[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]
Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.
This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.
These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.
Thanks to [kickaxe] for the tip!
Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]
They have attacked me several times via remote exploits.
I am not even a important person at all.
China is a country of 1.4 billion people. You can bet you’re not individually targeted, but just one on the many lists of people by the many hackers that reside in a country of 1.4 b people.
I would posit a greater number is of the watering hole variety. Just wait until any victim comes along! However, there may be a small percentage of targeted individuals, the exact number unknown.
Hackers from China may not be Chinese. ;)
Bixby is the bigest spy, violates privacy act, and cannot be removed.
This is what I am dealing now! Please, continue reading my input!
Am I surprised? Not really. Am I disgusted? You bet. 😪
Google spy me all the time.
And all my mails can be readed by NSA without ANY communication to me.
My Swampscum Galaxy S5 came with Google software on it.
OF COURSE it has spyware! Duh!
(no offense to [Alejandro] is intended)
Get a life there is no real security on any cell phone. The only 100 percent security is no smart phone try that
“Get a life”
You just agreed with my premise that an Android phone (i.e. Google software) is not secure.
Perhaps, you can join me on my quest to “Get a life”?
Sound like a plot from Apple to decrease Samsung sales. I think Apple and Amazon are more of security concerns than Samsung (Korean brand) which has nothing to do with Chinese spies.
What happens with your “life ” on the phone? In other words, your info? And does a company let’s say one you work for have a right to “spy” on your phone? Manipulate it?
I agree that there seems to be no security on any phone! January 6 of this year I went to use my phone and the window on the screen was asking for a pin #, I had never seen that screen before. Then it changed to a screen that had me slide up so I did and a man answered and said that he just stole all my info. Then my screen went to a start up screen and would only stay in that mode, the phone did not recognize my #, my email, my name, and the recovery phone # and the recovery email for my google account was unrecognizable. There were no back keys or home keys. And insurance will not cover it and neither will Samsung!! They really made a fool of me!!
Dam seriously I think this just happen to me not only that but some one took 800 dollars out of my bank it my not be connected but seems scratchy I usually buy lg n this time I went with the Samsung and now I’m being hacked :(
Yeah, like the tech in general wasn’t designed to be spyware, adware, somewhat malware and kind of a virus.
Have to remember all secret, or maybe is it top secret, communications are hardwired.
Makes me think about Great Grandpa and back in the early 80’s where fiber optics was supposed to be the next telephone line… and I’m like WTF?
Even then they are lisening to EVERY conversation.
Oh yeah…, at least being processed with something screening. The telecom installations hubs are just that… wasn’t just for graphs and coms… vision too.
I have the same phone and totally agree. I”m dumping mine at the next opportunity. Going back to Apple. If one really wants security, get a flip phone……
Mine s9 gets hacked through my files and even secret folder as both is my files and the I.p is uk I had Netherlands etc and tes they even planted and intersected with me puting available government files to my device I tried packets capcha but I did not know anoth I know I have many hacks it plant many on devices I see in settings and memory ect to see wot us running I cought them with help of Google and seeing wot i.p address connect to my files i turned of sort over wifi but it way deeper than my capability happy to give access to see added spiewere it appears as gchq NSA uuid i think two
https://en.wikipedia.org/wiki/Five_Eyes
Even if your own country has laws protecting you, nothing is stopping an ally country from spying on you and passing that info to your country.
I have Bluetooth File Sharing and Samsung Knox Encryption installed on my phone, but there’s no way to access these apps dated Oct 7, 2019
Same issue for me
Root phone n turn off not hard
Download app inspector from the ay store. Dowoad adb drivers and platform tools for your phonre. Enable devoper optioms on yojr phone. Enable usb debugging. Hook your phone up to your pc. In tbe platform tools folder press shift right click. Open powershell. Type adb devices. Then type adb shell. Use command line pm uninstall -k –user 0 (app you want to uninstall from the informatio app inspector provides and you can remove anything.
Does not require root.
All of our Android smartphone devices are powered by a virus called Google. Even Samsung has attempted to change my default gmail and browser to Samsung and duplicate every file I open and or create Nothing private
You are confused.
About?
if this is true then why is it that nobody is doing anything to make it stop
Because it isn’t.
By all means tell the truth
Because that requires a successful business model that provides a viable alternative to an interested customer. How many customers even know this problem exists and how many are interested in getting rid of the problem? What kind of costs in money, choice, effort, and time will they expend to rid themselves of this problem (even figuring out that effort is vague, and thus frustrating and dissuading). How many viable alternatives are there for the customer or even for the manufacturers (given contractual issues, delivery reliability, deadlines, and consumer flexibility and trust)? After all these questions are answered, does the business model to implement a solution make sense? If you can’t get useful answers to ALL of those questions, then you have your answer right there why nobody is doing anything to make it stop.
Also, I didn’t even mention the possible influence of corporate and/or state corruption in promoting this “feature”. Good luck advocating for change, in the world where NO manufacturer is effectively accountable anymore for highly reliable performance of consumer computer platforms (including phones), be it hardware or software.
Good assessment.
You put it perfectly
My country I reside in, the USA, has been doing this for a long time. Were all Guinea pigs and will suffer consequences from it if it isnt stopped in its tracks now. The America public needs to stand together take action against this illegal invasion of our private lives. It’s Insane and cant go on this way.
99% to 1%. Not good at math but that seems like like the scales of justice is much more powerful on one end.
What can we do, I am tired of my conversations and searches triggering unwanted ads emails and phone calls. This has to be illegal
Everything you do on any smartphone is NOT secure. Your emails are routed through the NSA and stored in one of there data banks, then its broken down and scanned by quantum computers for info. Your facebook, Instagram and other accounts receive the same treatment. Like DNA your computer and social footprint is put together to make a digital identity of every human on the planet. Information is a new commodity and 90% of people don’t read the small print when they install or do a first time startup of laptops, pc,’s, mobiles etc.. Giving THEM total access to the information you have. The fact that people are still shocked by this is crazy. What everyone should do is delete all there social accounts. Encrypt there devices and send emails encrypted. Use VPNs and firewalls. But chancez are you allready have a digital image of you sat in a server bank somewhere.
And if you’d read even the first reply on the reddit thread you linked you will have seen that Samsung Korea already responded, saying no data was being shared with 360. Please do additional research before blindly re-posting news. “It seems to be fairly legitimate at this point as well” is a baseless opinion and shouldn’t be included on an esteemed site such as Hackaday.
I wouldn’t necessarily trust a damage control press release from the company who stands to gain from quashing security concerns either. I’ll wait till the situation is verified one way or the other by multiple independent security research institutions.
Yeah, I would not trust a damage control press release from a company that has directly lied to people’s faces when engaging in damage control for their screwups.
Look at how Samsung behaved with the “Superbrick” scenario (defective eMMC firmware that would in certain circumstances crash and leave the chip unusable if issued a secure erase command) in 2012. Google forced them to fix their eMMC firmware screwups before the Galaxy Nexus could ship, but Samsung continued to ship defective eMMC in their own phones for months. They also went after a Google kernel developer for NDA violation for merely informing people of a known documented technical flaw that was bricking phones right and left. Much coverup, such wow.
true that.
I hope this may be a false alarm, but I would feel better if there were *no* Chinese made apps with System privledges on my phone. Definitely worth a closer look, later.
“I’d prefer not to have Chinese software running on my Chinese hardware”.
Good call dude, no telling what might be on there :D
Really they can track you if they want to ,leave your location on they know everything you do I love my s9 and I and never going over to apple can’t make me !!!
Apple is no better then Samsung. Both need to be broken down into multiple company’s. Same with google
I bought a couple of robotic kits a few months back (on sale, of course).
They use “LEGO” compatible pieces.
But to make the Bluetooth controllers do anything, I’d have to download an app from China.
That aint gonna happen!
Please. It’s not like an image of dubious origin with some Korean words linked from reddit is any more reliable or important than the original post.
So the packet analyser was lying? Hmmm good luck with that press release…
Yup. Given Samsung’s history, when choosing between a damage control press release from them and Wireshark, sorry – I’ll trust Wireshark.
Samsung s7 fire: the risk is low
Samsung s7 fire: new battery will resolve this
Samsung s7 fire: forget it, we’re bricking all!
You know, I had completely forgotten about THAT wonderful Samsung saga.
That’s an even better example of Samsung’s (lack of) credibility than my personal experiences with Superbrick.
Wasn’t the Samsung Galaxy Note 7 affected as well?
It was the note 7, not the S7
This makes me wonder what other phone makers are doing this. I’ll be taking a long, hard look at my cheap little LG phone.
I’m hoping for the day, similar to x86 land, where you can just install the OS that you want.
That would certainly be a huge improvement.
Amen!
If you have a device supported by LineageOS, that day is already here! You can also skip installing the Google software if you don’t want that.
Beware of running into problems with banking stuff. My tan generator app got wiped (have to wait for new ack by snail-mail) and Google Pay doesn’t work any more for contactless payments.
So Lineage OS might be a solution, but your problem has to fit.
Pine Phone is on it’s way. Will see how many people will choose freedom of software choice over hardware specs.
Check LineageOS for supported phones. I bought an older model specifically for the LineageOS support and selected pico-gapps. I have the play store but not even the search bar let alone bloatware.
