TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.
Doing a scan without copying the apk:
As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.
Anyway:
VirusTotal report
Found 4 months ago by Kaspersky
And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.
From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.
Also something interesting from Kaspersky:
When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.
Now what?
I’ve been using it for nearly 2 years, so there’s that…
I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.
As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.
Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.
Don’t buy Chinese phones.
and this is why i make sure any phone i buy is supported by a reputable project like lineageos.
Can you post some more details such as device type and country of origin
Esit: I somehow skipped over the title. Is there a reason you went with ulefone? They seem to be shady Chinese company with poor reviews
From listed domains, with help of
stringsI found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.it could have other records, like TXT records or something else. It is usable as a channel for one way communication
Help I just bought an armor 21…
(You can contact ulefone, and ask for the firmware for your device, they will send it to you!) I did that, rooted my phoen and removed all google BS with an ADB tool. I hope I’m safe Edit:
LITERALLY CRASHED AND STOPPED WORKING AFTER WRITING THIS COMMENT.
Edit: Doesnt turn on
Edit: Bootloops.
you can’t just remove everything by google that way. the google mobile services package is intehrated to the system in such a way, that uninstalling or even just disabling some of the core google packages will make it bootloop. I don’t know the specifics, but if you want to tinker, have a look at the opengapps installer. see what it is exactly doing in the package for your android version, and try to undo them manually with root. be aware though that its an unofficial project, manufacturers don’t use it, but trying to remove opengapps results in the same situation, so its installer can help you make sense of how is it installed.
Gid, it worked just fine for a week after removing an abundance of spyware!
(Works again, I’m currently on the device) It was just haunted, dotn worry
I admire your honesty.
Good luck.
Is it new enough for GSI? Try some GSI build, like this. Won’t work if it’s one of the “32-bit mode” bs phones.
I have a Ulefone Armour 27T pro and it’s really good except for the preindtalled bloatware and that fucking duraspeed thing which, even when disabled and uninstalled via adb, still seems to fuck up my WhatsApp and textra notifications. It’s so infuriating that I don’t use it as my everyday phone anymore. Very disappointed
Yeah, DuraSpeed. That even kills alarms if you try to use them.
To be fair, so did my previous Xiaomi Poco. And my Motorola also had a ton of bugs after its very last update (which almost feels intentional).When did I not have issues? Custom ROM. Upgrading that phone from Android 8 to Android 11 (PixelExperience) even made it miles faster. Oh, and whoever ported it to that phone also made sure to include Moto actions.
There was just one problem. Due to some incompatibility, they couldn’t get encryption to work. Trying to enable it would brick the phone.But I guess it makes sense that someone who is fueled by passion rather than money does a better job.
Did you use a custom ROM on the Ulefone? If so, which one?
No, sorry for the confusion, I was speaking about the Motorola. I can’t find anything for Ulefone.
bloatware is very hard to remove from a phone.
mildlyinfuriatingBuying cheap stuff from some obscure company at the other end of the planet sounds like it will make situations like this inevitable…
Eeeeh, some of these are far from cheap. For example, the Armor 34 Pro that I was interested in is EUR 750.
Unique hardware, that’s why. Otherwise I’d have gotten Moto G54 5G. Actually, I tested both, I just liked the Armor 24 more hardware-wise.Lots of modern electronics feels too boring as it’s all the same. Phones, laptops, TVs, they especially feel like copied homework.
Armor 34 Pro
Okay I just had a look at that and wtf is this smartphone, battery and projector abomination?
How about just buying projector instead? Because that thing will never fit into your pocket anyway…
Moto G54
Yeah that’s at least a normal phone.
The first amazon listing I can find for the armor 34 pro has “andriod 15” on the back of the phone lmao
I daily drive the Armor 24 which is just a bit thinner. I am a man, so it does fit into most of my pockets (I hear women’s clothing has chronic lack of pockets).
I am just that tiny bit of market who likes very unusual things. Unihertz also has some Blackberry-style phones (Titan series), but they don’t sell around here, and it’s not a brand trustworthy enough for me to import it with basically no warranty.
