TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.
Doing a scan without copying the apk:
As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.
Anyway:
VirusTotal report
Found 4 months ago by Kaspersky
And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.
From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.
Also something interesting from Kaspersky:
When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.
Now what?
I’ve been using it for nearly 2 years, so there’s that…
I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.
As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.
Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.
Eeeeh, some of these are far from cheap. For example, the Armor 34 Pro that I was interested in is EUR 750.
Unique hardware, that’s why. Otherwise I’d have gotten Moto G54 5G. Actually, I tested both, I just liked the Armor 24 more hardware-wise.
Lots of modern electronics feels too boring as it’s all the same. Phones, laptops, TVs, they especially feel like copied homework.
Okay I just had a look at that and wtf is this smartphone, battery and projector abomination?
How about just buying projector instead? Because that thing will never fit into your pocket anyway…
Yeah that’s at least a normal phone.
The first amazon listing I can find for the armor 34 pro has “andriod 15” on the back of the phone lmao
I daily drive the Armor 24 which is just a bit thinner. I am a man, so it does fit into most of my pockets (I hear women’s clothing has chronic lack of pockets).
I am just that tiny bit of market who likes very unusual things. Unihertz also has some Blackberry-style phones (Titan series), but they don’t sell around here, and it’s not a brand trustworthy enough for me to import it with basically no warranty.
By the way, Unihertz seems to fund new models via Kickstarter, which I find a bit funny.
Not that I care, but there’s a funny contradiction here. You don’t consider Unihertz a trustworthy brand, but you do (or did) consider Ulefone a trustworthy brand? Even a cursory, 30-second search for Ulefone doesn’t find anything good to say about them aside for the novel hardware. Did they have a better reputation at the time?
I get you. I have an armour 29 pro, the hardware is insanely cool, the software… Meh at best. Still, I’m using it daily and I love the phone but now I feel like I need to fun a bunch of scans on this one too
In this specific case, throwing
/system_ext/priv-app/PriLauncher3QuickStep/PriLauncher3QuickStep.apkat VirusTotal would light it up.But as I found, ESET won’t care about system files.
Sophos’ Intercept X did find it, but I had to enable scanning of system files in settings. Though I am not sure how reliable they are for AV.
Oh, and if it finds something, it will block you from opening that app. In this case, that being main part of the UI, I couldn’t access recent apps and homescreen. So for the chance it flags Settings, it would probably be good to enable ADB in advance (and trust your computer).
Edit: Sophos also mentions
PriLauncher.apk. Also if it’s in the firmware, you’re out of luck. (And you won’t know)