• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Phone installed apps on its own?

Search This thread

raptir

Senior Member
May 4, 2010
1,271
270
Three apps installed themselves without my intervention:

Cookie Jam
Drippler
RetailMeNot

They didn't come preinstalled, but just installed themselves today. I was able to uninstall them but they keep coming back.

Any idea what's going on? They do not show up under My Apps in the play store, but I can uninstall them through settings. I did a factory reset and didn't install anything and they still come back.
 

SoulOnFire

Member
Jun 26, 2014
30
17
Scott AFB
Mine just did the same thing also. Just got it two days ago too. I've uninstalled them now, and they haven't come back yet, but that is disturbing if you say gotta keeps coming back.

Forgot to mention this, I've already disabled the other app stores except for the Google play store.
 
Last edited:

cirrob

Senior Member
May 14, 2009
124
4
Riverside
This just happened to me, and it is driving me nuts. I think I tracked it down to a program called DTIgnite. Somehow, a sight I visited or a link I clicked installed this program which essentially gives the controller a backdoor to install anything they want. I dont recall it being in the file directory before, but its there now and it survives a factory reset. Mine started doing it yesterday and I have done about 2 dozen factory resets trying to narrow down the problem I was able to determine that it only downloads these programs (the same thee mentioned) when the sim card is inserted. Without the sim card, and with an active wifi connection, it does not do it. The moment it gets a carrier signal, it begins downloading those three apps in the background. I went to tomobile and got a new sim card, and it still does it, but not if I put the sim card in a different phone. So it lies within my note 4 not my account or the sim card. Furthermore, if you factory reset without the simcard, DTIgnite does not appear in the file directory. Once it is inserted, DTIGnite downloads itself and then these three programs. This leads me to believe that what ever site I visited or clicked on, rooted my phone. Because, how else would it survive a reset unless it was in the root directory?

Now DTIgnite is an app developed by a firm that tries to market its capabilities to carriers in order to give them backdoor access to phones. I think its possible someone licensed the software and repurposed it to install bloat ware of their own for third party companies for profit.

In anycase, because of my work, I cannot have a compromised phone and must replace it now. Thinking about contacting a lawyer and seeing what can be done to the company that makes DTIgnite


Three apps installed themselves without my intervention:

Cookie Jam
Drippler
RetailMeNot

They didn't come preinstalled, but just installed themselves today. I was able to uninstall them but they keep coming back.

Any idea what's going on? They do not show up under My Apps in the play store, but I can uninstall them through settings. I did a factory reset and didn't install anything and they still come back.


---------- Post added at 11:01 PM ---------- Previous post was at 10:22 PM ----------

IDIgnite is indeed the problem. I reformated without the Sim, and then without logging into any account I checked the app manager. Within, is DTIgnite, but once it is "turned off" you can insert the sim card and it will not resinstall those three programs. However, this app is not preinstalled which means each one of us clicked on a link that silently downloaded it. Furthermore, I suspect it has been placed in a safe partition on the device or on the ROOT directory itself because it survives a factory reset.

I dont know how to check if my device is rooted, but when I boot in recovery mode it lists me in # manual mode# and I seem to remember the # symbol was significant in the root determination discussion. Again, I am no expert on the matter; so, I can be completly off base here. I recomend you research my findings on your device to see if they are compromised as well.

Now, I just contacted Mandelay Digital, the publically traded company that authors DT Ignite, and let them know that on monday I will consult an attourney regarding there neglegent distribution of their software and have requested they provide steps to uninstall. after my discussion with an attourney, I may come back here to post information regarding a class action if it is feasible.
 

