How to save infected Android tablet?
 

My 6 year old son's Hudl has been infected with malware (courtesy of Google Play) and I can't get rid of it. I've tried:

A software factory reset (from settings)
A factory reset (power & vol+)
Malware bytes
Eset

The two scanners highlight the problems, offer to resolve them but then fail to do so.

The hardware factory reset claims to clear all user data but either that's not true or the malware has bypassed Android's 'security' and put it's cr4p somewhere in the system files (the tablet is not rooted).

Not only has this malware come courtesy of the Play Store but the content he can access is supposedly restricted but this damned malware keeps trying to install 'porn hub' on his tablet. When I click 'cancel' for the install it just tries again 2 secs later (well thought out Google!)

Anybody got any ideas how I can get his Hudl back into a usable state?

Re: How to save infected Android tablet?
 

Can you reinstall the rom, say, via odin or flash an img of the rom?
Otherwise might try some malware app.

Re: How to save infected Android tablet?
 

It's a hudl, this is not going to be the best advice but can't you palm it off to cash converters and use the money towards a new one?

Or keep it for yourself as your own personal porn hub tab?

Re: How to save infected Android tablet?
 

I'm facing this problem too with my wife's tablet. In my case is some crap accelerator speed boost bull*****... But the real problem is that apparently i can't unlock the bootloader of that trash, at least with fastboot on Linux. Courtesy Motorola.

Re: How to save infected Android tablet?
 

All out have to do is just reflash your device

Re: How to save infected Android tablet?
 

I hate to say it...
buuuutttt..
I really dislike the state of droid tablets and phones...
suuuurrre...
there is plenty to read up online to fix a samsung for example...
but little for odd models...
I do feel your pain...
Not too long ago now (a week or 2 I think...)
I was handed a alcatel one touch pixi3 ...
it was internally ...a mess..I couldn't get past the start screen initially...it was sooo bad...
There is little in the way of anything on the web concerning the model...
let alone about freeing it from malware ...
I am not very droid savvy but I did manage to erase all the partitions where crap could (and was) hiding ....and get it back to a proper clean state...
Between the touchscreen (oooohhh I hate capacitive touch with wee itty bitty onscreen buttons...) ...the joy of a handheld smartdevice that needs antimalware, antiviralware, etc...
I am soooo content with my maemo....
Reflashing may or may not have any affect.
Didn't work for me...
I know I had to burn out every partition there was to get rid of it...
It could be that your malware is hiding out in an ordinarily inaccessible area or partition like where the frp resides...and so you can't get at it by normal methods...but have to be a bit more severe and burn out the bloody cockroaches...
Don't let it multiply to other areas or hide itself...
Burn!
Burn!
https://www.youtube.com/watch?v=sglyFwTjfDU

Re: How to save infected Android tablet?
 

Well on Sailfish and such we don't grant permissions to installed applications so I suspect it would be even easier to make naughty software than Android but not one bothers as the userbase (potential targets) are too few.

Re: How to save infected Android tablet?
 

Which malware is being detected? From a quick read on XDA, it seems as if the bootloader is locked and you might not have an easily flashable ROM as your solution.

Reseting it will still leave some files behind. And if the files have been placed in the right locations, they will persist even if you reset the device. It needs to have its entire OS removed, refreshed, rewritten and via ADB that's trivial if you can get past a locked bootloader.

Not so the case with the HUDL. But that's after a few quick reads... which landed he here eventually. I'll keep looking, but not so sure I'll be of any help.

Re: How to save infected Android tablet?
 

@switch-hitter which version of android is your device running?

Re: How to save infected Android tablet?
 

I do not know how easy this is to do with stock Android but on Cyanogen it is easy to not install any Google stuff, instead choosing F-Droid for a software repository and if you really need an APK or two from the amazon and google stores use http://android-apk-downloader.com
if you ask nicely the author will give you a G-Play login.
I quit using Ubuntu Touch mostly because it tried to force a Launchpad Ubuntu-Store model onto users vs the desktop open repos we are used to. An upside to cyanogen, if your device is supported, is it lets you re-block permissions on apps after installing them, you also now need what amounts to a cheat code to prove that you actually have business futzing in root, probably to satisfy one+ without removing it entirely.
Regular Android allows too much as user because with exceptions / is inaccessible.

Re: How to save infected Android tablet?
 

Reflash with firmware.
I suggest you take a look here for how to do this using rktool

http://www.modaco.com/forums/topic/3...0131016200812/

Re: How to save infected Android tablet?
 

It's 4.2

I searched for a Cyanogenmod rom for the Hudl but without success.

Re: How to save infected Android tablet?
 

More Android maleware then apps in the WP application store.

http://forensics.spreitzenbarth.de/android-malware/

Re: How to save infected Android tablet?
 

? Android malware in WP application store ?

Re: How to save infected Android tablet?
 

My understanding was the there are more Android apps with malware than the total of apps in the WP application store.

Re: How to save infected Android tablet?
 

I am curious do you dislike Sailfish as to get updates you need a Jolla signin which is also needed for their store?

Are people not able to add repos to Ubuntu touch?

Re: How to save infected Android tablet?
 

The android ecosystem, at tleast the one on google-play is pretty weak. It seems like mostly web link or website API plugins providing no service greater than a browser bookmark on the desktop. To make matters worse there are so damn many duplicate apps on google-play which only differ in what ads it is downloading over my data plan. There are paid apps but even these are not a sure thing, they could also have malware. There are FOSS apps on the various app stores, but only F-Droid is all FOSS with available source code right there to review. Android is a badly implemented ecosystem, better to suited to taking payments or getting infected by requiring a hack for root, than serving the user like real Linux.

