TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.
Doing a scan without copying the apk:
As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.
Anyway:
VirusTotal report
Found 4 months ago by Kaspersky
And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.
From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.
Also something interesting from Kaspersky:
When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.
Now what?
I’ve been using it for nearly 2 years, so there’s that…
I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.
As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.
Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.
This is inside the official ROM (from factory), and there’s no custom ROMs.
Not their first time: https://www.bleepingcomputer.com/news/security/cheap-android-phones-and-poor-quality-control-leads-to-malware-surprise/
then i think you have no option
This is really a vote with your wallet situation. Don’t buy android devices without the option to root and/or bootloader unlock.
This one wouldn’t be a problem. Ulefone apparently doesn’t lock it down. From unlock wall of shame: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame/blob/main/brands/ulefone/README.md
Enable OEM unlocking in settings, reboot to bootloader,
fastboot flashing unlock, and that’s it.But they don’t release any source code and use MediaTek, so there’s no use of it. 😐
You can still use Magisk to root the device if you can dump the firmware
I can try to update to the latest updates and see if it’s still there. Problem with these devices is the updates tend to break more things than fix. This phone got Android 15 update like half a year back and there was bunch of people reporting that the power button doesn’t work to lock the phone anymore…
If yes, or should I say, me being able to detect it, I’ll try to do a warranty claim.
I hate these locked down devices. I want to be able to run whatever I want like on desktops. It’s a computer, dammit.
Allow me to introduce you to my favourite app…
https://f-droid.org/packages/net.blumia.pineapple.lockscreen.oss
It’s front and centre on my home screen. Just so handy.
If you can, I would upgrade just for the security updates.