FORUMS

Index Project For XDA Device Subforums

Another ambitious project from the collaborative efforts of Recognized Contributors and Forum … more

The Atlas of XDA

A few weeks ago, we asked you “How Does Your Location Affect Your Life As A Power User?”. In the days that … more

New Snapdragons: Some Context & Contrast

It hasn’t been a good year for Qualcomm so far. Every device featuring the Snapdragon 810 … more

Google To Launch Next Gen Android One On July 14

The first gen of Android One devices to be launched in India in September 2014 were … more

[Q] Should I be concerned - Mysterious PP app found on device

45 posts
Thanks Meter: 5
 
By ouch1976, Member on 21st May 2014, 03:46 PM
Post Reply Subscribe to Thread Email Thread
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
 
 
21st May 2014, 04:22 PM |#2  
ronjwright's Avatar
Member
Flag Schaumburg/Urbana, IL
Thanks Meter: 66
 
More
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
21st May 2014, 04:36 PM |#3  
OP Member
Thanks Meter: 5
 
More
Quote:
Originally Posted by ronjwright

I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.

Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
22nd May 2014, 08:52 PM |#4  
papaavi's Avatar
Senior Member
Thanks Meter: 26
 
More
You should be concerned about any mysterious PP....

Sent from my SM-N900V using Tapatalk
27th May 2014, 08:20 PM |#5  
lmike6453's Avatar
Senior Member
Phila
Thanks Meter: 320
 
More
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
28th May 2014, 12:56 AM |#6  
Dc4479's Avatar
Member
Thanks Meter: 19
 
More
I'd even go a step further and Odin it just to make sure its squeaky clean.

Sent from my SM-N900V using XDA Premium HD app
29th May 2014, 01:47 AM |#7  
RomsWell's Avatar
Senior Member
Flag Venice
Thanks Meter: 1,035
 
More
Quote:
Originally Posted by ouch1976

Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?

It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
29th May 2014, 09:11 AM |#8  
Senior Member
Thanks Meter: 22
 
More
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes