[Q] Should I be concerned - Mysterious PP app found on device

Search This thread
By:
Advanced…
O

ouch1976

Member
Nov 26, 2013
45
5
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
 
ronjwright

ronjwright

Senior Member
May 20, 2014
77
66
Schaumburg/Urbana, IL
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://xdaforums.com/showthread.php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
 
O

ouch1976

Member
Nov 26, 2013
45
5
ronjwright said:
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://xdaforums.com/showthread.php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
Click to expand...
Click to collapse

Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
 
papaavi

papaavi

Senior Member
May 16, 2011
142
26
You should be concerned about any mysterious PP....

Sent from my SM-N900V using Tapatalk
 
lmike6453

lmike6453

Senior Member
Dec 17, 2010
721
319
Eagleville PA
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
 
Dc4479

Dc4479

Senior Member
May 2, 2012
67
20
I'd even go a step further and Odin it just to make sure its squeaky clean.

Sent from my SM-N900V using XDA Premium HD app
 
RomsWell

RomsWell

Senior Member
Jul 10, 2011
1,633
1,058
Venice
ouch1976 said:
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
Click to expand...
Click to collapse

It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
 
A

AndroidGreg

Senior Member
Mar 18, 2012
145
23
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access
 
You must log in or register to reply here.

Similar threads

hsbadr
  • Poll
[Q&A] JasmineROM Discussions [Chat Room]
Replies
2K
Views
123K
D
darkensx
sbreen94
[Q&A] Hyperdrive Rom Note 3 Verizon ║ Non-Development Discussion ║ Support
Replies
408
Views
61K
M
MarkNewvine
hsbadr
[Q&A] MultiSystem for Android
Replies
387
Views
64K
R
regala83
S
Showbox error please help!!
Replies
15
Views
62K
A
amsgh
B
Internet connection unstable notification
Replies
54
Views
87K
J
jgmo

New posts