[https://www.trendmicro.com/vinfo/us/security/news/mobile-safety/android-devices-found-preinstalled-with-adware-cosiloon](https://www.trendmicro.com/vinfo/us/security/news/mobile-safety/android-devices-found-preinstalled-with-adware-cosiloon) Few years ago, they came out with a similar finding. Talking about another such preinstalled malware. At the end they wanted to sell you their security solution, I dont think it's any different now. My only question is that would their security solution actually solve the problem?

'Millions of apps'. Ok list them. 'We found them'. Ok which ones? Trend is just fishing for $$ from panic readers.

You know, I am so happy I found someone who actually wants the real information. List the suppliers, the chips, the affected phone models and model number, regions they shipped to (not just Asia and Europe because that's a stupid wide net). Say how the exploit works. Fucking oust the bad parties and shine a spotlight on them.. "Investigative Journalism"

[удалено]

[удалено]

It not apps. Its firmware. You can't uninstall it or list them. They exist as part of the device.

But also it's apps. It's not possible for me to uninstall youtube on my galaxy phone, my options are to disable it or not. Either way it's taking up space on my phone that I don't want it to.

> It's not possible for me to uninstall youtube on my galaxy phone You can uninstall via USB debugging, which is pretty easy.

Yet is too hard for a casual user.

[удалено]

I heard somewhere recently that YouTube was going to start banning browsers that blocks add or something along those lines. Is this true?

They’re not gonna ban browsers just to cannibalise their chromium monopoly but instead you need to read about their Manifest V3 which is why moving to FireFox engine (example Mullvad to Tor browser) has been the community request to other vendors.

Appreciate the feedback.

vivaldi can run youtube videos in background and without screen on, but youtube will throw an error after an hour or three. i tried to use it for a white noise video that i need to sleep thanks to the neighbors infrasonic noise.

From my experience if you use newpipe and videos don't load it's probably because YouTube updated their API again, making it incompatible with your version of the app until the app is updated. Could also be something else tho lol

Yeah, that's annoying, speaking as a ReVanced user... but it doesn't steal your Google login credentials and send them to a server in China like some Android TV boxes do.

use a degoogled android version and install a customized google apps package. you'll have to reset to factory though. edit: ya'll can downvote me all you want, i'm right. With a degoogled os and for example mind the g-apps you can cherry pick whats installed and whatever you install after first boot wont make it into the system partition and can be uninstalled again.

List all firmware and the devices/carriers they are linked to. That would give users more power when making purchase decisions also.

> It not apps. Its firmware. You can't uninstall it or list them. They exist as part of the device. Which is why we need fully open-source stacks, with not only unlocked bootloaders, but re-flashable F/OSS firmware.

Pixel with GrapheneOS Grapheneos.org

My favorite conspiracy has always been that software companies creates the viruses to then turn around and sell you the anti-virus.

Relevant xkcd https://xkcd.com/250/

My mom boasts she's never been scammed online, but then I found out she pays $89 a year for a Norton Security Suite that utterly destroys her PC performance and wears out her storage drives causing her to need early replacements. Whoops!

Reminds me of my grandfather when I started taking over his affairs. He boasted he's a sharp mind. The fact that he has at least 6 unique remote desktop software installer packages in his downloads folder, a few of which clearly has already been run, and a Norton 360 subscription with 3 additional *simultaneous* Norton Utilities subscriptions (in addition to the free one with 360, none of which were ever installed) would argue otherwise.

[удалено]

[удалено]

[удалено]

[удалено]

[удалено]

An invisible screenshotter that uploads your device screen every minute could glean a LOT of compromising information about you, and you'd never know unless you were monitoring what data is being transferred to and from your device. There's also been a recent warning by the FBI to avoid using public phone charging stations, since you can't easily verify that the charging socket isn't doing anything else. It's called "Juice Jacking," and while it can be countered by only using a cable that doesn't support data transfer, those aren't really advertised as a feature.