BACARDILIMON

Senior Member
Jun 12, 2010
5,929
2,378
MASTIC BEACH NY
Well I know you guys have heard this before but porn sites are bad. Lmao. When ya guys click u may be given consent to those other apps to self install. You would have to prove that you did not give consent

BAD ASS NOTE 4
 
  • Like
Reactions: devynbf

devynbf

Senior Member
Oct 20, 2012
1,343
613
This just happened to me, and it is driving me nuts. I think I tracked it down to a program called DTIgnite. Somehow, a sight I visited or a link I clicked installed this program which essentially gives the controller a backdoor to install anything they want. I dont recall it being in the file directory before, but its there now and it survives a factory reset. Mine started doing it yesterday and I have done about 2 dozen factory resets trying to narrow down the problem I was able to determine that it only downloads these programs (the same thee mentioned) when the sim card is inserted. Without the sim card, and with an active wifi connection, it does not do it. The moment it gets a carrier signal, it begins downloading those three apps in the background. I went to tomobile and got a new sim card, and it still does it, but not if I put the sim card in a different phone. So it lies within my note 4 not my account or the sim card. Furthermore, if you factory reset without the simcard, DTIgnite does not appear in the file directory. Once it is inserted, DTIGnite downloads itself and then these three programs. This leads me to believe that what ever site I visited or clicked on, rooted my phone. Because, how else would it survive a reset unless it was in the root directory?

Now DTIgnite is an app developed by a firm that tries to market its capabilities to carriers in order to give them backdoor access to phones. I think its possible someone licensed the software and repurposed it to install bloat ware of their own for third party companies for profit.

In anycase, because of my work, I cannot have a compromised phone and must replace it now. Thinking about contacting a lawyer and seeing what can be done to the company that makes DTIgnite




---------- Post added at 11:01 PM ---------- Previous post was at 10:22 PM ----------

IDIgnite is indeed the problem. I reformated without the Sim, and then without logging into any account I checked the app manager. Within, is DTIgnite, but once it is "turned off" you can insert the sim card and it will not resinstall those three programs. However, this app is not preinstalled which means each one of us clicked on a link that silently downloaded it. Furthermore, I suspect it has been placed in a safe partition on the device or on the ROOT directory itself because it survives a factory reset.

I dont know how to check if my device is rooted, but when I boot in recovery mode it lists me in # manual mode# and I seem to remember the # symbol was significant in the root determination discussion. Again, I am no expert on the matter; so, I can be completly off base here. I recomend you research my findings on your device to see if they are compromised as well.

Now, I just contacted Mandelay Digital, the publically traded company that authors DT Ignite, and let them know that on monday I will consult an attourney regarding there neglegent distribution of their software and have requested they provide steps to uninstall. after my discussion with an attourney, I may come back here to post information regarding a class action if it is feasible.
It's really not a big deal.
For starters, a random piece of adware did NOT root your device. In order to root, you would need to run commands and codes into your device using a program called ODIN, and unless your phone rebooted, showed a red system menu, then rebooted itself again, it was not rooted. You would also have a root access application like SuperSU or SuperUser.

*****

There's 2 ways to go about fixing the adware...

1. Factory Reset, THEN ODIN back to factory stock, the files (from root accessed files and normal files alike) will be entirely resetted to how the stock .img was created.

2. (Easier way) Root, use Titanium and uninstall the adware application causing the problem. Seeing as I've never had adware on my device, I feel this way would only be a temporary fix.

Needless to say, fix #1 is preffered.

If this is an issue for you (novice problems might I add), use an antivirus designed for your device. There are multiple options in the Play Store.

And a side note for ya, this will not stand up in court, this wouldn't even make it to court; in any way possible. If a lawyer had a nickel for anyone who has ever had adware on their devices that was trying to take a company to court to get some kind of settlement or resolution, lawyers would be very rich people.

You visited a site that infected your device with adware. (Probably pornographic). You'll be wasting your time and money. Based on the fact that you went to the extent to call them and threaten them is even worse, almost childish. They don't care, they probably get calls like that all day, every day.

This is not some random anomaly, it's a virus that was installed into your device due to your Internet browsing / downloading habits.



