Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,768,635 Members 53,052 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Should I be concerned - Mysterious PP app found on device

Tip us?
 
ouch1976
Old
#1  
Member - OP
Thanks Meter 4
Posts: 32
Join Date: Nov 2013
Default [Q] Should I be concerned - Mysterious PP app found on device

Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
 
ronjwright
Old
#2  
ronjwright's Avatar
Member
Thanks Meter 31
Posts: 31
Join Date: May 2014
Location: Schaumburg/Urbana, IL
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
 
ouch1976
Old
#3  
Member - OP
Thanks Meter 4
Posts: 32
Join Date: Nov 2013
Quote:
Originally Posted by ronjwright View Post
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
 
papaavi
Old
#4  
papaavi's Avatar
Senior Member
Thanks Meter 26
Posts: 135
Join Date: May 2011
You should be concerned about any mysterious PP....

Sent from my SM-N900V using Tapatalk
 
lmike6453
Old
#5  
lmike6453's Avatar
Senior Member
Thanks Meter 318
Posts: 709
Join Date: Dec 2010
Location: Phila
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
Verizon Galaxy Note 3 - JB 4.3
 
Dc4479
Old
#6  
Dc4479's Avatar
Member
Thanks Meter 18
Posts: 62
Join Date: May 2012
I'd even go a step further and Odin it just to make sure its squeaky clean.

Sent from my SM-N900V using XDA Premium HD app
 
RomsWell
Old
#7  
RomsWell's Avatar
Senior Member
Thanks Meter 890
Posts: 1,448
Join Date: Jul 2011
Location: Venice
Quote:
Originally Posted by ouch1976 View Post
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
 
AndroidGreg
Old
#8  
Senior Member
Thanks Meter 19
Posts: 141
Join Date: Mar 2012
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access
Rocking out on: VZ Note 3 Rooted, Safe Strap, NC2
Tablet: Nexus 7 (2013) Unlocked, collecting dust
Apple: iPod touch 5th gen iOS 7.1, gave up on that thing, not worth my time when i have a note
Computer: Late 2013 MBPr, 2.6 ghz i7, Nvidia GTX 750m 1TB SSD, 16GB Ram With dual boot for windows 8.1 pro

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Device Review: Samsung Gear Live

Recently, Google announced Android Wear to the world. Android Wear is the Android-based initiative from … more

Forums Added for the Nvidia Shield Tablet and Sharp Aquos Crystal

Just a few days ago, wetook an in depth look at theNvidia Shield Tabletand … more

[OTA Captured] Android 4.4.3 Lands on European HTC One M7

The secound release of the Android L Developer Previewmay be the new hotness for … more

Take a Perfectly Stable Shot with Open Camera

The camera app on our Android smartphones and tablets isn’t something we focus on all … more