By the way, Unihertz seems to fund new models via Kickstarter, which I find a bit funny.Not that I care, but there’s a funny contradiction here. You don’t consider Unihertz a trustworthy brand, but you do (or did) consider Ulefone a trustworthy brand? Even a cursory, 30-second search for Ulefone doesn’t find anything good to say about them aside for the novel hardware. Did they have a better reputation at the time?
I get you. I have an armour 29 pro, the hardware is insanely cool, the software… Meh at best. Still, I’m using it daily and I love the phone but now I feel like I need to fun a bunch of scans on this one too
In this specific case, throwing
/system_ext/priv-app/PriLauncher3QuickStep/PriLauncher3QuickStep.apkat VirusTotal would light it up.
But as I found, ESET won’t care about system files.
Sophos’ Intercept X did find it, but I had to enable scanning of system files in settings. Though I am not sure how reliable they are for AV.
Oh, and if it finds something, it will block you from opening that app. In this case, that being main part of the UI, I couldn’t access recent apps and homescreen. So for the chance it flags Settings, it would probably be good to enable ADB in advance (and trust your computer).Edit: Sophos also mentions
PriLauncher.apk. Also if it’s in the firmware, you’re out of luck. (And you won’t know)
change all your passwords you used with that device. then depends, can you afford a new phone? Go with a more known brand. If you can’t, start learning mandarin 😅
Yeah.
It sucks as usual manufacturers don’t make such crazy devices. This thing has a 22,000mAh battery and quite strong light at the back. And yes, it’s a quite heavy brick (647g or 1.43lbs).I didn’t find anything better to compare the thickness to, so here it is next to a 1RU switch and a dumphone:
They have even larger phones, but this is already a second time they’ve had malware, so I don’t know about that…
If it makes you feel any better, that’s probably not a 22AH battery either. Stop buying phone on Temu.
The battery life on Ulefone devices is one thing they don’t actually skimp on. I have one and it will go days without a charge. Performs as advertised. And switched off, left in a drawer for 6 months, it didn’t drop a single percentage of battery charge.
I don’t doubt the battery is big, but a 20AH 1S battery pack is still somewhat larger than the phone in that picture .
Ah… The phone in question is not the black thing in the foreground. It’s the silver thing with the gold button at the rear right. They are chonky, and yet still surprisingly heavy.
Oh lmao
There’s quite a few devices like this (from other brands as wall). On a full charge with heavy use it lasts me 5 days. The capacity also checked out with a USB tester, although I only tested it during charging from something like 5%.
I could also try a discharge test, but that’s going to take around 8 hours (10W max output). If you trust whoever did this test, they got 57 hours of screen on time for video streaming: https://www.devicespecifications.com/en/editor-review/c8a7ef/9
That has to fit somewhere.Anyway, I got it on Alza. I wouldn’t trust shops like that with anything above, say, EUR 50. Especially not Temu, though I haven’t used them personally. The most expensive stuff I got on Aliexpress was around that sum. Two Heltec ESP32 boards with LoRa and RTL-SDR v3 (with the antenna kit).
Develop a root method for your phone, gain sudo access, and remove it via command line
There’s no sudo on Android.
Yes, you must root first.
what? are you being pedantic because it’s actually “su”?
There is if you use Termux (on a rooted device).
Termux has been the most important app on my phone. I just get the familiar CLI for everything. For example, MTP has been unreliable in my experience, there’s probably lots of apps in Play Store to send/receive files of questionable quality.
And then with Termux I can just rsync over SSH as usual.
Or browse files with SSHFS.There is with tools like magisk and some others that have popped up.
ReInstall the ROM + KERNEL?
This is inside the official ROM (from factory), and there’s no custom ROMs.
Not their first time: https://www.bleepingcomputer.com/news/security/cheap-android-phones-and-poor-quality-control-leads-to-malware-surprise/then i think you have no option
This is really a vote with your wallet situation. Don’t buy android devices without the option to root and/or bootloader unlock.
option to root and/or bootloader unlock
This one wouldn’t be a problem. Ulefone apparently doesn’t lock it down. From unlock wall of shame: https://github.com/zenfyrdev/bootloader-unlock-wall-of-shame/blob/main/brands/ulefone/README.md
Enable OEM unlocking in settings, reboot to bootloader,
fastboot flashing unlock, and that’s it.