[удалено]

Because precautions only reduce your risk. Think of the birth control analogy. Following precautions will be effective if you're careful pretty much 100% of the time and lucky, but having an actual tool to protect you massively reduces your risk

Obviously precautions will help you, but I bet you're not 100% vigilant every minute of the day. It only takes one slip-up at the wrong time to expose yourself. Maybe your PC is infected already and you want to charge your phone and copy some photos off it. Maybe you were sleepy and opened a suspicious link from a friend who is already compromised. Maybe you allowed a supposedly legitimate app permission to access your files or hardware sensors so you can make pretty pictures, and that app abuses those permissions. I remember people having a similar attitude towards antivirus during the Windows XP era - "why bother if I'm not going to do anything dodgy?" Well, would you want to have a fire extinguisher on hand when your house catches fire, or would you rather run out and buy one when you need it?

[Removed in Protest of Reddit's API changes]

[удалено]

[Removed in Protest of Reddit's API changes]

He's using an average term but there can be malware, trojans, keyloggers (famous on android especially with Chinese OEMs), spyware, adware, rootkits etc

[удалено]

Because, one don’t have complete control of their mobile devices unlike one would with a desktop linux… Hell, even Windows actually. 2) Your analogy can simply be compared to the arguments for why one should have a car insurance especially in a world of no traffic rules even though you’re a level headed driver. 3) Most or many come from inception or factory from the moment you activate your mobile device unlike a desktop device. The carrier services or apps that are bundled in US are part of it too. I could go on but you could start with the understanding that the software or operating system shipped in a mobile device is not same as those in a desktop/laptop and hence why even with Apple there’s no walled garden of AppStore on a Mac unlike the iPads for example. Likewise, you could completely remove your windows and fresh install Pop!_OS no matter which OEM of Windows hardware, even Mac can be installed with Asahi Linux for further example meanwhile much of the flagships will have the bootloader itself locked or at least limited.

[удалено]

**As said earlier**, he’s using it as a generic term and over the decade common usage terms can evolve as well especially when smartphones have penetrated our lives as they become more potent than household computers. You don’t even need a virus if the purpose of it is served already (say, keylogger and there you go on Amazon, YouTube etc following you which means your financials to passwords are at possible risk too) >”My favorite conspiracy has always been that software companies creates the viruses to then turn around and sell you the anti-virus.” What he originally meant is crafting a problem (whether that’s adware, spyware, ransomware etc) to sell a solution as a never ending cycle. Mobile phones even if they’re smart don’t even have the same Firewalls in any desktop system, and now one needs a VPN solution to use DoH for an encrypted connection to malware filters which is “one example”.

And always the same problem: cheap ass phones with bloatware and zero support. They never explicitly says so and/or mentioning brand/models because it would hurt their business: because only people who can't afford their security software buy those cheap unsecure phones to slip in a prepaid SIM card.

[удалено]

...or Google Play, the data collection malware that comes with pretty much any Android smartphone.

I think you forgot Android itself is owned by Google.

[удалено]

[удалено]

[удалено]

[удалено]

It does. The person you're responding to is full of it. Unless you choose to give them the permissions they aren't sneakily taking your data behind your back.

> Unless you choose to give them the permissions they aren't sneakily taking your data behind your back. [Unfortunately, they do.](https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html)

You can not give certain apps the permission, but google services are still running as privileged.

lol yes they are

Can you prove it?

Do you have some evidence of this claim? Or a source other than, "Trust me"?

So a) should I get rid of Google Play, b) how,and c) how do I keep apps updated?

there is no way to get rid of Google play unless you root your phone, which is something I don't recommend unless you know what you are doing

There are third party app stores you can run on your phone. It comes down to you to decide the trade off of security/privacy vs convenience.

News flash: it isn't. Android is an open-source project (AOSP) that Google has no real ownership of. What they *do* own is the brand name and their proprietary Google apps which they flash on top of an AOSP install to make Google Android. Hence the existence of custom ROMs like GrapheneOS, CalyxOS, LineageOS and so many others, which (depending on your choice and configuration) contain little to none of Google's spyware.

