Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,739,262 Members 49,367 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Warning: Possible Chinese Trojan from coolapk.com

Tip us?
 
pimpex.net
Old
(Last edited by pimpex.net; 28th February 2014 at 02:26 PM.) Reason: -
#1  
Junior Member - OP
Thanks Meter 5
Posts: 2
Join Date: Feb 2014
Location: Wuppertal

 
DONATE TO ME
Question [Q] Warning: Possible Chinese Trojan from coolapk.com

Hello,

I wanted to warn you of this website: coolapk.com. Certain apk files contain "additional" parts. In this case it was a part of VLC (Video Lan Client). After downloading an apk file and installing, all seems to be normal and the desired software is running. Under applications there are only the programs you know about. But after close look, you will find a hidden additional application under Settings/Apps/Show All at the bottom behind letter Z if showing within alphabetical order containing only chinese signs. It is already running, you can not deinstall it only force stop and deactivate is possible. The file size is shown as 4KB. After uninstalling the original app this still is keeped in your system. During the installation there was absolutely no sign of additional software attached. This device is not rooted and has OEM ROM. The machine I was using is Motorola (Enterprise Solutions) TC55 PN TC55BH-JC11ES, Android 4.1.2 Build 131013-SI-1800EN-01.45-15443J-4.1.2-user. I downloaded the apk files 24.02.2014 and the chinese software contains a following timestamp in the properties: 20131013.224458. This app has following rights granted: personal information (read all words attached to the dictionary, read contacts) and network communication (full network access). Attached is the screenshot of above mentioned hidden software (only app-info), perhaps a friendly user can help translate and tell what is it, because it's behaviour as far is not really trustworthy for me.
Contact me for additional questions (enterprise class units only).

regards + stay clean

Bogusz Schubert/pimpex.net
Attached Thumbnails
Click image for larger version

Name:	chin_IMG_1171s.JPG
Views:	373
Size:	43.5 KB
ID:	2605685  
The Following 2 Users Say Thank You to pimpex.net For This Useful Post: [ Click to Expand ]
 
FranckJZA
Old
#2  
Junior Member
Thanks Meter 0
Posts: 15
Join Date: Jan 2013
thanks for the advice
 
Elanguescence
Old
#3  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Jun 2010
I have that software on my TC55 as well. Oandbackup identifies it as com.android.inputmethod.pinyin, in other words the Chinese input from the AOSP, and the Chinese symbols in its name match the ones of the selectable alternative Chinese input under the "Language & input" settings. I have not installed anything from coolapk.com, only from F-Droid and Amazon. Are you sure this software came with VLC and was not there before? It might just be standard with the TC55.
 
johnny grep
Old
#4  
johnny grep's Avatar
Member
Thanks Meter 5
Posts: 84
Join Date: Sep 2013
Quote:
Originally Posted by Elanguescence View Post
I have that software on my TC55 as well. Oandbackup identifies it as com.android.inputmethod.pinyin, in other words the Chinese input from the AOSP, and the Chinese symbols in its name match the ones of the selectable alternative Chinese input under the "Language & input" settings. I have not installed anything from coolapk.com, only from F-Droid and Amazon. Are you sure this software came with VLC and was not there before? It might just be standard with the TC55.
I have that app installed on a Cisco Cius (Froyo!) as well, and am unable to uninstall it. I'd be surprised if this was malware.
 
e154037
Old
(Last edited by e154037; 9th June 2014 at 01:48 PM.)
#6  
Senior Member
Thanks Meter 78
Posts: 192
Join Date: Jul 2010
Quote:
Originally Posted by pimpex.net View Post
Hello,

I wanted to warn you of this website: coolapk.com. Certain apk files contain "additional" parts. In this case it was a part of VLC (Video Lan Client). ......
The app name in chinese means "Google's method to input chinese character by spelling". It is bad for sure to install an additional app in secret. But this input method app sounds innocent. In addition, how can you be so sure that the app sneaked in with VLC from coolapk?
On my TF101, I have a number of apks from coolapk. As far as I am concerted, It is good so far with coolapk, I have not found anything wrong yet.
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...