Better Mobile App

Gmail Account Hijacked - including Google Play Store

Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.

starfcker69 said:
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
Click to expand...
Click to collapse
I have the IMEI # of the phone added to my account, also the model number (registered in Russian Federation). Could the IMEI be useful? I can PM if interested.

Imeis are quite useful to many people...Just don't pursue this on xda.
Sent from my Galaxy Nexus using xda premium

My account too was almost hacked.
I signed into youtube and a notice was shown that someone from ip in china tried to log into my google account and it denied them and i changed my password. No weird apps nothing.
The thing is probably the app you downloaded.
Just because it has 100 downloads doesn't mean its malware but you need to check permissions always.
Even big games like "Paper Toss" has been know to sell peoples info to companies.
When you read permissions. There should be a list of all the options the app requests.
Be Smart. If you download a calculator, It shouldn't have access to your personal identy, messages and the big key is internet access.
If you download a calender it may need access to contacts but it it also needs internet access, its probably is storing your contacts and sending them out to a site that then sells to a company and lastly, your grandparents receive phone calls asking if they want to buy a service and use your name as who referred them.
Also. rooting is a good option. With an app on here called pdroid or droidwall you can download those apps but it will alert yyou when the app wants to use a permission (like internet) and gives you the option to allow or deny.
good luck

I have one update. I think that after I changed my password and went to two step verification, the purchases of "free" apps and media stopped. It's been four days and nothing new added. So far so good. Thanks for the replies. BTW, Google of no help.
I'd still like to know how the Gmail account was compromised - I may never know.

similar thing just happened to me (Galaxy Note) appeared on my account from no where. When I contacted google if they can help or if they are interested in tracking him down, all they said was we cant help you. And change the pw. Obviously I know that I need to change the pw. I know Apple would have tracked it down somehow if it was an iphone. My pw has 22 characters number letter symbols yet it was hacked.
Since google is not helping me I installed Android Lost app on this NOTE and waiting to get a location update via email. I know it wont do anything much and I cant do anything against him or her since no paid apps were downloaded. Still I would like to do something to crooks like this. He only had 6 apps installed (facebook,viber candy rush) and terminal emulator (which worried me).
I really hope that Android close their unlimited backdoors in the OS.

Which app for manage client?

Hi,
a friend of mine bought a few days ago a Samsung Galaxy Tab 7" to manage his clients (he's a doctor).
He started to build his contact library (he doesn't have an android phone and no gmail contacts) adding name, surname, eventually mail and phone number and in the "Note" field he wrote all the note he'd taken. BUT this field has a characters' limit, and he can't add even a letter anymore (for the most visited client of course).
I tried to search for an app for this purpose but I can't find anything. I don't even search ONLY an app, it can be enough another method using the in-build feature of the tablet and android.
I searched for some CRM app, but most of them are ugly (since it's not a power user the more simple and clean is the better) and not optimized for a tablet. I found Insightly, but it's only online, and if he does'nt have a wifi network around he can't, not only record the new data, but also access to the old ones! They MUST be always available.
I thought about a simple folder + text file in G Drive, but these are only online too. Dropbox, too.
If it can interact with the G Mail contacts (the Note field is very useful at this) it would be wonderful, otherwise he'll build up his library with his contacts.
How can I do to have these data always on the tablet (cloud sync is not absolutely necessary)??? Any idea for an app or an alternative method?
Thanks!

nobody??

He bought a tablet to use for work, without any idea on how he would use it for work or if it would even do what he wanted? If he throws money around like that, why not recommend him to get an app written for his company and it's needs. There are many app developers who design and write custom apps for clients.

[Q] Excessive Permissions?

I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?

Ergates said:
I'm after the advice of someone who knows about Android permissions and security.
I'd like to make use of this app - https://play.google.com/store/apps/details?id=com.faradayinstitute&hl=en
That requires these permissions:
This app has access to these permissions:
Your messages
receive text messages (SMS)
Network communication
full network access
view network connections
view Wi-Fi connections
Phone calls
read phone status and identity
Storage
modify or delete the contents of your USB storage
Microphone
record audio
Your social information
read your contacts
modify your contacts
read call log
write call log
Your accounts
find accounts on the device
System tools
send sticky broadcast
test access to protected storage
Affects battery
control vibration
prevent device from sleeping
Your applications information
run at startup
Audio settings
change your audio settings
But isn't that list of permissions completely OTT? I expressed my concerns to them and received the following reply:
I am writing to update you with regards to your enquiry about the Faraday App. I have been in touch with our developers and they have informed me that although this is a long list it is quite common with Android. They are currently working to see if they can reduce the list, however, there is nothing to worry about since you know the origin of there App, The Faraday Institute, and therefore can easily determine whether you wish to allow access (if it is a source you trust/is reputable etc..). The reason they need access to some parts is simply to add their details to your phone, (access your phone book for example is only to add The Faraday to your contacts).
I hope this answers your query for now. I will update you when I receive more information from the developers. Please feel free to contact me if you require further assistance.
I'm no expert but it doesn't really seem satisfactory - or am I worrying necessarily?
Click to expand...
Click to collapse
what kind of app is it? (currently unable to access playstore)

mjz2cool said:
what kind of app is it? (currently unable to access playstore)
Click to expand...
Click to collapse
Just a "news" app. Here's the description:
The official application of The Faraday Institute for Science and Religion at St Edmund's College, Cambridge. Access news, leading stories of the day, educational resources, and much more, from the institute that is leading research in the understanding of the relation between science and religion.

Bump

Ergates said:
Bump
Click to expand...
Click to collapse
And once more for luck!

Ergates said:
And once more for luck!
Click to expand...
Click to collapse
Any views?

Best messenger with secret/privacy features

Hi guys,
I'm searching for some messenger with strong privacy and "secret" features. Better explained, I've found Telegram as a good alternative to Whatsapp with its encryption features, but it lacks one thing that I really need: I'd like to keep some chat very private: it will be very useful if the conversation had some kind of PIN-password-pattern unlocking features.
This is possible for sms (Handcent, for example), but I haven't found it in any Messenger service.
Do you know any?

Bump. I'm looking for one too. I looked into evolveSms but I think its a bit over priced for the features. I'm currently using handcent but I don't really like the UI.

I have a data plan with limited sms, so I am interested in messenger/chat service like Whatsapp, Telegram, Kakao Talk and so on, but they all don't offer the 'private chat' option.

Surespot

You could just lock Telegram with another app? There are tons on the Play Store.
https://play.google.com/store/apps/details?id=com.domobile.applock

Zenety said:
You could just lock Telegram with another app? There are tons on the Play Store.
https://play.google.com/store/apps/details?id=com.domobile.applock
Click to expand...
Click to collapse
Yes, I know, but this is the last option. I'd like to find a solution within the messenger app.

Threema has an Option for PIN Protection.
If activated you have to enter your PIN Code before you can see the messages.
The Problem with Threema is the same with most other messengers ... it´s not open source.

Go Sms Pro
Try GO SMS PRO the best messaging app on playstore it has lots of themes a good ui and the most important one privacy !!! you can protect your messages with pin or pattern lock !!! you can search on play store. I think you have to pay for some features but you can try it !!!
Sorry for my bad english ....!

androidrocks23 said:
Try GO SMS PRO the best messaging app on playstore it has lots of themes a good ui and the most important one privacy !!! you can protect your messages with pin or pattern lock !!! you can search on play store. I think you have to pay for some features but you can try it !!!
Sorry for my bad english ....!
Click to expand...
Click to collapse
Once again, I'm not interested in sms app, I need some messenger app working through data network. Maybe with the same features of go sms pro.

As shiva-afk stated, Threema has the protection option you want. It provides end-to-end encryption and protects your send/received messages/media:
First, you can protect your conversations if you set a passphrase for your encryption key. So, if you end the Threema process or reboot your phone, you have to enter this passphrase first before you can access any chat log or received pictures since they are stored encrypted (unless you exported them from the app into common store like the sd card).
Second, you can set a PIN to the app itself. So, even if you have unlocked the key with your passphrase, the app locks itself after being idle for some time and asks for a pin. You can define the time before it locks itself in several steps (30s, 1m, 2m, 5m, 10m, 20m).
However, it is not free (costs ~1,60€) and its not open source. The devs (from Switzerland) claim to use the common NaCl-library for crypto, but you must trust their sayings.
https://threema.ch

Go sms pro
powersimon said:
Once again, I'm not interested in sms app, I need some messenger app working through data network. Maybe with the same features of go sms pro.
Click to expand...
Click to collapse
as i know it include the log in feature so you can send msgs or chat with your friends online through your data network, who have GO SMS PRO !!!

