Jump to content


android tablet now has mobogenie on it


  • Please log in to reply
61 replies to this topic

#1 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 01 September 2014 - 01:15 PM

Just looking for ideas regarding the following circumstances:

A friend of mine has an inexpensive generic no name android tablet (puzzle piece). I performed a factory reset when she first got it because tech support recommended that it might help with the issue she was encountering where the installed browser (baidu) would not save changes to the settings. The home page for the browser would always be www(dot)baidu(dot)com. A factory reset did not fix the issue.

Later the tablet some how got messed up again. She said her son was playing music and all of the sudden the tablet locked up. She forced it to shut off and when she turned it back on all the apps she had installed were gone.

She brought it back to me to do another facotry reset. I noticed the apps she had installed were gone as well as the user account. And mobogenie was now installed. The apps she got for free (w/purchase) have to be installed with the unknown sources option checked. I also noted the developer options was turned on as well as usb debugging.

Mobogenie was not installed after the first factory reset. Malwarebytes Anti-malware was unable to remove mobogenie. And there is no uninstall option for the app (only a disable option).

So I performed another factory reset from within the settings and selected to have all the user data erased.  All appeared to be okay but mobogenie was still there and the user data was not erased.

So I performed a factory reset from recovery mode and again selected to have the user data erased. Mobogenie is still there.

And again there is no uninstall option. Malwarebytes Anti-malware attempts to remove it but it does not get removed. I even tried Cleanmaster and it indicates that Mobogenie is one of those apps that came preinstalled on the tablet and cannot be removed. It did mention something along the lines of having to root the table in order to remove Mobogenie but I did not attempt to root the device.

Anyone have any ideas on how mobogenie got on the tablet? It was not there after the first factory reset but it is now. As far as I know there have been no updates to the operating system only to the apps from the app store. The operating system (if I remember correctly) is a customized version of Android 4.2.2.

Confused.

#2 OFFLINE   lewmur

lewmur

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,604 posts

Posted 01 September 2014 - 01:58 PM

I found this on the net but don't know how well it works.

Quote

Remove Mobogenie from Android
  • Open Settings menu
  • Touch Apps or Application manager (what do you have).
  • Select the Mobogenie.
  • Touch Uninstall

It is also possible to download special Clean Master application from Google Play in order to remove Mobogenie from Android tablets and phones. Here is the link: https://play.google....anmaster.mguard



#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 01 September 2014 - 04:23 PM

Unfortunately you may not be able to remove it without rooting the device. You usually see this type of "locked" apps on carrier devices like an ATT or Verizon app. This is the same type of bloat that comes on new computers except you cannot remove them without root access. I do find it odd that the application appeared when you did a factory reset. That's why I love Nexus devices as they come with no extra bloatware, developer friendly, easy to root, etc. Give me a bit and I will research done more as I am on the porch with my nexus 7.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 01 September 2014 - 08:10 PM

What I don't understand is ...
The tablet did not come with mobogenie.
It was not there after the first factory reset.
It somehow got on the tablet before the second factory reset.
And it was still there after the second factory reset.
It is so deep in the system that malwarebytes cannot remove it.
It cannot be uninstalled only disabled.

#5 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 01 September 2014 - 08:15 PM

Malwarebytes cannot remove it since you do not have root access and it cannot be uninstalled without root

Most of your antivirus, anti-malware apps will not work correctly without root access. Think of it as being locked into /home only and cannot edit anything outside of /home.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#6 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 01 September 2014 - 11:13 PM

View Postsecuritybreach, on 01 September 2014 - 08:15 PM, said:

Malwarebytes cannot remove it since you do not have root access and it cannot be uninstalled without root

Most of your antivirus, anti-malware apps will not work correctly without root access. Think of it as being locked into /home only and cannot edit anything outside of /home.
I understand the need for root in order to remove the app but I don't understand how it got so deep into the system that root access is needed to remove it. I could see how it might have gotten installed accidently by someone clicking on an ad or popup and unintentionally installing something. But to get so deep into the system that root access is needed to remove it and a factory reset does not get rid of it. That confuses me.

#7 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 01 September 2014 - 11:15 PM

Well I was under the assumption that it was part of the factory installation even if it didn't show up when he got the tablet. When you did a factory reset, it installed the preinstalled apps that were loaded in factory reset. So it got installed and since you said you cannot uninstall it, that tells me that you need root to remove it.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#8 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 01 September 2014 - 11:53 PM

View Postsecuritybreach, on 01 September 2014 - 11:15 PM, said:

Well I was under the assumption that it was part of the factory installation even if it didn't show up when he got the tablet. When you did a factory reset, it installed the preinstalled apps that were loaded in factory reset. So it got installed and since you said you cannot uninstall it, that tells me that you need root to remove it.
I still don't see how mobogenie was not preinstalled on the first factory reset (actually factory reset 1 & 2 - both done from the menu settings) but was on there before and after the second factory reset (actually reset 3 & 4 - once through the menu settings and once through recovery mode).

Edited by alphaomega, 01 September 2014 - 11:59 PM.


#9 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 02 September 2014 - 12:41 AM

Indeed, it is strange
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#10 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 02 September 2014 - 12:12 PM

View Postsecuritybreach, on 02 September 2014 - 12:41 AM, said:

Indeed, it is strange
Strange indeed. At least the app itself is classified as a potentially unwanted program and not a malicious program.

I contacted the company (sales staff) to see if they had a technical support department and they do not. I asked if maybe they had pushed out updates to the tablet and the answer was no.

I explained the issue with mobogenie and the sales person had never even heard of the app. Was told to either uninstall the app (which I can't) or do a factory reset (which I have already done).

In the end ... they said to have the owner contact them so they can make arrangements for her to send it back so they can take a look at it because they have never encountered this situation.

Am going to contact the owner. To be continued...

Edited by alphaomega, 02 September 2014 - 12:28 PM.


#11 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 02 September 2014 - 01:42 PM

Ah, mobogenie is an alternative app store to Google play. A lot of these knock-off chinese tablets do not have google services or the play store due to not paying google for the license.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#12 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 02 September 2014 - 02:00 PM

View Postsecuritybreach, on 02 September 2014 - 01:42 PM, said:

Ah, mobogenie is an alternative app store to Google play. A lot of these knock-off chinese tablets do not have google services or the play store due to not paying google for the license.
Well it did come with a modified 4.2.2 operating system. It should have had the option for multiple user accounts but that option was not available.

It was supposed to have chrome browser on it but it has baidu which always defaults to a chinese website similar to google search. And it did come with the google play store and gmail app.

Here is a screenshot of what the play store app looked like before and after it was updated.

new-vs-old play store

The play store is still on there. The tablet just happens to also have mobogenie on it now.

#13 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 02 September 2014 - 06:06 PM

I would check to see if any custom Roms are available for the tablet so you could have a more vanilla android experience. If you post the name and model number, I'll look when I get home
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#14 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 04 September 2014 - 10:24 AM

View Postsecuritybreach, on 02 September 2014 - 06:06 PM, said:

I would check to see if any custom Roms are available for the tablet so you could have a more vanilla android experience. If you post the name and model number, I'll look when I get home
When I messed with it I did not find any information that would help in determining exactly what the device is. I should have taken a screenshot of the about tablet screen though I don't recall there being any helpful info there. Some of the specs are mentioned in this article puzzle-piece-tablet. I would be tempted to try and put standard android 4.2.2 on there but since it is not my tablet I did not chance it.

#15 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 04 September 2014 - 10:42 AM

I understand
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#16 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 22 September 2014 - 09:32 PM

Got my hands on the tablet again to factory reset. Mobogenie still there.
Posted Image

There is also a similar situation to this:
possible-malware

I've disabled both mobogenie and network service.
Everything seems to be running okay.

#17 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 22 September 2014 - 09:42 PM

If I wanted to attempt removing mobogenie and network service:

I assume I will need to root the tablet, locate the apps apk file
(on the system partition) and remove it using adb.

But if the app is there after a factory reset wouldn't that mean
that it is also on the recovery partition?

Can that be removed? Or will I need to root and remove w/adb all over?

Or could I just use the firmware images from google and put that on the tablet?




#18 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 22 September 2014 - 09:48 PM

Well google only provides images for the Nexus line of products so your best bet would be to find a custom rom for the tablet.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#19 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 22 September 2014 - 09:56 PM

Found this while searching: http://tabletrom.blo...-tablet-pc.html
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#20 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 22 September 2014 - 10:00 PM

Also perhaps: http://forum.xda-dev...d.php?t=2715546

The Q8H is a generic Allwinner A23 tablet which is a line of chinese built android tablets.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#21 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 22 September 2014 - 10:15 PM

Thanks for the links securitybreach.
I am reading through them now.
Hopefully after I read through those tutorials I'll figure something out.


#22 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 22 September 2014 - 10:55 PM

Looks like I may just end up leaving it as is.

I've disabled mobogenie and network service.
I'd like to disable the browser but it won't let me.

The livesuit flashing tool does not mention anything about working with the A23.

I did find a ROM.
ROM for q8h, a23, 800x480, 20131211.img
I assume I flash that to the system partition.

As to rooting the device, I've come across a couple of ways it supposedly can be done.
While I still have the tablet I'm going to look into rooting it and removing the apps.

I figure if something goes wrong I can set it back to factory.

Edited by alphaomega, 22 September 2014 - 11:01 PM.


#23 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,023 posts

Posted 22 September 2014 - 11:52 PM

Let us know how it works out for you..
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#24 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 23 September 2014 - 02:40 PM

sidenote:
Was posting from win7 / internet explorer and it would not quote the previous post.
It also would not let me insert code tags. Not sure what is going on there.

I am making some headway.
Rooted the tablet using kingo root.
It may have already been rooted as it had the option to root again.
Installed busbox and rootchecker.

Using adb I removed:
advMode1_2015_0815.apk
wrap-mobogenie_123241048.apk

edit: also removed
PopupView.apk
quicksearchbox20140804.apk

This was done with usb debugging turned on while the tablet was running normally
(not recovery mode) and connected to the laptop where android sdk was installed.

Tablet now scans clean with malwarebytes anti-malware (no pup).

sidenote:
Editing this post from arch / firefox.
And adding code block is working.

List of system apps.
ApplicationsProvider.apk
BackupRestoreConfirmation.apk
BasicDreams.apk
Bluetooth.apk
Browser.apk
Calculator.apk
Calendar.apk
CalendarProvider.apk
Calibration_Gsensor_DEFAULT.apk
CertInstaller.apk
ChromeBookmarksSyncAdapter.apk
CloudsService.apk
ConfigUpdater.apk
Contacts.apk
ContactsProvider.apk
DefaultContainerService.apk
DeskClock.apk
DownloadProvider.apk
DownloadProviderUi.apk
DrmProvider.apk
Email.apk
Exchange2.apk
FaceLock.apk
FileExplore.apk
FusedLocation.apk
Galaxy4.apk
Gallery2.apk
Gmail2.apk
GmsCore.apk
GoogleBackupTransport.apk
GoogleCalendarSyncAdapter.apk
GoogleContactsSyncAdapter.apk
GoogleFeedback.apk
GoogleLoginService.apk
GooglePartnerSetup.apk
GoogleServicesFramework.apk
GoogleTTS.apk
HTMLViewer.apk
HoloSpiralWallpaper.apk
InputDevices.apk
KeyChain.apk
LatinIME.apk
LatinImeDictionaryPack.apk
Launcher2.apk
LiveWallpapers.apk
LiveWallpapersPicker.apk
MagicSmokeWallpapers.apk
MediaProvider.apk
MediaUploader.apk
Music.apk
MusicFX.apk
NetworkLocation.apk
NoiseField.apk
OneTimeInitializer.apk
PackageInstaller.apk
PhaseBeam.apk
Phone.apk
Phonesky.apk
PhotoTable.apk
Provision.apk
QuickSearchBox2.apk
Settings.apk
SettingsProvider.apk
SharedStorageBackup.apk
SoftWinnerService.apk
SoftwinnerBaseService.apk
SoundRecorder.apk
SpeechRecorder.apk
Superuser.apk
SystemUI.apk
Talk.apk
Talkback.apk
TelephonyProvider.apk
Update.apk
UserDictionaryProvider.apk
VisualizationWallpapers.apk
VoiceSearchStub.apk
VpnDialogs.apk
WAPPushManager.apk
adobe-reader.apk
transparentclockweather.apk
weath.apk

The only odd thing left to figure out is:
The installed browser still goes to a random site on launch.
Setting home page does not stick.

Then I would like to un-root the tablet.
Don't want to leave it rooted.

Edited by alphaomega, 23 September 2014 - 03:46 PM.


#25 OFFLINE   alphaomega

alphaomega

    Multithreader

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,012 posts

Posted 23 September 2014 - 04:57 PM

And there is also this post which mentions something
similar to what I experienced with this tablet.

Random apps getting installed, popup ads out of no where,
and a factory reset not getting rid of the apps in question.

Something having to do with CloudService.apk.

Re: CloudsService.APK Removal from A23 ROM

I have not attempted to remove CloudService.apk.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users