Damp the LG G3 Thermal Throttling

As our mobile devices grow thinner and more powerfulwith each passing generation, it’s inevitable … more

Google Play Developer Distribution Agreement Due Tomorrow

Every once in a while, Google updates theGoogle PlayDeveloper Distribution … more

LG to Release Octa-Core “Nuclun” SoC in the LG G3 Screen

LG is set to follow the likes of Samsung and other manufacture its own … more

Lockdown Pro 2 Brings Material Design and Media Support

Back in March of this year, we took a look at a rather innovated security application … more
Post Reply

[Q] Should I be concerned - Mysterious PP app found on device

OP ouch1976

21st May 2014, 03:46 PM   |  #1  
OP Member
Thanks Meter: 5
 
40 posts
Join Date:Joined: Nov 2013
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
21st May 2014, 04:22 PM   |  #2  
ronjwright's Avatar
Member
Flag Schaumburg/Urbana, IL
Thanks Meter: 51
 
39 posts
Join Date:Joined: May 2014
More
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
21st May 2014, 04:36 PM   |  #3  
OP Member
Thanks Meter: 5
 
40 posts
Join Date:Joined: Nov 2013
Quote:
Originally Posted by ronjwright

I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.

Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
22nd May 2014, 08:52 PM   |  #4  
papaavi's Avatar
Senior Member
Thanks Meter: 26
 
135 posts
Join Date:Joined: May 2011
You should be concerned about any mysterious PP....

Sent from my SM-N900V using Tapatalk
27th May 2014, 08:20 PM   |  #5  
lmike6453's Avatar
Senior Member
Phila
Thanks Meter: 318
 
709 posts
Join Date:Joined: Dec 2010
More
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
28th May 2014, 12:56 AM   |  #6  
Dc4479's Avatar
Member
Thanks Meter: 19
 
64 posts
Join Date:Joined: May 2012
I'd even go a step further and Odin it just to make sure its squeaky clean.

Sent from my SM-N900V using XDA Premium HD app
29th May 2014, 01:47 AM   |  #7  
RomsWell's Avatar
Senior Member
Flag Venice
Thanks Meter: 961
 
1,518 posts
Join Date:Joined: Jul 2011
More
Quote:
Originally Posted by ouch1976

Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?

It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
29th May 2014, 09:11 AM   |  #8  
Senior Member
Thanks Meter: 20
 
142 posts
Join Date:Joined: Mar 2012
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Verizon Galaxy Note 3 Q&A, Help & Troubleshooting by ThreadRank