*****
When you see **** on the ground, rather than yelling at it and rolling around in it, just pick it up and be done.
 
  • Like
Reactions: ikenvape

rajil.s

Senior Member
Nov 8, 2012
222
23
Same thing happened to me today. I formatted the phone using TWRP and reinstalled stock using Odin. The sim was still in the phone. As soon as the phone connected to the cell network these apps came back!

Next try was to reflash stock with the sim out. The apps were not there. After routing the phone I uninstalled /system/priv-app/Ignite_TMO.apk which is the package for IDIgnite. Thankfully, these apps have not returned since.

What I found odd was that even stock image did not remove these. I did ensure that the microsd card was also not present in the phone so these apps are definitely stored in the internal partition somewhere.
 

MarkP80nj

Senior Member
Mar 13, 2011
345
47
Bayville
I think it might be in the ank4, because I just got these when flashing an ank4 Rom.
I know for sure I didn't have them before.

Sent from my SM-N910T using Tapatalk
 

lmkidd

New member
Mar 5, 2010
4
0
Southfield
Unauthorized Apps Downloaded to T-Mobile Samsung Note 4.

I have a T-Mobile Samsung Note 4 which updated on Wednesday, November 26, 2014. Just a few minutes ago, I turned my phone off, then turned it on again and noticed on the status/notification bar a triangle with exclamation mark... and when I pulled down screen it was for 2 apps warning that these apps have high permissions. I did not add these apps and when I looked at my apps I noticed the same 3 listed here were installed on my phone. Cookie Jam (high permissions), RetailMeNot (high permissions) and Drippler. I uninstalled from the Google Play Store. Before uninstalling, I planned to give a 1 star review for all 3 apps downloaded on my phone informing people of these apps, but there was no option for me to review these apps although these apps have reviews from other users. I didn't pay attention to the first two that I uninstalled but when I selected uninstall for the Drippler app, there was a warning "This app was not installed by Google Play Store. Do you want to Uninstall it". After this happened I did uncheck the "Unknown Sources" box under the security option for third party apps. I'm very disappointed that this has happened. I have had too much trouble with this phone and really feel that it was a waste of purchase. The first one I bought was broken and this is the second one exchanged in the store and it has many issues. I only downloaded 1 app (MOOC app) a few hours before this happened, but these didn't download until after I turned my phone off, then back on. The MOOC app listed links to several MOOCs online, and only had 4 reviews. If these same apps are being downloaded to other T-Mobile Note 4 users could this be from a link or a problem with the phone. What are the chances of several people accessing the same link? Does this mean the phone is hacked? If the "Unknown Sources" box is checked, will this stop the downloads without permission? Someone please help. This is an edited response to the above-written. After I wrote the response, I picked up my phone and noticed the Virus Scanner (CM Security) icon was in status bar. It showed there was 1 vulnerability called BroadAnywhere. I searched it on Google and found that it is a very bad virus... Once the virus was cleaned from my phone it seems to be working well. It hasn't been long but so far it seems ok and the apps haven't come back, nor the permissions (which did come back once after deleting apps) and well as a couple other things before the virus scan. Hopefully this will clear the problem. If not, I'll give update.


Three apps installed themselves without my intervention:

Cookie Jam
Drippler
RetailMeNot

They didn't come preinstalled, but just installed themselves today. I was able to uninstall them but they keep coming back.

Any idea what's going on? They do not show up under My Apps in the play store, but I can uninstall them through settings. I did a factory reset and didn't install anything and they still come back.
 
Last edited:

cire253

Senior Member
Jan 21, 2009
137
2
Puyallup
I noticed this happened to me as well,but it only happened after I updated my note to the new update. My wife's phone has not been updated and she doesn't have the app in her applications, so my assumption is it was packages in with the new update.

Sent from my SM-N910T using XDA Free mobile app
 

AssassinsLament

Inactive Recognized Developer
Jun 8, 2007
939
628
Twin Cities
There is a preinstalled app labeled "DT Ignite" in the most recent stock rom.
The app is found in /system/priv-app. The file is Ignite_TMO.apk.
Package name is com.LogiaGroup.LogiaDeck.
Just disable it and you guys should be fine.
 
  • Like
Reactions: Dreise

Dreise

New member
Oct 14, 2010
3
1
happening to me too

I can confirm that this has happened to me after the most recent update. Note 4 tmobile version. Disabling "DT Ignite" seems to have fixed it.
 
Last edited:

cirrob

Senior Member
May 14, 2009
124
4
Riverside
First of all, thank you.* Despite your tone it was helpful and reassuring. I have never rooted before and am unfamiliar with the process. If you're willing, I have a few questions that perhaps you can point me in the right direction.

I would like to root and get rid of some applications in general so this isnt exactly off the table, but I would like to begin with a clean factory stock image.

If I do the first method, can I leave it rooted afterwards, or will the act of installing a clean factory stock image unroot the device again?

Also, can you provide a link to a site that offers detailed and trusted steps for either process? Searching google provides several dozen sites each with slightly different methods; what method did you use?

Regarding the tone and assumptions: You do make a lot of assumptions, and you do ooze an air of superiority in your response. I can respect that; this is, afterall your expertise. I just dont think its needed for people to respect your opinion. Assumptions, on the other hand, just lead to people being dismissive of your remarks all together. Its my job to look past assumptions, so they dont bother me much.

Regarding a lawsuite: I live in California and Mandelay Digital is based in California as well. In California you can (edited) sue someone for just about anything: bad thoughts, dressing poorly, beverage too hot etc (all real cases). If there is money to be had, a Lawyer will find a way. Mandelay is publically traded and the author of the software being used; there is incentive there. I will let the attourney make the decision.

Anyway, thank you for your initial response, and any further help you can provide.

---------- Post added at 04:08 PM ---------- Previous post was at 03:41 PM ----------

Looks like I responded too early and should have read the new developments on the thread. It is possible my phone updated thanksgiving and I wasnt aware of it. I did change the battery mid afternoon for family pictures and such, and I noticed the apps (through app2sd notification about some of them being campatible with moving to the SD card) after it booted back up. I just did not see anything about a software update.

With that being said, I suppose it is fairly harmless, though I do not like the idea of such a direct and quite backdoor to installing apps on my phone. I agreed to the initial presinstalled apps, and I am sure somewhere in the initial agreements I may have agreed to unfettered access to my device's selection of apps, but I would still like a more obvious warning of this capability.
 
Last edited:

SoulOnFire

Member
Jun 26, 2014
30
17
Scott AFB
I figured it was something that T-Mobile or Samsung had to have snuck in on one of their updates. Luckily I got my phone right before we went on a trip for Thanksgiving. So I haven't had much time to play with it or even Root it yet. I was able to go through all my Apps in the application manager and clear data/turn off all of the apps that I don't want or use, and I haven't had anything reinstall itself without my approval. I have also unticked the unknown sources option, so maybe that helped as well.

I would normally agree that it was some site that performed a drive - by installation, but I haven't used my phone for anything other than taking pictures, and asking Google for directions around Nashville since I got it on Wednesday.

I will definitely be rooting and probably flashing a new rom as soon as I get home though. Having Random apps installed without me knowing is no fun at all.
 

rsohne

Senior Member
Mar 4, 2007
417
85
Very disturbing. This is the rights for DT Ignite which is now built into the rom after taking the last update. Did a hard reset and now is part of the rom. Nothing loaded and just logged into the phone. The community should be very upset about T-Mobile sneaking this malware on our phones!
Let me be clear that this is after a hard reset without logging into google, Samsung or a Web page. This crapware is now part of the device if you took the last update.
 

Attachments

  • uploadfromtaptalk1417282817187.png
    uploadfromtaptalk1417282817187.png
    222.1 KB · Views: 732
Last edited:

devynbf

Senior Member
Oct 20, 2012
1,343
613
First of all, thank you.* Despite your tone it was helpful and reassuring. I have never rooted before and am unfamiliar with the process. If you're willing, I have a few questions that perhaps you can point me in the right direction.

I would like to root and get rid of some applications in general so this isnt exactly off the table, but I would like to begin with a clean factory stock image.

If I do the first method, can I leave it rooted afterwards, or will the act of installing a clean factory stock image unroot the device again?

Also, can you provide a link to a site that offers detailed and trusted steps for either process? Searching google provides several dozen sites each with slightly different methods; what method did you use?

Regarding the tone and assumptions: You do make a lot of assumptions, and you do ooze an air of superiority in your response. I can respect that; this is, afterall your expertise. I just dont think its needed for people to respect your opinion. Assumptions, on the other hand, just lead to people being dismissive of your remarks all together. Its my job to look past assumptions, so they dont bother me much.

Regarding a lawsuite: I live in California and Mandelay Digital is based in California as well. In California you can (edited) sue someone for just about anything: bad thoughts, dressing poorly, beverage too hot etc (all real cases). If there is money to be had, a Lawyer will find a way. Mandelay is publically traded and the author of the software being used; there is incentive there. I will let the attourney make the decision.

Anyway, thank you for your initial response, and any further help you can provide.

---------- Post added at 04:08 PM ---------- Previous post was at 03:41 PM ----------

Looks like I responded too early and should have read the new developments on the thread. It is possible my phone updated thanksgiving and I wasnt aware of it. I did change the battery mid afternoon for family pictures and such, and I noticed the apps (through app2sd notification about some of them being campatible with moving to the SD card) after it booted back up. I just did not see anything about a software update.

With that being said, I suppose it is fairly harmless, though I do not like the idea of such a direct and quite backdoor to installing apps on my phone. I agreed to the initial presinstalled apps, and I am sure somewhere in the initial agreements I may have agreed to unfettered access to my device's selection of apps, but I would still like a more obvious warning of this capability.
Yes if you use the first method, it will unroot your device. (If it's rooted, that is. )

I am making a guide but got tied up yesterday, the guide will be up in about 2-3 hours. I will link it here when it's done.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    This just happened to me, and it is driving me nuts. I think I tracked it down to a program called DTIgnite. Somehow, a sight I visited or a link I clicked installed this program which essentially gives the controller a backdoor to install anything they want. I dont recall it being in the file directory before, but its there now and it survives a factory reset. Mine started doing it yesterday and I have done about 2 dozen factory resets trying to narrow down the problem I was able to determine that it only downloads these programs (the same thee mentioned) when the sim card is inserted. Without the sim card, and with an active wifi connection, it does not do it. The moment it gets a carrier signal, it begins downloading those three apps in the background. I went to tomobile and got a new sim card, and it still does it, but not if I put the sim card in a different phone. So it lies within my note 4 not my account or the sim card. Furthermore, if you factory reset without the simcard, DTIgnite does not appear in the file directory. Once it is inserted, DTIGnite downloads itself and then these three programs. This leads me to believe that what ever site I visited or clicked on, rooted my phone. Because, how else would it survive a reset unless it was in the root directory?

    Now DTIgnite is an app developed by a firm that tries to market its capabilities to carriers in order to give them backdoor access to phones. I think its possible someone licensed the software and repurposed it to install bloat ware of their own for third party companies for profit.

    In anycase, because of my work, I cannot have a compromised phone and must replace it now. Thinking about contacting a lawyer and seeing what can be done to the company that makes DTIgnite


    Three apps installed themselves without my intervention:

    Cookie Jam
    Drippler
    RetailMeNot

    They didn't come preinstalled, but just installed themselves today. I was able to uninstall them but they keep coming back.

    Any idea what's going on? They do not show up under My Apps in the play store, but I can uninstall them through settings. I did a factory reset and didn't install anything and they still come back.