I would only suspect they are all doing it to some degree or another, just like smart tv’s and the like. A more interesting story would be to find out exactly what information, where it goes, what it is Really used for, who is it sold/given to, how much are they paying for it. I would think of it this way, show me something like a phone that doesn’t harvest information 24/7, that isn’t new old stock. That would be a story worth reporting, a phone that doesn’t snoop.
According to this article, it calls out Android, which means all phones including LG is affected. I’m more inclined to think this is a biased article made by Aaple to drive customers away from Android base. But as an real Engineer, I can proudly say Apple OS is more controlling and spying on you than Android, on any given day since its inception. I flag this article not accurate and not credible. Not to mention my entire career had been in telecom working with all carriers and Cell phone makers. Stick with Android, ditch thr Apples if you want safety and security.
It’s been there for years. I think since 2016
i suspected in the past as i was rooting and messing with firmware packets were being sent to china.
this proves it.
my fist phone was the S3
Awesome clickbait cuz Samsng replied and rubbished it days ago:
https://www.reddit.com/r/Android/comments/el99r0/samsung_members_koreas_official_reply_has_arrived/
… because a company never lied to protect it’s financial security before … as I said, I will only trust independent security research institutions to validate this one way or the other.
Yeah because Samsung has great history of being trustwhortt
And you trust Samsung on that? We need proper analysis of that software.
Samsung has had spyware on their phones for years. The crazy thing is that spyware is just generally accepted by the public. Facebook, Bixby, Amazon Alexa. People willfully put spying devices into their lives.
Nobody is going to care about this “scandal” because the public has long ago given up on keeping their personal lives private from corporations.
My biggest problem with Samsung phones wasn’t the spyware, it was the fact that their phones are ungodly slow compared to other flagships and their software support lags so far behind.
i have found custom firmware often fixes all the speed problems, increases battery life due to cpu use, ect.
Yeah, Because “everyone” knows Apple would never do anything against their customers. Especially sending out updates that shut down or drastically slow their devices. No, not them or other “Flagships”…Everyone hates on Samsung for this illeggit issue. Reality is, as others have said, this is something all major companies have done or still do. I work in the communications field, if you want your stuff to stay private; do your homework about the devices you carry every day and know how to keep your items safe and private on your own.
Meanwhile, in the US where “people are protected from unreasonable search and seizure”, Apple, Microsoft, Google, three-letter agencies, and your grandma are siphoning off all the data they want, all the time.
Problem is global. Stop hating on the Chinese only.
Let’s not forget that the LineageOS is available for many Samsung phones. If this discovery annoys you, there may be recourse.
Locked bootloaders, and Knox put the kibosh on that idea. Samsung is the “Deere” of smartphones.
OK John
What exactly can be hi jacked I NEVER put any card or bank details family detail like photos
Me in Exmouth uK
Gordon, Buckie here im from Alabama. The greatest crime is one that cant be traced. Your average person will never intelligently understand how each component inside these cell phones work. The manufacturers can put any kind of listening device or recoder on ur phone without anyones knowledge. And that little secret technology can back door any app you use sending any private or personal information to any unofficial country or private manufacturer any where in the world. Sometimes we allow this theft ourselves by being forced or harmlessly asked to allow/or ok apps certain permissions just so we can have basic functions work on our cellphones. Most of these thefts happen right in front of our faces as we stare blindly into and our phones or computers. Sad part is we are so busy being distracted by other things going on we hardly even notice
🤨
Don’t understand how it works. Mobile manufacturers put secret tech in device.
Two sentences one after the other. You’re all over the bloody place. Just a note: It’d be handled with either stock apps or hidden in the firmware. No need for super secret tech.
You are, unfortunately, right.
Available for many Samsung phones? The most modern device supported is the Galaxy S5 from 2014. Will it work with the S10? How about the S8? No, then S6? Still no?
I’d like an open source phone OS that works with a phone that people in first world countries can actually get a hold of.
It works well on the A5 (2017), though it’s tricky to buy NOS phones more than a year old as you say.
We are all tracked, monitored, and spyed on, through all our computer and mobile divices every day. There is no longer any data protection, and we have all just allowed it to happen, without challange, i dread for the future.
Exactly. Sold not to the highest bidder, but to any bidder.
Google employees (the majority of) have had to sign national security act paperwork years ago when the cia got themselves completely embedded with Google citing both Patriots acts and subsequently homeland security acts, nsa as well which have all basically suspended the constitution and the majority of the public have no idea. As B Franklin wrote “to exchange rights for protection leaves you with neither” and these words were accurate then and prophetic when looking at America today.
Governments around the world have been using the tried and true methods of starting problems and panic from behind the scenes a-la the Riechstad fire in 1933 and the 9-11 attacks as well as disease and too many more to count. Then as it was designed to sweep into the situation with the means to protect the population of said nation but certain rights will have to be given up (temporarily, lmao) so as to have the necessary freedom to protect the population.