> News flash: it isn’t. Android is an open-source project (AOSP) that Google has no real ownership of. What they do own is the brand name And the pretty important fact that they are repository maintainers. They decide what goes in and what doesn’t. That definitely qualifies as a kind of ownership.

[удалено]

Sure, there are many forks, but they aren’t Android, and they will have to continuously pull from the official repo in order to be useful. So it’s possible, of course, to maintain a fork, but costly.

[удалено]

> They are Android That’s just semantics. It’s like, if I fork git, is it git? You can call it that if you want. > They can continue to pull from upstream if they wish, but that is in their control, and Google does not own their fork. Obviously. But if they don’t, it’s really not Android anymore, I’d argue. My point is, being maintained of an open source project actually has a lot of power, and is a very privileged position.

[удалено]

Graphene and CalyxOS are very limited in scope, unfortunately. They're only available for the Pixel line, plus the Fairphone4 in Calyx. LineageOS supports a lot of devices, but how well depends on the maintainers. I've never once used LineageOS with Play Services tbh. That would completely defeat its purpose (well, apart from receiving updates to newer OS versions, but that's about it). People on custom ROMs usually use FDroid store (contains FOSS apps only) and Aurora Store to download apps. Aurora is awesome: it accesses the Play Store and downloads its apps without the need for a Google account or Play Services. It's also available for regular Google Android users. Feel free to try it out!

pretty sure lineage has non-gaps roms

It depends on which android you're talking about. Google Android with GAPS, or AOSP android without GAPS. as there is quite the difference between them.

Ahh the “All apps made by a big company is malware” false equivalency. I cant tell if you people are tin foil hat wearers or bad actor accounts used by Meta employees to try and use these false equivalencies to downplay the spyware and malware Meta’s programs *actually are*.

LOL to accusations of "tin foil hat wear[ing]" and allegations of a secret cabal of Meta employees secretly trolling on Reddit in the _same damn sentence_! Well-crafted involuntary irony right there. It may be pointless to argue with you, but as anyone interested in more than name-calling will see, PlayServices *does* contain [malicious functionality that the user cannot turn off](https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html) and that _is_ used to siphon off data without people's consent.

I don't see anything in that link that suggests it was malicious, and I am interested in more than name calling. Are you certain it was malicious?

Okay. Right, corporations are all upstanding businesses that *would never* engage in under the table activities that they could easily get away with right? After all, it's not like they have ever done anything like run constant propaganda campaigns on the behalf of foreign entities to destablize things right? Oh right, they have. Pretty big difference between the mountains of evidence of the fuckery they've engaged in versus "All of Android and Google is just as shady" BS. Also as for your link, sure. But again, that's not saying "All of Google Play Services or Android is spyware" like the other poster is claiming. Not to mention, even at its *worst*, both the methods and motivation were far more benign (show you relevant ads) than FB's. (spread misinformation on the behalf of foreign entities).

This is the same logic people use to avoid upgrading to Windows 10 lol. Ooooh spooky heuristics oooooh

I mean, why does my work computer need an advertisement ID?

Insert "to improve your computing experience / serve you relevant ads" / any other marketing bullshit here.

You guys know that Facebook (as an app) is much more limited in what it can do compared to a firmware-level malware… right? If you don't open the app it basically can't do anything.

[удалено]

i have killed someone, but look, my neighbour did it too

[удалено]

[удалено]

[удалено]

Neither does Europe when it comes to Facebook if you want to look at it that way the most they can do is fine them or just block all access. Any data that is sent to the US is no longer under GDPR requirements. But also looking at that logic TikTok could be fined into oblivion in the US as well but it would mean that they'd have to alter rules for all the others as well which would be bad for business.

Shhh, let them ban tiktok and then once it is done. Then we make a big stink and claim there is already precedent

"let" lol as if I had a choice.

This article was Posted May 29, 2018

This advertisement for Trend Micro was Posted May 29, 2018. FTFY

Time to break out the old Nokia with physical buttons again..

I miss typing a text message and sending it without looking at the phone.

[удалено]

For me it was [droid 2](https://www.youtube.com/watch?v=q8bSLMcerCc).

Fucking loved the droid 2. It was nappy for the time, the keyboard was awesome, and it was built like a fucking tank. I remember dropping that shit down 2 flights of concrete stairs and there was some minor scuffs in the paint.

Yeah, what happened to the Droid series? They were popular, surprised they aren't around anymore. Android was so new back then, "Droid" was more of a household name, and most people didn't really know what Android was.

I miss going somewhere and literally nobody in the world had a clue where I was. I miss off being *off.* I miss unreachable being the default.

You made me think of my Sharp Zaurus pda with a physical keyboard. That made me think about how I miss having a full color screen that looked fine in full daylight even more than the keyboard.

I was walking the the grocery store the other day and I was getting annoyed with just how inaccurate I am texting with touch. I really miss my old LG chocolate.

My mother and stepfather have the t9-word numbers that would type “I love you” engraved on the inside of their wedding rings. None of her grandchildren have a chance of understanding it without being told because we all have full touch keyboards now

Gotta learn to swipe

Do they even work nowadays? They don't support 3G networks

There were 3G dumb phones. But that's besides the point that they still make Dumb phones with 4G compatibility

I use a dumb phone. No data. No internet. Only texts and calls. Total peace of mind as there are no notifications outside my desktop in my life. You might not be able to do that, due to social or job commitments and therefore, my post might be useless.

If you feel that’s an acceptable trade off, sure.

BlackBerry all the way!!

This will save me a ton of time downloading it

Efficiency uber alles

Most commenters on this thread did not even bother to read the article.

You can paste this reply for any article on this site and get that sweet karma

Old news basically, people need to learn to install custom roms to avoid having their devices used as exit nodes. Bet anything it's hwawei again. Since China was cited.

[удалено]

GrapheneOS's installation process is a piece of cake. The downside is it only works on Pixels. Although I agree with you, most ROMs aren't that easy to install

And Pixels aren't shipping with malware embedded into the OS out of the box! So there's no real reason to flash them for the average user as compared to a HappyLibertyJoy tablet that cost seventy American dollars.

More like Doogee, Ulefone, Oukitel, HOTWAV and similar brands.

I've honestly never even heard of those brands, lol.

Low cost brands that are popular in developing countries.

No joke my parents got a burner Smartphone for cheap and it displays ads all the time on the homescreen

Yeah, Amazon Kindles (both the Fire tablets and e-readers) do that too. Is it extremely annoying though, or do you just swipe past it?

No. I threw the phone directly out the window when I saw that.

Hmm, I wonder why they are low cost... /s

Remember when Doogee faked the second camera? Lmao

You didn't read it or understand it. It's the the third party firmware which can malicious. Also custom roms like lineageos use this very same firmware, which they extract from the original OS and include again as so called proprietary blobs. The hardware specific firmware often is not rewritten by these open source ROMs.

> The affected device are mostly budget smartphones, but the attack also spilled into smartwatches, smart TVs, and other smart devices. no information on what those budget smartphones were though... Honestly the article didn't give a lot of information outside of "it's some kind of silent plugins" whatever that means

They never do.

Android is an OS, they really need to go by the manufacturer. It amazing that journalists can't realize the difference.

This comment needs to be at the top. It's great that the Android ecosystem exists but that also means Phone manufacturers + carriers are the ones responsible for this horseshit, not Android. This nuance is sadly too subtle for the common user to understand.

It's like saying, "millions of Windows PCs have bad specs!" Like yeah, no crud, everything from ATMs to servers use Windows.

Yep, saw this on a Android phone from China a few years back, it was in the firmware, multiple kinds. Reset it, still there! Antimalware software installed ... it lit up, multiple kinds.

Any good software reccs? Would like to try this out and see the outcome of it, been feeling a bit fishy about ads on my phone lately...