Re: How to save infected Android tablet?
 

yup.
totally agree...
I have avoided droid for a looonnnggg time now...
back in the day it wasn't so bad...
but now...
yeah...
when fixing that pixi3..
looking over the store...
it's disgusting...
so...
if the only respite is...
then thank goodness for f-droid...
otherwise
android would be an absolute write-off in my view...

Re: How to save infected Android tablet?
 

Wow, that is pretty effedup, the droids are so secure that you can't even fix them when malware hits you. Where's the outrage? Windows machines had never such problem, unless it just screwed your whole drive (or maybe anti-malware/AV solutions for mobile OSes are in their infancy, or is it fragmentation, as they were 'detected'?). Malware will probably soon come with better protection from rooting than original soft, keeping you safer than GOOG/manufacturer did once you catch it (as from the above it seems on rooted devices you could at least overwrite everything). What a time to be alive

Re: How to save infected Android tablet?
 

Except it is all in chroot, so uninstall aliendalvik and it will be gone, the described situation of reflashing/resetting device to be still malwared should not be possible (sure there might be other exploits, but then it will be using some generic linux bugs/0days on top of android exploits that have to work in the emulated form, there definitely are holes, but you have two layers to get through)

Re: How to save infected Android tablet?
 

Then again, thanks to people requesting to incorporate android more into SFOS, premium SMS sending malwares should now work on jolla, not going to test it, but it looks like the sandbox is more and more likely to leak out (edit: hopefully next update will bring back option to seal pandora's box like having the option to not share contacts with the android part, didn't see any comments about this being optional)

Re: How to save infected Android tablet?
 

2.0.1.7 has an option under android support to limit access to contacts.

Re: How to save infected Android tablet?
 

Sorry, must've been unclear, meant exactly this, contacts sharing with AD has been optional from start, giving android access to telephony functions (premium SMS sending for example) doesn't seem to be integrated this way. The sandboxed android is becoming more and more able to interact with non-android part, without letting user choose which part they are fine with (release notes also mentioned SD card access, but one place mentions android access to SD card, the other option to format card from settings, so not sure about this one)

Re: How to save infected Android tablet?
 

Sorry, I was referring to NATIVE applications on Sailfish. We don't grant permissions or such like Android. We have no malware yet as far as I know probably because there are so few users so the target is too small to bother with. My **guess** is it might be easier to write malware for Sailfish due to the lack of any security model.

Re: How to save infected Android tablet?
 

I guess some people here might argue that Android is malware in itself...

Re: How to save infected Android tablet?
 

Once they mainline the android kernel it will make building linux distros for droid hardware easier, but we will still be stuck with scary bin blob drivers which could be doing anything and are pre-compiled for only one kernel version.

Re: How to save infected Android tablet?
 

No idea what tools harbour uses, but seeing how they limit APIs and supposedly review apps it should give a bit of security (then again workarounds for apps needing to get root are plenty in warehouse and harbour accepts closed source apps, would be interesting to learn more about their processes). Wonder what happened to these guys http://talk.maemo.org/showthread.php?t=94116 their presentation on SFOS security was never uploaded to their vimeo channel, hopefully Jolla did their part to address whatever they found and eko guys just forgotten they can upload it now and are not still waiting for Jolla to give them greenlight after fixing the 0days

Re: How to save infected Android tablet?
 

Oh, I've got an abundance of that right now :mad:

I hope Google's contributions will be thoroughly audited! :eek:


If anyone from Jolla reads this please take note, here's some Android crapola Sailfish really needs to avoid:

When I uninstall an app I don't expect any app or service to be allowed to reinstall it

When I cancel an install dialog I expect that decision to be final, I don't want the dialog to be allowed to reappear and ask me again one second later over and over and over

If I'm using a system screen (e.g. settings) no background app should be allowed to bring up a modal image/dialog over the top of it

When I turn the wifi (gps/bt/...) off in settings no app should be allowed to turn it back on again without my explicit approval (and, as above, if I say no don't ask again)

Really, I could go on and on... :(


Honestly, there's so much m0r0n1c shite in Android I wonder if the chumps who developed it have any experience of the outside world.

Re: How to save infected Android tablet?
 

Interesting times when even a android malware removal question turns into a SFOS security discussion...

Re: How to save infected Android tablet?
 

Hudl is alive :D

I installed Eset from the Play store, after installing I tried turning off the wifi but each time I turned it off the malware turned it on again so I used my router to block the MAC id of the Hudl. That immediately subdued many of the pop up ads that had been bombarding me but I was still getting lots of install dialogs for 'porn hub', 'sexy girls', etc... popping up repeatedly.

I performed a scan (all the while dismissing more install dialogs). Although Eset failed to kill off the malware it did create a log of all the problems it had identified.

I went into Settings->Apps->All and pressed 'Force Stop' and 'Disable' for all the items Eset had listed and some others that looked like they weren't from Google. That killed off the bombardment of install dialogs.

I then went back to the router and allowed the Hudl back on the network, went to settings and checked the box to allow install of apps from sources other than the play store and then downloaded and installed Kingo Root from download.com.

Not only did Kingo Root successfully root the Hudl but it has a SuperUser feature that allows you to delete apps and services. I went through the log from Eset and used SuperUser to delete all that I could. There were three items that even SuperUser could not uninstall but so far they have remained disabled even after reboots. The Hudl is now running fine and Eset is not reporting any threats. :)