Personally I need no protection from powers outside the U. S. more accurately we need protection from the federal government who are supposed to be of the people, by the people and for the people. Sadly since President Eisenhowers warning it has become a government of people by the international corporations, of the international corporations and by the international corporations. And now the major powers of the world, U.S., China and Russia have a weapons production based economy and therefore the only outcome is continuous war. And without this being changed somehow humans are doomed to self destruction.
Very well said sir.
Is it on any Samsung? (Just curious)
It’s on my galaxy a10e, not sure if that helps but that’s the only samsung I have access to right now
Yes, every samsung
Well security thru obscurity. Nobody gives a * about my phone.
And this is the truth. China doesn’t give a damn about what Facebook pages you like or what random cat meme you google and that’s not gonna change
Locating everyone who has ever said bad things about the current administration. Handy for damage control.
I’ll believe that when I see it Samsung Galaxy are good phones and seen nothing like what you are saying
Did someone say the quality of their phones are bad? The company itself might not be so good guys. Remember when their phones were exploding and burned up and they forced the phones to brick to solve the problem.
Welcome to the Illuminati New World Order, Orwell’s 1984 realized.
https://www.joesandbox.com/analysis/78634/0/html
Not exactly a glowing review?
Ran my own scan with an apk from a mirror just to confirm.
Possible the bundled version is different.
I pulled down a mirrored apk and took a quick peek with a hex editor, why would they need a list of invalid IMEI’s?
Why does a storage cleaner require fine location, bluetooth, phone calls, camera, or to be able to change the wifi state?
https://www.joesandbox.com/analysis/200095/0/html
Ran that one myself from the downloaded apk.
Wouldn’t be trusting that on my device, that’s forsure.
So is there spyware on my galaxy s10 or just older samsung phones
My new note 9 came loaded with clickbait spyware when I bought it almost 2 years ago.
Imagine relying on Reddit to write your articles, and still being 2 days late. Lol
If you let Google software onto your device, all additional spyware is comparatively miniscule.
Android and all Google services are *designed* to squeeze as much information out of your life and brain as possible.
Moreover, Google stuff is as well *designed* to manipulate your feelings and ultimately your behavior subconsciously and surreptitiously because that is exactly their business model.
If you want to blame a spy, start at the top!
So true
Please don’t be so naive. Apple has had and still has a ‘spyware’ built into its operating system, hence no need for antivirus.
US Government-funded Android phones come preinstalled with unremovable malware
https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/
You mean “Obamaphones”?
Babababingo
Wouldn’t doubt it
Given how China has hoovered all confidential and secure data in the US and the US government and citizens generally have never given a tinker’s d*** (except for an after-the-fact whimper each time), it’s too late. The US gave up long-term supremacy a long time ago when people believed they needed *supposedly* higher 401(k) profits by allowing Western companies to open Chinese subsidiaries to which they transferred intellectual property and 50% of profits to (essentially) the Chinese Communist Party mafia. Never mind the corporate economics, the typical person did NOT get richer for it, nor did the long-term shareholders. No, the executives and speculators got richer while MASSIVE wealth and power transferred to China – permanently.
All smartphones are spyware storage units in general. I feel deep sympathy for anyone who decides to spy on me, death by boredom will be swift and unapologetic.
LOL!
(true for me too!)
Also possible next generation battery will be a sausage.
This reminds me of CarrierIQ, see below links for details
https://www.xda-developers.com/android/the-rootkit-of-all-evil-ciq/
https://www.xda-developers.com/carrier-iq-sues-treve/
https://www.xda-developers.com/carrier-iq-creeps-out-everyone/
https://en.wikipedia.org/wiki/Carrier_IQ
We dont need to debate this.
In England Lord Justice Leveson headed up a commission called “Hacked Off” which investigated the media hacking of celebrities and private citizens cellphones for salacious and profit making purposes.
Hacking occurs. It is proven, in court, beyond a shadow of a doubt.
I unlock my Huawei phone with my finger print. I’m sure that my finger print is safer in China than here in Europe.
There should be no pre-installed App at all and if it is there we should be free to uninstall it. Bloat wares are always problem.
I didn’t install it. Don’t want it. Can’t uninstall it. Definition of spyware/virus = takes total control, non destructive, has access to everything, creates havoc and security holes. It’s my phone, I bought it, they put on it what ever they want… Not buying Samsung again.
I screen shot the B logo from Bixby showing up randomly on the tool bar of home screen on phone… I don’t even have Bixby active, uninstalling it isnt an option, but I put the app away to sleep or something… Now, why would the b logo for Bixby still flash every so often if app isn’t active?
Def spying, recording words, phases, sayings, along with personal Intell… DO NOT TALK BUSINESS AROUND YOUR PHONE