[Q] Privacy question

Was going to download and try this app from the Google store but have issues with privacy concerns:
This app has access to these permissions:
Your accounts
read Google service configuration
find accounts on the device
use accounts on the device
Your location
approximate location (network-based)
precise location (GPS and network-based)
Your messages
read your text messages (SMS or MMS)
receive text messages (SMS)
access mail information
Network communication
full network access
view network connections
view Wi-Fi connections
Your personal information
read calendar events plus confidential information
Phone calls
directly call phone numbers
read phone status and identity
Storage
modify or delete the contents of your USB storage
Your applications information
retrieve running apps
Your social information
read your contacts
read call log
System tools
read Home settings and shortcuts
write Home settings and shortcuts
test access to protected storage
Affects battery
control vibration
Status bar
expand/collapse status bar
Wallpaper
set wallpaper
adjust your wallpaper size
Click to expand...
Click to collapse
Why does this app need to access so much of my personal information?

Yearoftherat said:
Was going to download and try this app from the Google store but have issues with privacy concerns:
Why does this app need to access so much of my personal information?
Click to expand...
Click to collapse
Hi,
As you know, Themer helps increase the user experience by providing valuable information straight onto your homescreen.
This includes:
1. Displaying how many unread emails/SMS/missed calls you have. (Your messages
read your text messages (SMS or MMS)
receive text messages (SMS)
access mail information))
2. Displaying your map coordinates on a map image. (Your location
approximate location (network-based)
precise location (GPS and network-based))
3. A built-in dialer app that can display your recent contact as well as allow you to call a number directly from your homescreen. (Phone calls
directly call phone numbers
read phone status and identity) (Your social information
read your contacts
read call log)
4. Display agenda information. (Your personal information
read calendar events plus confidential information)
As you can see, it's all for display purposes. If you look at other widgets on the Play Store that perform the same activities, they will also require these permissions. It just so happens that Themer has all of these features built into one app. Hope this helps clarify the matter.

Thanks for the clarification. Looking forward to trying out the app!

I have the same concerns, beginning with the need to login before using any themes. (The explanation given in the faq seems too lame for me). Looks like a terrific app but possibly not for those who worry about privacy. I'm personally too scared to try it.
One option to explore is using this app with xprivacy installed which allows one to restrict unneeded permissions. Maybe a firewall might help?

Anderson2 said:
I have the same concerns, beginning with the need to login before using any themes. (The explanation given in the faq seems too lame for me). Looks like a terrific app but possibly not for those who worry about privacy. I'm personally too scared to try it.
One option to explore is using this app with xprivacy installed which allows one to restrict unneeded permissions. Maybe a firewall might help?
Click to expand...
Click to collapse
Hi Anderson2,
That FAQ actually sums it up quite well. The login feature creates a security barrier for us, which even though is not the most advanced way of preventing intrusions into our theming servers, it does a good job in finding people who are trying to tamper with our systems. That and of course sending users email updates of new features if they request it.

When exactly do you need login? Just to download themes? After the download can one log out? I don't like the idea that you have access to my emails, texts, and any files your widgets access. That is what concerns me.
I don't know enough about themer because I'm afraid to use it, but I believe your zooper widget doesn't require login. (Does it?) Can you explain how they differ in the need for protection?

I have to say that I share those concerns. Why do you force users to login with their Google or Facebook accounts? I do not understand why this should be a better securitry barrier than the login data from mycolorscreen.com? I would not even give away my login data to someone I know, so why should I give away this data to someone I do not know at all???

