TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.
Doing a scan without copying the apk:
As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.
Anyway:
VirusTotal report
Found 4 months ago by Kaspersky
And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.
From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.
Also something interesting from Kaspersky:
When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.
Now what?
I’ve been using it for nearly 2 years, so there’s that…
I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.
As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.
Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.
Wipe it.
That won’t remove it if it’s a factory app…?
If you’re living in a country with good consumer rights, I’d return it.
And people wonder how Temu and such can sell tablets so cheap… they’re making their money back in many different ways.
Guess I didn’t read it properly, I didn’t realize it was baked in. Might be able to flash it but the real answer is, just don’t buy shit off Temu.
Not from Temu. I see such brands commonly in Slovakian stores.
If I check Alza, a pretty large electronics store, these are the numbers per brand:
Just the options when you shop on a budget. Although Motorola (or Samsung) probably wins it there for the most part.
Anyway, I love such unique hardware, and unfortunately usual brands don’t do any unique designs. I guess those died with Blackberry and LG.
For example, at least Unihertz and Ulefone even have phones with a built-in projector. Although… they are actively cooled. And… there’s no way to clean out the dust, so I feel like it will just overheat to death after 2 months of collecting pocket lint.
But I also like idea/design of PinePhone and Fairphone. If there was a more powerful version of PinePhone, I’d probably rock that.
I just like when brands actually do something different rather than just sticking to most common 95% and focusing on highest profit.
When people here say “Temu” they mean any place where you can buy from companies that have forgettable names, don’t care about their reputation, and have zero incentive not to spy on their users and sell their data.
We mean “don’t buy things that you won’t have full control over just to save money or get a feature that you want”.
Best of luck regardless, may your next phone be rootable and repairable!
Ah, OK.
“Full control”… nothing else than PinePhone comes to mind.
I am really looking forward to Motorola with GrapheneOS though. May there be a GrapheneOS phone with headphone jack and SD card slot.
Ultimately, this seems like a choice between hardware and software.
I really wish smartphones worked more like desktop computers. Linux will just run on most hardware, as will Windows. Whatever the manufacturer put on there, with however much bloatware (like McAfee) doesn’t even matter. Just a universal installer for almost everything.
Imagine if every model of laptop and pre-built depended on the manufacturer for software support. Actually, at that point you probably wouldn’t even be able to build your own PC.
Do the best you can. For example, getting a phone that you know can be rooted means you can do what others in this thread have suggested and flash a rom that doesn’t have this kind of thing.
“Full control” and “cell phone” are fundamentally incompatible. Modem firmware is always a black box, most communication hasn’t been reversed yet, the cell towers are black boxes.
Closest you can get is use an actual pocket computer (well, they don’t make those anymore, disable the modem of a smartphone and it’s close enough). And for actual phone calls like for work, you could use one of these MT62xxx phones with MediaTek MAUI. Turn it off when you don’t need.
Before you go port Doom, basically none of them have an application interface compiled in, mostly because they cheap out on enough RAM to be useful with that. Most non-brand ones have fake “Facebook” and “YouTube” apps that just say “Network error” and exit. Although there is some vague leaked code in the footnotes for the article I’ve linked, and the latter one seems to be complete along with .chm documentation files, so could be a fun little project to build something somewhat functional out of it and maybe write a built-in application to share with a patch file (like with those pre-Symbian Nokia nuggets).