alphaomega Posted September 1, 2014 Share Posted September 1, 2014 Just looking for ideas regarding the following circumstances: A friend of mine has an inexpensive generic no name android tablet (puzzle piece). I performed a factory reset when she first got it because tech support recommended that it might help with the issue she was encountering where the installed browser (baidu) would not save changes to the settings. The home page for the browser would always be www(dot)baidu(dot)com. A factory reset did not fix the issue. Later the tablet some how got messed up again. She said her son was playing music and all of the sudden the tablet locked up. She forced it to shut off and when she turned it back on all the apps she had installed were gone. She brought it back to me to do another facotry reset. I noticed the apps she had installed were gone as well as the user account. And mobogenie was now installed. The apps she got for free (w/purchase) have to be installed with the unknown sources option checked. I also noted the developer options was turned on as well as usb debugging. Mobogenie was not installed after the first factory reset. Malwarebytes Anti-malware was unable to remove mobogenie. And there is no uninstall option for the app (only a disable option). So I performed another factory reset from within the settings and selected to have all the user data erased. All appeared to be okay but mobogenie was still there and the user data was not erased. So I performed a factory reset from recovery mode and again selected to have the user data erased. Mobogenie is still there. And again there is no uninstall option. Malwarebytes Anti-malware attempts to remove it but it does not get removed. I even tried Cleanmaster and it indicates that Mobogenie is one of those apps that came preinstalled on the tablet and cannot be removed. It did mention something along the lines of having to root the table in order to remove Mobogenie but I did not attempt to root the device. Anyone have any ideas on how mobogenie got on the tablet? It was not there after the first factory reset but it is now. As far as I know there have been no updates to the operating system only to the apps from the app store. The operating system (if I remember correctly) is a customized version of Android 4.2.2. Confused. Quote Link to comment Share on other sites More sharing options...
lewmur Posted September 1, 2014 Share Posted September 1, 2014 I found this on the net but don't know how well it works. Remove Mobogenie from Android Open Settings menu Touch Apps or Application manager (what do you have). Select the Mobogenie. Touch Uninstall It is also possible to download special Clean Master application from Google Play in order to remove Mobogenie from Android tablets and phones. Here is the link: https://play.google.com/store/apps/details?id=com.cleanmaster.mguard Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 1, 2014 Share Posted September 1, 2014 Unfortunately you may not be able to remove it without rooting the device. You usually see this type of "locked" apps on carrier devices like an ATT or Verizon app. This is the same type of bloat that comes on new computers except you cannot remove them without root access. I do find it odd that the application appeared when you did a factory reset. That's why I love Nexus devices as they come with no extra bloatware, developer friendly, easy to root, etc. Give me a bit and I will research done more as I am on the porch with my nexus 7. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 2, 2014 Author Share Posted September 2, 2014 What I don't understand is ... The tablet did not come with mobogenie. It was not there after the first factory reset. It somehow got on the tablet before the second factory reset. And it was still there after the second factory reset. It is so deep in the system that malwarebytes cannot remove it. It cannot be uninstalled only disabled. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 2, 2014 Share Posted September 2, 2014 Malwarebytes cannot remove it since you do not have root access and it cannot be uninstalled without root Most of your antivirus, anti-malware apps will not work correctly without root access. Think of it as being locked into /home only and cannot edit anything outside of /home. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 2, 2014 Author Share Posted September 2, 2014 Malwarebytes cannot remove it since you do not have root access and it cannot be uninstalled without root Most of your antivirus, anti-malware apps will not work correctly without root access. Think of it as being locked into /home only and cannot edit anything outside of /home. I understand the need for root in order to remove the app but I don't understand how it got so deep into the system that root access is needed to remove it. I could see how it might have gotten installed accidently by someone clicking on an ad or popup and unintentionally installing something. But to get so deep into the system that root access is needed to remove it and a factory reset does not get rid of it. That confuses me. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 2, 2014 Share Posted September 2, 2014 Well I was under the assumption that it was part of the factory installation even if it didn't show up when he got the tablet. When you did a factory reset, it installed the preinstalled apps that were loaded in factory reset. So it got installed and since you said you cannot uninstall it, that tells me that you need root to remove it. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 2, 2014 Author Share Posted September 2, 2014 (edited) Well I was under the assumption that it was part of the factory installation even if it didn't show up when he got the tablet. When you did a factory reset, it installed the preinstalled apps that were loaded in factory reset. So it got installed and since you said you cannot uninstall it, that tells me that you need root to remove it. I still don't see how mobogenie was not preinstalled on the first factory reset (actually factory reset 1 & 2 - both done from the menu settings) but was on there before and after the second factory reset (actually reset 3 & 4 - once through the menu settings and once through recovery mode). Edited September 2, 2014 by alphaomega Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 2, 2014 Share Posted September 2, 2014 Indeed, it is strange Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 2, 2014 Author Share Posted September 2, 2014 (edited) Indeed, it is strange Strange indeed. At least the app itself is classified as a potentially unwanted program and not a malicious program. I contacted the company (sales staff) to see if they had a technical support department and they do not. I asked if maybe they had pushed out updates to the tablet and the answer was no. I explained the issue with mobogenie and the sales person had never even heard of the app. Was told to either uninstall the app (which I can't) or do a factory reset (which I have already done). In the end ... they said to have the owner contact them so they can make arrangements for her to send it back so they can take a look at it because they have never encountered this situation. Am going to contact the owner. To be continued... Edited September 2, 2014 by alphaomega Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 2, 2014 Share Posted September 2, 2014 Ah, mobogenie is an alternative app store to Google play. A lot of these knock-off chinese tablets do not have google services or the play store due to not paying google for the license. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 2, 2014 Author Share Posted September 2, 2014 Ah, mobogenie is an alternative app store to Google play. A lot of these knock-off chinese tablets do not have google services or the play store due to not paying google for the license. Well it did come with a modified 4.2.2 operating system. It should have had the option for multiple user accounts but that option was not available. It was supposed to have chrome browser on it but it has baidu which always defaults to a chinese website similar to google search. And it did come with the google play store and gmail app. Here is a screenshot of what the play store app looked like before and after it was updated. new-vs-old play store The play store is still on there. The tablet just happens to also have mobogenie on it now. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 2, 2014 Share Posted September 2, 2014 I would check to see if any custom Roms are available for the tablet so you could have a more vanilla android experience. If you post the name and model number, I'll look when I get home Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 4, 2014 Author Share Posted September 4, 2014 I would check to see if any custom Roms are available for the tablet so you could have a more vanilla android experience. If you post the name and model number, I'll look when I get home When I messed with it I did not find any information that would help in determining exactly what the device is. I should have taken a screenshot of the about tablet screen though I don't recall there being any helpful info there. Some of the specs are mentioned in this article puzzle-piece-tablet. I would be tempted to try and put standard android 4.2.2 on there but since it is not my tablet I did not chance it. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 4, 2014 Share Posted September 4, 2014 I understand Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 Got my hands on the tablet again to factory reset. Mobogenie still there. There is also a similar situation to this: possible-malware I've disabled both mobogenie and network service. Everything seems to be running okay. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 If I wanted to attempt removing mobogenie and network service: I assume I will need to root the tablet, locate the apps apk file (on the system partition) and remove it using adb. But if the app is there after a factory reset wouldn't that mean that it is also on the recovery partition? Can that be removed? Or will I need to root and remove w/adb all over? Or could I just use the firmware images from google and put that on the tablet? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 23, 2014 Share Posted September 23, 2014 Well google only provides images for the Nexus line of products so your best bet would be to find a custom rom for the tablet. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 23, 2014 Share Posted September 23, 2014 Found this while searching: http://tabletrom.blogspot.com/2014/03/q8h-allwinner-a23-android-tablet-pc.html Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 23, 2014 Share Posted September 23, 2014 Also perhaps: http://forum.xda-developers.com/showthread.php?t=2715546 The Q8H is a generic Allwinner A23 tablet which is a line of chinese built android tablets. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 Thanks for the links securitybreach. I am reading through them now. Hopefully after I read through those tutorials I'll figure something out. 1 Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 (edited) Looks like I may just end up leaving it as is. I've disabled mobogenie and network service. I'd like to disable the browser but it won't let me. The livesuit flashing tool does not mention anything about working with the A23. I did find a ROM. ROM for q8h, a23, 800x480, 20131211.img I assume I flash that to the system partition. As to rooting the device, I've come across a couple of ways it supposedly can be done. While I still have the tablet I'm going to look into rooting it and removing the apps. I figure if something goes wrong I can set it back to factory. Edited September 23, 2014 by alphaomega Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 23, 2014 Share Posted September 23, 2014 Let us know how it works out for you.. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 (edited) sidenote: Was posting from win7 / internet explorer and it would not quote the previous post. It also would not let me insert code tags. Not sure what is going on there. I am making some headway. Rooted the tablet using kingo root. It may have already been rooted as it had the option to root again. Installed busbox and rootchecker. Using adb I removed: advMode1_2015_0815.apk wrap-mobogenie_123241048.apk edit: also removed PopupView.apk quicksearchbox20140804.apk This was done with usb debugging turned on while the tablet was running normally (not recovery mode) and connected to the laptop where android sdk was installed. Tablet now scans clean with malwarebytes anti-malware (no pup). sidenote: Editing this post from arch / firefox. And adding code block is working. List of system apps. ApplicationsProvider.apk BackupRestoreConfirmation.apk BasicDreams.apk Bluetooth.apk Browser.apk Calculator.apk Calendar.apk CalendarProvider.apk Calibration_Gsensor_DEFAULT.apk CertInstaller.apk ChromeBookmarksSyncAdapter.apk CloudsService.apk ConfigUpdater.apk Contacts.apk ContactsProvider.apk DefaultContainerService.apk DeskClock.apk DownloadProvider.apk DownloadProviderUi.apk DrmProvider.apk Email.apk Exchange2.apk FaceLock.apk FileExplore.apk FusedLocation.apk Galaxy4.apk Gallery2.apk Gmail2.apk GmsCore.apk GoogleBackupTransport.apk GoogleCalendarSyncAdapter.apk GoogleContactsSyncAdapter.apk GoogleFeedback.apk GoogleLoginService.apk GooglePartnerSetup.apk GoogleServicesFramework.apk GoogleTTS.apk HTMLViewer.apk HoloSpiralWallpaper.apk InputDevices.apk KeyChain.apk LatinIME.apk LatinImeDictionaryPack.apk Launcher2.apk LiveWallpapers.apk LiveWallpapersPicker.apk MagicSmokeWallpapers.apk MediaProvider.apk MediaUploader.apk Music.apk MusicFX.apk NetworkLocation.apk NoiseField.apk OneTimeInitializer.apk PackageInstaller.apk PhaseBeam.apk Phone.apk Phonesky.apk PhotoTable.apk Provision.apk QuickSearchBox2.apk Settings.apk SettingsProvider.apk SharedStorageBackup.apk SoftWinnerService.apk SoftwinnerBaseService.apk SoundRecorder.apk SpeechRecorder.apk Superuser.apk SystemUI.apk Talk.apk Talkback.apk TelephonyProvider.apk Update.apk UserDictionaryProvider.apk VisualizationWallpapers.apk VoiceSearchStub.apk VpnDialogs.apk WAPPushManager.apk adobe-reader.apk transparentclockweather.apk weath.apk The only odd thing left to figure out is: The installed browser still goes to a random site on launch. Setting home page does not stick. Then I would like to un-root the tablet. Don't want to leave it rooted. Edited September 23, 2014 by alphaomega Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 And there is also this post which mentions something similar to what I experienced with this tablet. Random apps getting installed, popup ads out of no where, and a factory reset not getting rid of the apps in question. Something having to do with CloudService.apk. Re: CloudsService.APK Removal from A23 ROM I have not attempted to remove CloudService.apk. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 23, 2014 Author Share Posted September 23, 2014 (edited) Re: browser hompage setting not sticking. Came across a post which talked about a similar issue where the browser would always go to a certain list of websites (homepage setting would not stick) It mentioned editing /system/build.prop and editing the line ro.wmt.homepage_base=http://www.baidu.com I tried that and it did not seem to work. There is a file /system/etc/homepage which lists the three pages the browser cycles between. I edited that file to change the site to http://pbskigs.org and that worked. If I temporarily remove the hompage file it defatults to one of the original three. There are some xml files in /data/data/com.android.browser/shared_prefs/ where it might be getting those settings from. Going to test. Those files do appear to be involed with the browser homepage setting. But they are getting reset from somewhere. edit: notes to self post about removing cloudservice.apk post about browser homepage settings Edited September 24, 2014 by alphaomega 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 24, 2014 Share Posted September 24, 2014 So basically cloudservice is an ad application installed by default, almost like malware. I would do as the link suggested and disable or remove that apk. Also, I wouldn't worry about unrooting the tablet as the user would never access it unless they knew what they were doing. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 24, 2014 Author Share Posted September 24, 2014 So basically cloudservice is an ad application installed by default, almost like malware. I would do as the link suggested and disable or remove that apk. Also, I wouldn't worry about unrooting the tablet as the user would never access it unless they knew what they were doing. I was going to do that but I was worried about the red demo screen issue mentioned in one of those forum posts that occurs when the apk was removed. The app cannot be disabled. Other than the browser homepage issue and cloudservice app the tablet was working fine. I managed to remove mobogenie and there have been no random popup ads. I was prepared to return the tablet but the owner wanted me to keep it longer and play music to see if I would encounter the issue she encountered (her reason for sending it to me to factory reset). I let it play music for about five hours. No problem. Then yesterday evening when I was researching how to safetly remove the cloudservice.apk I finally encountered the issue the owner encountered. When playing music in google play music all of the sudden it stopped playing music and the screen went black. I had to force the tablet to turn off (press and hold power button for 20 seconds) and when I turned it back on all her user settings and installed apps were gone. Almost like a factory reset had occurred. I got it back up and running pretty quickly (configuring her account and re-installing all her apps) but at this point she says that she has pretty much written it off (she does not want to deal with the music app issue because it upsets her autistic son) so I can freely do whatever I want to it. I have no clue how to figure out what is causing the music app to do what it did. It is the first time the issue occurred while I had access to the tablet. I am going to mess around with it some more to see if I can figure something out. Maybe attempt to flash the firmware image I found in another forum post to see if it works better than what the tablet comes with by default. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 24, 2014 Share Posted September 24, 2014 So many problems...... another reason I only buy Nexus 1 Quote Link to comment Share on other sites More sharing options...
alphaomega Posted September 24, 2014 Author Share Posted September 24, 2014 (edited) Well it did not last long after this most recent factory reset. Third time is not a charm. Played music. It locked up. Forced it to reboot. No lost data. Played music. It locked up. Forced it to reboot. No lost data. Played music. It locked up. Forced it to reboot. LOST data like a factory reset had occurred. Owner said not to worry if I brick it. Edit: It looks like I may not be able to flash an image file to the tablet as there appears to be no fastboot option on this tablet. I'm going to just get it back up and running and not install google play music and see how it works after that (there is another music app on there). It's been a learning experience. Considerring this is a cheap tablet and having to mess with the potentially unwanted program that managed to work it's way onto the tablet it's not really that bad of a tablet for browsing the web, checking email, and watching youtube videos. Edited September 24, 2014 by alphaomega 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.