android tablet now has mobogenie on it

[alphaomega]

[securitybreach]

Odd, why is there two volume buttons on the navigation bar? Also, does it have a sim slot (looking at the signal notification)?

[alphaomega]

Odd, why is there two volume buttons on the navigation bar? Also, does it have a sim slot (looking at the signal notification)?

Left lowers volume. Right raises volume.

It does have a memory card slot for additional storage.

It does not have cellular service.

It supposedly has 4gb memory though I only see 2.

 

 

Would be nice if I could find a way to put some other firmware on it

instead of the customized one currently on it.

 

 

 

[securitybreach]

Well after reading dozens of threads, it looks like the reason for the lack of custom roms and such is that the firmware for the A23 line of tablets has still not been released even after people threatened them for not complying with the gpl license. Also since no one has bothered to reverse engineer the firmware yet and since it is a cheap chinese tablet, it may never have a custom rom.

[alphaomega]

Screenshots of the tablets' panels...

Home Screen

[Guest LilBambi]

How to remove Mobogenie virus (Solved)

 

Mobogenie virus is a Beijing Yang Fan Jing He Information Consulting Co. program that uses monetization programs like OpenCandy, Conduit, or Quick Downloader bundled with third-party installers. Its main use is to transfer pictures, videos, and other types of data between your phone and computer. Typically it is an unwanted program, assumed by most users to be a virus, since they don’t know where it came from.

 

Much more including how they got it, and the solution in the article.

[securitybreach]

Very nice find Fran!!!! I didn't run across that one with all my research and I am usually pretty good:

[Guest LilBambi]

Hope it helps!

[alphaomega]

Well after reading dozens of threads, it looks like the reason for the lack of custom roms and such is that the firmware for the A23 line of tablets has still not been released even after people threatened them for not complying with the gpl license. Also since no one has bothered to reverse engineer the firmware yet and since it is a cheap chinese tablet, it may never have a custom rom.

I did not come across any mention regarding the gpl license.

Do you recall what sites you were browsing when you came across that information?

Would like to read more about that.

How to remove Mobogenie virus (Solved)

 

Much more including how they got it, and the solution in the article.

Thanks LilBambi for that. I did come across that in my research.

I just didn't think it was pertinent to my situation since I was dealing w/a tablet.

 

The owner claims she never connected the tablet to the computer.

I never connected it to my computer until after it had mobogenie on it and

I wanted to root the tablet in order to remove mobogenie.apk using adb.

 

To be on the safe side (after you posted your response)

I scanned my computer with Malwarebytes Anti-malware,

Hitman Pro, MS Security Essentials, and SpyHunter 4.

 

The only thing detected was tracking cookies.

-------------------------------------------------

 

I removed mobogenie using adb.

Malwarebytes no longer detects it.

I un-rooted the tablet and removed the google account.

 

Have not had a single popup ad.

 

Never did find a fix for the browser homepage setting.

I did find some posts about it but no fix.

The browser cycles between three sites (vandroidnews, kszz, and smartdrone).

Edited September 26, 2014 by alphaomega

[Guest LilBambi]

Is it using Google Chrome?

 

If so, there are two different places for homepage and startpage items in Google Chrome settings, click to check and change as needed. Check them both, and check to make sure Google is the search engine, and remove all the bogus ones if any by managing the search engines.

 

If the default Android browser, steps here:

 

http://www.pcadvisor.co.uk/how-to/google-android/3493152/how-set-browser-homepage-on-android/

[securitybreach]

I did not come across any mention regarding the gpl license.

Do you recall what sites you were browsing when you came across that information?

Would like to read more about that.

 

Start here: Wikipedia: Android -- Licensing

[alphaomega]

Is it using Google Chrome?

No. It's using a browser identified as "browser 4.2.2-20140326".

 

From what I've read it's a modified baidu browser which supports flash.

Some of the free autism apps require flash.

 

I can put Chrome on the tablet but the setting to use it as the default

does not stick and I am unable to disable or uninstall the default browser.

 

I could probably remove the default browser using adb but

I'm nervous I might mess something up.

 

I tried using Dolphin since it supports flash but it runs way too slow.

Edited September 27, 2014 by alphaomega

[securitybreach]

The "android browser" is basically a cut of the open source Chromium browser. For example, the Android Browser that lives in the AOSP v4.4 (kitkat) is based on the same code as Chrome.

[alphaomega]

Start here: Wikipedia: Android -- Licensing

Not sure. Maybe I misunderstood.

I was interested in reading more about this:

it looks like the reason for the lack of custom roms and such is that the firmware for the A23 line of tablets has still not been released even after people threatened them for not complying with the gpl license.

I'll do some google searches to see if I can find something.

 

I did note this from the link:

Google Mobile Services software, along with Android trademarks, can only be licensed by hardware manufacturers for devices that meet Google's compatibility standards <snip> Thus, forks of Android that make major changes to the OS itself, <snip> or other forks which exclude Google apps due to the general unavailability of Google service in that country and licensing fees (such as in China) do not include any of Google's non-free components, are incompatible with apps that require them, and must ship with their own proprietary software marketplace instead of Google Play Store.

The tablet came with an old version of the Google app store and currently has version 4.9.13 on it.

It was only later that Mobogenie showed up on the tablet.

 

And there was also this:

Android version 4.2 Jelly Bean was released in 2012 with enhanced security features, including a malware scanner built into the system, which works in combination with Google Play but can scan apps installed from third party sources as well, and an alert system which notifies the user when an app tries to send a premium-rate text message, blocking the message unless the user explicitly authorises it. Several security firms, such as Lookout Mobile Security, AVG Technologies, and McAfee, have released antivirus software for Android devices. This software is ineffective as sandboxing also applies to such applications, limiting their ability to scan the deeper system for threats.

Does this imply that those security apps are pretty much useless?

The tablet currently has Lookout and Malwarebytes Anti-Malware on it.

[securitybreach]

Does this imply that those security apps are pretty much useless? The tablet currently has Lookout and Malwarebytes Anti-Malware on it.

 

Yes it does although I use eset because of the added features like Anti-Phishing, SMS/Call filter, Security Audits on applications, etc.

 

Now if your device is rooted, you can scan the entire system for malware and such. Otherwise, your locked to the storage partition. Sort of like how Linux separates /home and /.

[securitybreach]

The tablet came with an old version of the Google app store and currently has version 4.9.13 on it.

It was only later that Mobogenie showed up on the tablet.

 

Which means that it has an illegal copy of google services.

 

What I was referring to earlier was that since they are outside of the US, they do not have to comply with the GPL and release their sourcecode for modifications.

[alphaomega]

The "android browser" is basically a cut of the open source Chromium browser. For example, the Android Browser that lives in the AOSP v4.4 (kitkat) is based on the same code as Chrome.

But I thought Chrome did not support Flash?

 

Here is the browser's user agent:

Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; Q8H Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30

 

[securitybreach]

Chrome uses their own version of flash called pepperAPI

 

Chromium/Chrome has basically the same useragent:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36

 

 

http://www.whatsmyuseragent.com/

[alphaomega]

Yes it does although I use eset because of the added features like Anti-Phishing, SMS/Call filter, Security Audits on applications, etc.

 

Now if your device is rooted, you can scan the entire system for malware and such. Otherwise, your locked to the storage partition. Sort of like how Linux separates /home and /.

It was rooted but I unrooted it.

I did not want her son to accidently mess something up.

I did do a full scan while it was rooted and it came up clean.

That was after I removed mobogenie using adb.

Which means that it has an illegal copy of google services.

 

What I was referring to earlier was that since they are outside of the US, they do not have to comply with the GPL and release their sourcecode for modifications.

So how does that (having an illegal copy of google services)

apply to the person (in the US) who purchased the tablet?

 

All she did was apply updates.

