Possible Spyware On Samsung Phones

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

109 thoughts on “Possible Spyware On Samsung Phones

          1. Sound like a plot from Apple to decrease Samsung sales. I think Apple and Amazon are more of security concerns than Samsung (Korean brand) which has nothing to do with Chinese spies.

          2. What happens with your “life ” on the phone? In other words, your info? And does a company let’s say one you work for have a right to “spy” on your phone? Manipulate it?

        1. I agree that there seems to be no security on any phone! January 6 of this year I went to use my phone and the window on the screen was asking for a pin #, I had never seen that screen before. Then it changed to a screen that had me slide up so I did and a man answered and said that he just stole all my info. Then my screen went to a start up screen and would only stay in that mode, the phone did not recognize my #, my email, my name, and the recovery phone # and the recovery email for my google account was unrecognizable. There were no back keys or home keys. And insurance will not cover it and neither will Samsung!! They really made a fool of me!!

      1. Yeah, like the tech in general wasn’t designed to be spyware, adware, somewhat malware and kind of a virus.

        Have to remember all secret, or maybe is it top secret, communications are hardwired.

        Makes me think about Great Grandpa and back in the early 80’s where fiber optics was supposed to be the next telephone line… and I’m like WTF?

      2. Mine s9 gets hacked through my files and even secret folder as both is my files and the I.p is uk I had Netherlands etc and tes they even planted and intersected with me puting available government files to my device I tried packets capcha but I did not know anoth I know I have many hacks it plant many on devices I see in settings and memory ect to see wot us running I cought them with help of Google and seeing wot i.p address connect to my files i turned of sort over wifi but it way deeper than my capability happy to give access to see added spiewere it appears as gchq NSA uuid i think two

    1. All of our Android smartphone devices are powered by a virus called Google. Even Samsung has attempted to change my default gmail and browser to Samsung and duplicate every file I open and or create Nothing private

      1. Because that requires a successful business model that provides a viable alternative to an interested customer. How many customers even know this problem exists and how many are interested in getting rid of the problem? What kind of costs in money, choice, effort, and time will they expend to rid themselves of this problem (even figuring out that effort is vague, and thus frustrating and dissuading). How many viable alternatives are there for the customer or even for the manufacturers (given contractual issues, delivery reliability, deadlines, and consumer flexibility and trust)? After all these questions are answered, does the business model to implement a solution make sense? If you can’t get useful answers to ALL of those questions, then you have your answer right there why nobody is doing anything to make it stop.

        Also, I didn’t even mention the possible influence of corporate and/or state corruption in promoting this “feature”. Good luck advocating for change, in the world where NO manufacturer is effectively accountable anymore for highly reliable performance of consumer computer platforms (including phones), be it hardware or software.

    2. My country I reside in, the USA, has been doing this for a long time. Were all Guinea pigs and will suffer consequences from it if it isnt stopped in its tracks now. The America public needs to stand together take action against this illegal invasion of our private lives. It’s Insane and cant go on this way.

    3. Everything you do on any smartphone is NOT secure. Your emails are routed through the NSA and stored in one of there data banks, then its broken down and scanned by quantum computers for info. Your facebook, Instagram and other accounts receive the same treatment. Like DNA your computer and social footprint is put together to make a digital identity of every human on the planet. Information is a new commodity and 90% of people don’t read the small print when they install or do a first time startup of laptops, pc,’s, mobiles etc.. Giving THEM total access to the information you have. The fact that people are still shocked by this is crazy. What everyone should do is delete all there social accounts. Encrypt there devices and send emails encrypted. Use VPNs and firewalls. But chancez are you allready have a digital image of you sat in a server bank somewhere.

  1. And if you’d read even the first reply on the reddit thread you linked you will have seen that Samsung Korea already responded, saying no data was being shared with 360. Please do additional research before blindly re-posting news. “It seems to be fairly legitimate at this point as well” is a baseless opinion and shouldn’t be included on an esteemed site such as Hackaday.

    1. I wouldn’t necessarily trust a damage control press release from the company who stands to gain from quashing security concerns either. I’ll wait till the situation is verified one way or the other by multiple independent security research institutions.

      1. Yeah, I would not trust a damage control press release from a company that has directly lied to people’s faces when engaging in damage control for their screwups.

        Look at how Samsung behaved with the “Superbrick” scenario (defective eMMC firmware that would in certain circumstances crash and leave the chip unusable if issued a secure erase command) in 2012. Google forced them to fix their eMMC firmware screwups before the Galaxy Nexus could ship, but Samsung continued to ship defective eMMC in their own phones for months. They also went after a Google kernel developer for NDA violation for merely informing people of a known documented technical flaw that was bricking phones right and left. Much coverup, such wow.

    2. I hope this may be a false alarm, but I would feel better if there were *no* Chinese made apps with System privledges on my phone. Definitely worth a closer look, later.

      1. Really they can track you if they want to ,leave your location on they know everything you do I love my s9 and I and never going over to apple can’t make me !!!

      2. I bought a couple of robotic kits a few months back (on sale, of course).
        They use “LEGO” compatible pieces.
        But to make the Bluetooth controllers do anything, I’d have to download an app from China.
        That aint gonna happen!

        1. You know, I had completely forgotten about THAT wonderful Samsung saga.

          That’s an even better example of Samsung’s (lack of) credibility than my personal experiences with Superbrick.

        1. Beware of running into problems with banking stuff. My tan generator app got wiped (have to wait for new ack by snail-mail) and Google Pay doesn’t work any more for contactless payments.

          So Lineage OS might be a solution, but your problem has to fit.

      1. Check LineageOS for supported phones. I bought an older model specifically for the LineageOS support and selected pico-gapps. I have the play store but not even the search bar let alone bloatware.

    1. I would only suspect they are all doing it to some degree or another, just like smart tv’s and the like. A more interesting story would be to find out exactly what information, where it goes, what it is Really used for, who is it sold/given to, how much are they paying for it. I would think of it this way, show me something like a phone that doesn’t harvest information 24/7, that isn’t new old stock. That would be a story worth reporting, a phone that doesn’t snoop.

    2. According to this article, it calls out Android, which means all phones including LG is affected. I’m more inclined to think this is a biased article made by Aaple to drive customers away from Android base. But as an real Engineer, I can proudly say Apple OS is more controlling and spying on you than Android, on any given day since its inception. I flag this article not accurate and not credible. Not to mention my entire career had been in telecom working with all carriers and Cell phone makers. Stick with Android, ditch thr Apples if you want safety and security.

    1. … because a company never lied to protect it’s financial security before … as I said, I will only trust independent security research institutions to validate this one way or the other.

  2. Samsung has had spyware on their phones for years. The crazy thing is that spyware is just generally accepted by the public. Facebook, Bixby, Amazon Alexa. People willfully put spying devices into their lives.

    Nobody is going to care about this “scandal” because the public has long ago given up on keeping their personal lives private from corporations.

    My biggest problem with Samsung phones wasn’t the spyware, it was the fact that their phones are ungodly slow compared to other flagships and their software support lags so far behind.

    1. Yeah, Because “everyone” knows Apple would never do anything against their customers. Especially sending out updates that shut down or drastically slow their devices. No, not them or other “Flagships”…Everyone hates on Samsung for this illeggit issue. Reality is, as others have said, this is something all major companies have done or still do. I work in the communications field, if you want your stuff to stay private; do your homework about the devices you carry every day and know how to keep your items safe and private on your own.

  3. Meanwhile, in the US where “people are protected from unreasonable search and seizure”, Apple, Microsoft, Google, three-letter agencies, and your grandma are siphoning off all the data they want, all the time.

    Problem is global. Stop hating on the Chinese only.

      1. Gordon, Buckie here im from Alabama. The greatest crime is one that cant be traced. Your average person will never intelligently understand how each component inside these cell phones work. The manufacturers can put any kind of listening device or recoder on ur phone without anyones knowledge. And that little secret technology can back door any app you use sending any private or personal information to any unofficial country or private manufacturer any where in the world. Sometimes we allow this theft ourselves by being forced or harmlessly asked to allow/or ok apps certain permissions just so we can have basic functions work on our cellphones. Most of these thefts happen right in front of our faces as we stare blindly into and our phones or computers. Sad part is we are so busy being distracted by other things going on we hardly even notice

        1. 🤨

          Don’t understand how it works. Mobile manufacturers put secret tech in device.

          Two sentences one after the other. You’re all over the bloody place. Just a note: It’d be handled with either stock apps or hidden in the firmware. No need for super secret tech.

    1. Available for many Samsung phones? The most modern device supported is the Galaxy S5 from 2014. Will it work with the S10? How about the S8? No, then S6? Still no?

      I’d like an open source phone OS that works with a phone that people in first world countries can actually get a hold of.

  4. We are all tracked, monitored, and spyed on, through all our computer and mobile divices every day. There is no longer any data protection, and we have all just allowed it to happen, without challange, i dread for the future.

    1. Google employees (the majority of) have had to sign national security act paperwork years ago when the cia got themselves completely embedded with Google citing both Patriots acts and subsequently homeland security acts, nsa as well which have all basically suspended the constitution and the majority of the public have no idea. As B Franklin wrote “to exchange rights for protection leaves you with neither” and these words were accurate then and prophetic when looking at America today.
      Governments around the world have been using the tried and true methods of starting problems and panic from behind the scenes a-la the Riechstad fire in 1933 and the 9-11 attacks as well as disease and too many more to count. Then as it was designed to sweep into the situation with the means to protect the population of said nation but certain rights will have to be given up (temporarily, lmao) so as to have the necessary freedom to protect the population.
      Personally I need no protection from powers outside the U. S. more accurately we need protection from the federal government who are supposed to be of the people, by the people and for the people. Sadly since President Eisenhowers warning it has become a government of people by the international corporations, of the international corporations and by the international corporations. And now the major powers of the world, U.S., China and Russia have a weapons production based economy and therefore the only outcome is continuous war. And without this being changed somehow humans are doomed to self destruction.

    1. Did someone say the quality of their phones are bad? The company itself might not be so good guys. Remember when their phones were exploding and burned up and they forced the phones to brick to solve the problem.

  5. https://www.joesandbox.com/analysis/78634/0/html

    Not exactly a glowing review?
    Ran my own scan with an apk from a mirror just to confirm.
    Possible the bundled version is different.

    I pulled down a mirrored apk and took a quick peek with a hex editor, why would they need a list of invalid IMEI’s?
    Why does a storage cleaner require fine location, bluetooth, phone calls, camera, or to be able to change the wifi state?

    https://www.joesandbox.com/analysis/200095/0/html
    Ran that one myself from the downloaded apk.
    Wouldn’t be trusting that on my device, that’s forsure.

  6. If you let Google software onto your device, all additional spyware is comparatively miniscule.

    Android and all Google services are *designed* to squeeze as much information out of your life and brain as possible.

    Moreover, Google stuff is as well *designed* to manipulate your feelings and ultimately your behavior subconsciously and surreptitiously because that is exactly their business model.

    If you want to blame a spy, start at the top!

  7. Given how China has hoovered all confidential and secure data in the US and the US government and citizens generally have never given a tinker’s d*** (except for an after-the-fact whimper each time), it’s too late. The US gave up long-term supremacy a long time ago when people believed they needed *supposedly* higher 401(k) profits by allowing Western companies to open Chinese subsidiaries to which they transferred intellectual property and 50% of profits to (essentially) the Chinese Communist Party mafia. Never mind the corporate economics, the typical person did NOT get richer for it, nor did the long-term shareholders. No, the executives and speculators got richer while MASSIVE wealth and power transferred to China – permanently.

  8. We dont need to debate this.

    In England Lord Justice Leveson headed up a commission called “Hacked Off” which investigated the media hacking of celebrities and private citizens cellphones for salacious and profit making purposes.

    Hacking occurs. It is proven, in court, beyond a shadow of a doubt.

  9. I didn’t install it. Don’t want it. Can’t uninstall it. Definition of spyware/virus = takes total control, non destructive, has access to everything, creates havoc and security holes. It’s my phone, I bought it, they put on it what ever they want… Not buying Samsung again.

Leave a Reply to ERIC S CHAPIN Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.