But they don’t release any source code and use MediaTek, so there’s no use of it. 😐You can still use Magisk to root the device if you can dump the firmware
I can try to update to the latest updates and see if it’s still there. Problem with these devices is the updates tend to break more things than fix. This phone got Android 15 update like half a year back and there was bunch of people reporting that the power button doesn’t work to lock the phone anymore…
If yes, or should I say, me being able to detect it, I’ll try to do a warranty claim.I hate these locked down devices. I want to be able to run whatever I want like on desktops. It’s a computer, dammit.
there was bunch of people reporting that the power button doesn’t work to lock the phone anymore…
Allow me to introduce you to my favourite app…
https://f-droid.org/packages/net.blumia.pineapple.lockscreen.oss
It’s front and centre on my home screen. Just so handy.
If you can, I would upgrade just for the security updates.
Can you remove it via adb shell (if you know what package its part of)?
I don’t think so. It’s also responsible for system navigation. (If I force stop it 3-button nav and gestures stop working)
deleted by creator
Wipe it.
That won’t remove it if it’s a factory app…?
If you’re living in a country with good consumer rights, I’d return it.
And people wonder how Temu and such can sell tablets so cheap… they’re making their money back in many different ways.
Guess I didn’t read it properly, I didn’t realize it was baked in. Might be able to flash it but the real answer is, just don’t buy shit off Temu.
Not from Temu. I see such brands commonly in Slovakian stores.
If I check Alza, a pretty large electronics store, these are the numbers per brand:
Just the options when you shop on a budget. Although Motorola (or Samsung) probably wins it there for the most part.
Anyway, I love such unique hardware, and unfortunately usual brands don’t do any unique designs. I guess those died with Blackberry and LG.
For example, at least Unihertz and Ulefone even have phones with a built-in projector. Although… they are actively cooled. And… there’s no way to clean out the dust, so I feel like it will just overheat to death after 2 months of collecting pocket lint.But I also like idea/design of PinePhone and Fairphone. If there was a more powerful version of PinePhone, I’d probably rock that.
I just like when brands actually do something different rather than just sticking to most common 95% and focusing on highest profit.When people here say “Temu” they mean any place where you can buy from companies that have forgettable names, don’t care about their reputation, and have zero incentive not to spy on their users and sell their data.
We mean “don’t buy things that you won’t have full control over just to save money or get a feature that you want”.
Best of luck regardless, may your next phone be rootable and repairable!
Ah, OK.
“Full control”… nothing else than PinePhone comes to mind.
I am really looking forward to Motorola with GrapheneOS though. May there be a GrapheneOS phone with headphone jack and SD card slot.
Ultimately, this seems like a choice between hardware and software.I really wish smartphones worked more like desktop computers. Linux will just run on most hardware, as will Windows. Whatever the manufacturer put on there, with however much bloatware (like McAfee) doesn’t even matter. Just a universal installer for almost everything.
Imagine if every model of laptop and pre-built depended on the manufacturer for software support. Actually, at that point you probably wouldn’t even be able to build your own PC.Do the best you can. For example, getting a phone that you know can be rooted means you can do what others in this thread have suggested and flash a rom that doesn’t have this kind of thing.
“Full control” and “cell phone” are fundamentally incompatible. Modem firmware is always a black box, most communication hasn’t been reversed yet, the cell towers are black boxes.
Closest you can get is use an actual pocket computer (well, they don’t make those anymore, disable the modem of a smartphone and it’s close enough). And for actual phone calls like for work, you could use one of these MT62xxx phones with MediaTek MAUI. Turn it off when you don’t need.
Before you go port Doom, basically none of them have an application interface compiled in, mostly because they cheap out on enough RAM to be useful with that. Most non-brand ones have fake “Facebook” and “YouTube” apps that just say “Network error” and exit. Although there is some vague leaked code in the footnotes for the article I’ve linked, and the latter one seems to be complete along with .chm documentation files, so could be a fun little project to build something somewhat functional out of it and maybe write a built-in application to share with a patch file (like with those pre-Symbian Nokia nuggets).