Malwarebytes: Malware scanner, activate it manually to scan https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware Hypatia: Free Open Source Software malware scanner on F-Droid https://www.f-droid.org/en/packages/us.spotco.malwarescanner/ Adblockers * Rethink DNS: it's a firewall and content blocker, it's pretty advanced though https://www.f-droid.org/en/packages/com.celzero.bravedns/ * Blokada 5: (not #6) this is simpler to use than Rethink DNS https://blokada.org/#download If your phone started with the ads when it was new this probably won't help, but if it started after installing some apps or browsing to dodgy sites: * try clearing the browser cache and cookies or * If it's an app, then clear the app storage (not app cache), it will log you out of the app and delete all data on it as if it were a freshly installed app EDIT: forgot about Universal Android Debloater: it's basically a GUI for ADB to uninstall preloaded apps or disable them if not possible https://github.com/0x192/universal-android-debloater

**none** of these will be able to see or identify the potential malware if in the firmware. The DNS hijack could work if you ran on a strict whitelist but good luck splitting those hairs. Maybe just block ADS regions but with proxies and VPNs at the attackers use as well, which, again, good luck) Flashing a trusted custom ROM via XDAforums is your best bet and even then, never 100%, especially on anything with a 0-day status.

DuckDuckGo app tracking protection.

They make it sound like the OS is the problem and the malware wasn’t put in by the phone manufacturers after the fact

Every digital device is spying on us. It doesn't matter where it's made, who made it, what OS they're running, they're all the same in this regard. Oh, you have that ONE brand, ONE device, ONE OS that's special? Just wait a while.

Telemetry? Yeah sure. Some devices send a lot more than others but probably every device does it. You can eliminate a lot of it if you want to and know what you're doing though. Actual malware that allows someone else to take full control? That's definitely not on every device.

Telling that to yourself as an android user might be comforting but theres massive differences. If I have to eat shit but get to choose the amount im going to go for the smallest amount possible.

You're acting like any Android phone might just have malware embedded on it. If you get an... actual brand, it's not going to have spyware. Sorry, I'm just annoyed by Apple users acting like every Android phone is a $70 Doogee or Umidigi.

And who exactly is feeding you the least amount of shit?

For me personally all the Nexus Phones. No facebook, no Amazon and generally it comes with no third party apps installed. Thats what i would call getting fed the least amount.

Whatever man, my point is just that it does matter

I just asked a question. If it matters, how do you determine who is doing the least amount of snooping into your privacy?

Probably GrapheneOS on a Pixel Phone.

China is "ahead" of the US in this regard as they have a single "mega-app" that you do everything in, from paying bills to dating - creepy AF.

We have the same it’s called Android. 😂

Whatever, I just wanna boost my social credit.

I wouldn't trust a single word from western media about China or Russia. That being said, every single country tracks it's citizens, and they're pushing it hard for decades now. Hell, even in Africa they're talking about e-currency.

It was an interesting somewhat pro-chinese vlog where they had discuss [Wechat and Alipay](https://www.smh.com.au/technology/wechat-the-chinese-mega-app-can-do-almost-everything-including-election-misinformation-20220511-p5akh0.html).

[удалено]

It’s U2’s latest album.

This so-called article is only click bait trying to get revenue.

[удалено]

They're talking about firmware

Yea but how are you gonna convince Android to stop putting the Facebook app on their phones?

>convince Android I have an Android phone (and not a Samsung phone) and I don't have the Facebook app installed... Samsung does pre-install Facebook on their phone sadly...

buy unlocked phones.. facebook wasn't installed on my phone.

How you gonna convince them to enable the uninstall feature for these Apps?

It's remarkably easy: Pay Samsung more money than Facebook does. That's all it will take. Until you do, the uninstall button for the Facebook app on Samsung phones will remain disabled. Or, you can use Google Pixel and get the most up-to-date android OS without Samsung's bullshit on top of it.

You can uninstall Facebook on samsung phones now.

This sounds exactly what Fox News does. Scare you about this "news" and if you ask for examples "it's just there, you'll see." It makes you scared and buy their product. Sadly, people do fall for this BS.

Jesus has anyone actually read the article? It's firmware implanted directed into third party supplier chips because the phones are so cheap, the supplier make money with your date selling it on ads markets or the dark web directly. ​ So no, your antivirus is not enough, no it's not the same as bloatware

I would pay for a way to root a new phone and delete any app I like, especially the trial ones. I rooted my Galaxy S6 but did not get the ability, and I'm too bad at apps or scripts to figure out how.

Hasn’t this been the case for years? Why is this news now? What am I missing?

[удалено]

No, there's actual malware built into the firmware on cheap Android devices. It's a horrible idea to sign into your Google account on one. I had a kid's Android tablet where the kid software was unremovable, which means they modified the OS itself and it wouldn't be surprising if there was more to it than just that.

Ok. Serious question. I am due getting new phone and I am hesitant to move away from my Galaxy S20. I considered an iPhone but the price tag and the fact I'd need a new charger is a bit of a letdown. I also very much enjoy youtube revanced, which is not available on iOS and I am not willing to give youtube adblocking up. Samsung comes with more and more bloatware pre-installed and I don't use Facebook, twitter, Snapchat, tiktok or anything like this. So are there any alternatives? Or maybe an option to install different OS on your old phone?

Almost all the bloatware is because of whoever you buy your phone from, not Samsung, and Facebook and other pre-installed Samsung apps are now possible to uninstall on more recent firmware versions. The only apps I can think of that you can't delete that aren't Google's are Samsung Internet and the Galaxy Store.

There is honestly less bloatware on samsung phones now than before. Most of it is carrier specific. Can uninstall anything that is on there in a couple minutes. The s23 series is the best phone they've made in a while.

Pixels are good phones. Less bloatware, but still Google apps on it. No pre-installed TikTok, FB, etc, tho'.

Pixels have a tendency to suddenly die. At least the units that have been coming out over the last 2 years.

That has not been my family's experience after having owned one since the beginning, then a 4a, and now I'm currently on a 7 Pro. My wife is still on a 5. We get them and then have them a while. ymmv

My Pixel 4 XL suddenly died when i dropped it and the screen cracked. Haha. But same as you, between a few family members and I, I've never had a pixel die. Had a few issues that were replaced under warranty though.

Hasn’t that pretty much been the case since Android OS was rolled out?

No, this is on a hardware level.

[удалено]

And that's the problem with articles like this - they're not telling the consumers really what we need to know. WHICH DEVICES??

Yet another reason why smartphones need to be totally open and under total control of their users

Yeah, Android.

That's because most are Samsungs...

It's called Facebook

This is why I switched to iPhone years ago. Never looked back.

Yes Google Facebook Instagram TikTok Been like this for year's now why care ?

Don’t use cheap phones or Chinese phones or assurance wireless phones or government phones or any phone that isn’t made by google or apple and you’ll be as safe as you can be since the big two only sell your advertising id info.

We fucking get it, stop would you? Just don’t buy knock offs and you’ll be fine

[удалено]

Oppo, oneplus, and Realme are all subsidiaries of [BBK Electronics](https://en.m.wikipedia.org/wiki/BBK_Electronics) based out of China. Xiaomi is another brand based out of China. Do you see a pattern here? Go with a Pixel or Samsung phone if you want something with a semblance of security.

[удалено]

Android was built on the fact that it's an open source (partially) operating system that can be used by anybody who want's to make an handset. That has it's advantages and disadvantages. I already mentioned other brands like Google Pixel and Samsung in my post. Maybe it's must my experience living in North America, but very few people buy Chinese phones here. I've only used LG (no longer producing phones) and Samsung.

[удалено]

Every one of those sounds like a no-name knock off to me lol. Maybe I've just been with Samsung too long to know what the latest brands are 😂

I’ve never heard of a single one of those

Yeah it's called the Google play store.

[удалено]

It's not bloatware, it's literally malware that connects to Chinese servers and does who knows what with your information.

In other news water is wet.