And how does that apply to the company who sold her the tablet?

Now I'm really confused.

[securitybreach]

The majority of chinese knockoff tablets either come with a modified store or an illegal version of google play. It is not illegal in the sense that you could get in trouble but they didn't pay google for the license to use the store or google services.

 

Lots of these cheap tablets do this.

[alphaomega]

But I thought Chrome did not support Flash?

 

Here is the browser's user agent:

Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; Q8H Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30

I did see flash 11.1 on the tablet but when I try to verify that

using a test page I get a message that flash is not installed.

 

chrome://flags

takes me to a google search results page.

about:plugins

shows nothing but "loading" on the tab.

 

So what is being used?

 

Edited September 27, 2014 by alphaomega

[securitybreach]

Ok cool. I have to leave for work soon but I will back later tonight and will take a look then.

[alphaomega]

Ok cool. I have to leave for work soon but I will back later tonight and will take a look then.

Ok. Thanks for the help. Edited September 27, 2014 by alphaomega

[alphaomega]

Re-rooted the tablet to get a closer look.

Turns out flash player must not have been

installed after the last reset for some reason.

 

I installed it from /system/preinstall

Don't know what was playing the video on youtube before.

Unless the mobile YouTube website defaults to using html5.

 

Ran both Malwarebytes and Lookout and performed a scan.

Neither asked for root permission.

So I guess they aren't needed?

Edited September 28, 2014 by alphaomega

[securitybreach]

Ran both Malwarebytes and Lookout and performed a scan.

Neither asked for root permission.

So I guess they aren't needed?

 

Their just scanning the apps (like /usr/bin/ on linux) and /sdcard (sdcard or internal storage, whichever is used on your device).

 

Basically if you only install applications from the market and never install some obscure, unpopular app (read reviews if you do), you are perfectly fine. Sideloading is fine as long as you know that the source is 100% trustworthy. I have used Android since 2008(the G1) and I currently have 234 apps on my phone alone. I have never gotten a virus or malware and really haven't ever heard of someone who did.

 

Now do not get me wrong, there is malware out there but really only outside of the market. There have been applications that were later flagged as malware on the play store but most of these were some obscure title or a knockoff version of a paid for game. It's the same thing on windows and such... If it normally costs money and you got it for free, there is a reason it is free.

[Guest LilBambi]

Google Chrome already has a custom version of flash built into the main offshoot of Google Chrome that it uses.

 

Google Chrome always has it's own custom version of flash even on the desktop.

[alphaomega]

Google Chrome already has a custom version of flash built into the main offshoot of Google Chrome that it uses.

 

Google Chrome always has it's own custom version of flash even on the desktop.

From what I've read there is no flash support in the chrome mobile browser since android 4.1 jelly bean.

[securitybreach]

What version of Flash is supported on Chrome for Android? '

Chrome for Android will not be supporting Flash. As you may have seen in November, 2011, Adobe announced it has stopped investing in Flash for mobile browsing. Google has long been committed to making the web platform more powerful through open web technologies like HTML5 and is working with Adobe and other partners to further advance the web standard.

https://developer.ch...multidevice/faq

 

 

Now just like Chrome/Chromium on the desktop, flash is replaced with pepperflash which is built into the browser.

http://9to5google.co...nload-on-linux/

[Guest LilBambi]

Ah, OK. Well HTML5 works well enough.

[alphaomega]

This tablet. What a mess.

I removed root. Verified root was no longer available.

Made sure unknown sources was not checked.

Turned off the tablet.

Took the table back to it's owner.

Turned it on. Made sure it could connect.Turned it off.

Restarted it.

And lo and behold it had two newly installed apps. All by itself.

The newly installed apps:

DU Battery Save

DU Speed Booster

They cannot be removed. Only disabled.

I'm glad it's not my tablet.

 

Edit:

Note to self:

Topic: CloudsService.APK Removal from A23 ROM

Edited September 30, 2014 by alphaomega