DJI Phantom 2 Vision+ Review – XDA TV

The holidays will be here in no time, so why not start thinking about gifts now? Youll be ahead … more

Mozilla Ditches Google, Makes Yahoo Default Search Engine

Mozilla and Google have had a long-standing relationship of about 10 years. Google … more

Learn More About Linux with Linux Man Pages

Linux is quite a powerful and very configurable operating system. Thanks to some user-friendly … more

Detect, Avoid IMSI-Catcher Attacks with Android IMSI-Catcher Detector

Privacy is always an important topic, as well as a delicate one to … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Should I be concerned - Mysterious PP app found on device

OP ouch1976

21st May 2014, 04:46 PM   |  #1  
OP Member
Thanks Meter: 5
 
40 posts
Join Date:Joined: Nov 2013
Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?
21st May 2014, 05:22 PM   |  #2  
ronjwright's Avatar
Member
Flag Schaumburg/Urbana, IL
Thanks Meter: 51
 
39 posts
Join Date:Joined: May 2014
More
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
21st May 2014, 05:36 PM   |  #3  
OP Member
Thanks Meter: 5
 
40 posts
Join Date:Joined: Nov 2013
Quote:
Originally Posted by ronjwright

I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/show....php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.

Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
22nd May 2014, 09:52 PM   |  #4  
papaavi's Avatar
Senior Member
Thanks Meter: 26
 
137 posts
Join Date:Joined: May 2011
You should be concerned about any mysterious PP....

Sent from my SM-N900V using Tapatalk
27th May 2014, 09:20 PM   |  #5  
lmike6453's Avatar
Senior Member
Phila
Thanks Meter: 319
 
709 posts
Join Date:Joined: Dec 2010
More
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
28th May 2014, 01:56 AM   |  #6  
Dc4479's Avatar
Member
Thanks Meter: 19
 
64 posts
Join Date:Joined: May 2012
I'd even go a step further and Odin it just to make sure its squeaky clean.

Sent from my SM-N900V using XDA Premium HD app
29th May 2014, 02:47 AM   |  #7  
RomsWell's Avatar
Senior Member
Flag Venice
Thanks Meter: 1,027
 
1,580 posts
Join Date:Joined: Jul 2011
More
Quote:
Originally Posted by ouch1976

Here's a little background to my dilemma.

I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.

So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?

I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.

So, does anyone have any thoughts on the safety of the phone?

It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
29th May 2014, 10:11 AM   |  #8  
Senior Member
Thanks Meter: 20
 
142 posts
Join Date:Joined: Mar 2012
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes