your S3 EXCEPT for Chrome. It's part of the infrastructure, man. You will brick your device every time you try to remove it. But remember this - and this is CRUCIAL - install an app freezer (better yet, two), then turn off wi-fi making sure to disable auto-reconnect because everything you do is transmitted and they will brick you. You don't want to clue them into anything. Then use your best judgement to freeze and disable every possible permission before you start Also reboot after every app uninstall (or two). It takes a lonnnng time depending on how many you remove but trust me on this. If you intend to maintain a Google account you should be all good.
Click to expand...
Click to collapse
Watch out the Russians are coming too.

Browser opening ad website after updating apps

Sometimes when an app finishes updating my browser (Via Browser) opens and loads a page that is advertising apps. First it was Appsquare, now it's some other website I forgot to remember. I have NO idea what the cause is and I didn't install any strange apps to my knowledge. I never installed any APK that I downloaded outside the Play Store and both Malwarebytes Antimalware and Eset found nothing. This doesn't always happen when I update an app so there's no set pattern. Smetimes it doesn't happen after updating one or more apps and sometimes it does and that is why I can't really figure out which app is causing it, if it is an app at all because there are no ads displaying in either app I use because I paid to get rid of it. Yes, I did some research and it seems to be an issue mainly affecting Samsung users and one site in particular did some research and found out it was a shady ad network behind it: Clickity. My symptoms do match but I have an LG device, not a Samsung device and I use a different browser. I have used a few of Cheetah Mobile's apps in the past but I'm sure I deleted all traces of it on my phone, at least the things I could find. And I haven't used a single app from those devs anymore since I did a factory reset on my phone and updated to Android 8 so there shouldn't be a trace left. I need help fixing this because I have no idea where to look.
EDIT: It turned out to be my clock widget app "Digital Clock Widget Xperia" made by Lazar Dimitrov that was causing those ads to pop up, despite paying to remove ads.

Categories

Resources