Well said.
+1

shibadoo said:
I have to say that I share those concerns. Why do you force users to login with their Google or Facebook accounts? I do not understand why this should be a better securitry barrier than the login data from mycolorscreen.com? I would not even give away my login data to someone I know, so why should I give away this data to someone I do not know at all???
Click to expand...
Click to collapse
Yet you log in to this forum and use it.
The explanations have been given. It's to ensure you are who you say you are when you access their servers to download the themes.
As for all the other access, Themer provides a lot of different information as explained (you DID read what he posted, correct?) GPS position, weather, etc. All of this is based on location, etc, as well as if you want unread email counts, etc. It's all there in Themer given you everything all rolled into one app, rather than having to download each piece separately. If you don't like it, don't use it. Thousands upon thousands of users are using it without any issues. I definitely like to protect my privacy, but this app is the least of your worries about privacy.
There are many other problems that could result if they didn't want you to verify who you say you are. Do you want someone to hack their servers and then you download a hacked theme that could result in even more privacy issues for you?
In the end, if you don't want to use it, don't. Nobody is forcing you to use it and they have every right to protect their investments as well. There are plenty of other apps out there you can use that can provide the same type of experience. Usually, the themes are not housed in a server so you can download them from elsewhere, but unless you're getting them from Google Play, then who is to say how safe those are? Many 3rd-party app stores are NOT the safest as they do not follow Google's security policy. At least with Themer, it's in the Google Play market and has had to go through Google's scrutiny.
A few weeks ago, the app was erroneously flagged as something that could steal your information. Google came back later and stated it was an error on their part and verified that the app is safe and it will not steal your information.
I've used it for months and nothing bad has happened to me.
There are many other ways for hackers to get your PI and this is the least of your worries.

vulcanvillalta said:
As an American, and therefore afraid of everything, I personally vote to not give out so much information. But on the other hand, IF someone wanted to get all of your information, they could probably do it without your consent. I would probably stay away from it, though. Just to "try" to be safe.
Click to expand...
Click to collapse
Once Facebook introduces its anonymous login feature, our developers will implement the feature into Themer

iBolski said:
Yet you log in to this forum and use it.
Click to expand...
Click to collapse
Yes, I do use this forum, but of course I do not log in with my Google account. There would be no reason to do so - same goes for Themer. I would have no problem if Themer would ask for my login data from mycolorscreen.
iBolski said:
The explanations have been given. It's to ensure you are who you say you are when you access their servers to download the themes.
Click to expand...
Click to collapse
You think you know who I am because I enter some data that nobody ever controls? I could simply enter some Google account data I created only for Themer. But honestly, this is too much effort for me only the check if I like an app.
iBolski said:
As for all the other access, Themer provides a lot of different information as explained (you DID read what he posted, correct?) GPS position, weather, etc. All of this is based on location, etc, as well as if you want unread email counts, etc. It's all there in Themer given you everything all rolled into one app, rather than having to download each piece separately. If you don't like it, don't use it. Thousands upon thousands of users are using it without any issues. I definitely like to protect my privacy, but this app is the least of your worries about privacy.
Click to expand...
Click to collapse
What exactly has GPS and weather to do with my Google Account data? I do not share GPS data with Google, so I would not with Themer as well. And for a weather forecast I would simply type in 5 numbers - my zip code. This is exactly what I do right now.
iBolski said:
There are many other problems that could result if they didn't want you to verify who you say you are. Do you want someone to hack their servers and then you download a hacked theme that could result in even more privacy issues for you?
Click to expand...
Click to collapse
And because the people at Themer have may account data, nobody can hack their servers? So the solution to all hacked servers worldwide is so simple? Just giving them Google account data?
iBolski said:
In the end, if you don't want to use it, don't. Nobody is forcing you to use it and they have every right to protect their investments as well. There are plenty of other apps out there you can use that can provide the same type of experience. Usually, the themes are not housed in a server so you can download them from elsewhere, but unless you're getting them from Google Play, then who is to say how safe those are? Many 3rd-party app stores are NOT the safest as they do not follow Google's security policy. At least with Themer, it's in the Google Play market and has had to go through Google's scrutiny.
Click to expand...
Click to collapse
Yes, I do not use it. This is the consequence.
iBolski said:
There are many other ways for hackers to get your PI and this is the least of your worries.
Click to expand...
Click to collapse
So what should be my worries if it is not giving away voluntarily my Google account data to someone I do not know???
And you forgot something: I know at least 5 people that use their Android phones without a Google account, and they also do not use Facebook. Believe it or not: these people do really exist, and they even survive without a Google and a Facebook account.
So for me there is no credible information why the people at themer need my Google account data, and why this should protect them from being hacked. Or why my Google Account data should be safer than my mycolorscreen account data. This is why I will not use themer and would not recommend it to others.

shibadoo said:
Yes, I do use this forum, but of course I do not log in with my Google account. There would be no reason to do so - same goes for Themer. I would have no problem if Themer would ask for my login data from mycolorscreen.
You think you know who I am because I enter some data that nobody ever controls? I could simply enter some Google account data I created only for Themer. But honestly, this is too much effort for me only the check if I like an app.
What exactly has GPS and weather to do with my Google Account data? I do not share GPS data with Google, so I would not with Themer as well. And for a weather forecast I would simply type in 5 numbers - my zip code. This is exactly what I do right now.
And because the people at Themer have may account data, nobody can hack their servers? So the solution to all hacked servers worldwide is so simple? Just giving them Google account data?
Yes, I do not use it. This is the consequence.
So what should be my worries if it is not giving away voluntarily my Google account data to someone I do not know???
And you forgot something: I know at least 5 people that use their Android phones without a Google account, and they also do not use Facebook. Believe it or not: these people do really exist, and they even survive without a Google and a Facebook account.
So for me there is no credible information why the people at themer need my Google account data, and why this should protect them from being hacked. Or why my Google Account data should be safer than my mycolorscreen account data. This is why I will not use themer and would not recommend it to others.
Click to expand...
Click to collapse
You describe me exactly. I don't use my Google account to login anywhere, don't use Facebook, have phone GPS and location turned off, only enter zip code for weather, turn off sync everywhere, use a firewall, xprivacy, etc. - - and Google only thinks it has my info.
Everyone I know who is not a teenager or addicted to Facebook does the same.

vulcanvillalta said:
If you use fake names etc and are vague about your location, no, google doesnt have your name. But what about your IP address. They can tell that your pseudonym is performing functions from the specific location you are in. You might not GIVE them your name or address, but with the IP address linking you to a specific internet connection, they certainly can figure out who you are and where you are, if they want to.
Click to expand...
Click to collapse
Which is why I don't want to help other sites identify me by giving them my Google login. Not everyone has Google capabilities.

The points made in defense of keeping your personal information private (and not using your Google login for Themer) are valid and understood.
However, Themer is not designed for that type of mindset.
Themer is designed for the overall market - the vast majority if you will - not for privacy advocates.
It's simply a tool that allows the general Android user base (the FB'ers, Google +'ers, i.e. Socialites) to easily login to an app designed to make their phones look cool. Most of the functionality of the Themes are far more invasive than your Google login anyway (GPS coordinates, access to text/email notifications, call logs, etc) so I really don't see the point of wildly waving your arms around saying "privacy breach! privacy breach!"
Don't use it. Cool. I'm OK with that. I'm sure they are too. But why complain about it? What is the goal? Surely you cannot think they will redesign the app for you.
So really, you're just posting on XDA to aggravate the devs. I mean, what launcher doesn't have access to all of your info? It's like complaining that a specific model of car has a license plate that can be used to identify you. Guess what? All cars do. Take the bus bro

Anderson2 said:
Which is why I don't want to help other sites identify me by giving them my Google login. Not everyone has Google capabilities.
Click to expand...
Click to collapse
But your phone can still identify you. You are still logged into the internet via your carrier's internet and they can definitely get who you are on the phone.
You might as well just stay off the internet completely then.
And, if you're going to stay off the internet, then why have a smart phone? You're already identified out there through your carrier. If they breach your carrier account, they have all sorts of information right then and there, more so than Google would have. Think about it. Your billing address, etc.
Don't think for a minute that your carrier is completely safe. Even Verizon has had breaches.

vulcanvillalta said:
Like I said above, IF PEOPLE WANT YOUR INFORMATION, THEY CAN GET IT. There are nasty identity thieves out there that can find all of your information SOOOO easily. So easily. So whether or not you use an app or make a phonecall or whatever, you can still be traced and you can still be monitored and your information can still be acquired. I'm not trying to be a downer, but you can either accept that you are at the mercy of whoever wants to stalk you, or you can spend the rest of your life worrying and trying to protect yourself from something you literally have no control of.
IMHO, if you can use the app and it would benefit you, you might as well enjoy it.
Click to expand...
Click to collapse
Not sure why you quoted me bro, I'm on the same page you are.

IT need to display some information about your phone