    ---------- Post added at 11:01 PM ---------- Previous post was at 10:22 PM ----------

    IDIgnite is indeed the problem. I reformated without the Sim, and then without logging into any account I checked the app manager. Within, is DTIgnite, but once it is "turned off" you can insert the sim card and it will not resinstall those three programs. However, this app is not preinstalled which means each one of us clicked on a link that silently downloaded it. Furthermore, I suspect it has been placed in a safe partition on the device or on the ROOT directory itself because it survives a factory reset.

    I dont know how to check if my device is rooted, but when I boot in recovery mode it lists me in # manual mode# and I seem to remember the # symbol was significant in the root determination discussion. Again, I am no expert on the matter; so, I can be completly off base here. I recomend you research my findings on your device to see if they are compromised as well.

    Now, I just contacted Mandelay Digital, the publically traded company that authors DT Ignite, and let them know that on monday I will consult an attourney regarding there neglegent distribution of their software and have requested they provide steps to uninstall. after my discussion with an attourney, I may come back here to post information regarding a class action if it is feasible.
    3
    Very disturbing. This is the rights for DT Ignite which is now built into the rom after taking the last update. Did a hard reset and now is part of the rom. Nothing loaded and just logged into the phone. The community should be very upset about T-Mobile sneaking this malware on our phones!
    Let me be clear that this is after a hard reset without logging into google, Samsung or a Web page. This crapware is now part of the device if you took the last update.
    1
    Well I know you guys have heard this before but porn sites are bad. Lmao. When ya guys click u may be given consent to those other apps to self install. You would have to prove that you did not give consent

    BAD ASS NOTE 4
    1
    This just happened to me, and it is driving me nuts. I think I tracked it down to a program called DTIgnite. Somehow, a sight I visited or a link I clicked installed this program which essentially gives the controller a backdoor to install anything they want. I dont recall it being in the file directory before, but its there now and it survives a factory reset. Mine started doing it yesterday and I have done about 2 dozen factory resets trying to narrow down the problem I was able to determine that it only downloads these programs (the same thee mentioned) when the sim card is inserted. Without the sim card, and with an active wifi connection, it does not do it. The moment it gets a carrier signal, it begins downloading those three apps in the background. I went to tomobile and got a new sim card, and it still does it, but not if I put the sim card in a different phone. So it lies within my note 4 not my account or the sim card. Furthermore, if you factory reset without the simcard, DTIgnite does not appear in the file directory. Once it is inserted, DTIGnite downloads itself and then these three programs. This leads me to believe that what ever site I visited or clicked on, rooted my phone. Because, how else would it survive a reset unless it was in the root directory?

    Now DTIgnite is an app developed by a firm that tries to market its capabilities to carriers in order to give them backdoor access to phones. I think its possible someone licensed the software and repurposed it to install bloat ware of their own for third party companies for profit.

    In anycase, because of my work, I cannot have a compromised phone and must replace it now. Thinking about contacting a lawyer and seeing what can be done to the company that makes DTIgnite




    ---------- Post added at 11:01 PM ---------- Previous post was at 10:22 PM ----------

    IDIgnite is indeed the problem. I reformated without the Sim, and then without logging into any account I checked the app manager. Within, is DTIgnite, but once it is "turned off" you can insert the sim card and it will not resinstall those three programs. However, this app is not preinstalled which means each one of us clicked on a link that silently downloaded it. Furthermore, I suspect it has been placed in a safe partition on the device or on the ROOT directory itself because it survives a factory reset.

    I dont know how to check if my device is rooted, but when I boot in recovery mode it lists me in # manual mode# and I seem to remember the # symbol was significant in the root determination discussion. Again, I am no expert on the matter; so, I can be completly off base here. I recomend you research my findings on your device to see if they are compromised as well.

    Now, I just contacted Mandelay Digital, the publically traded company that authors DT Ignite, and let them know that on monday I will consult an attourney regarding there neglegent distribution of their software and have requested they provide steps to uninstall. after my discussion with an attourney, I may come back here to post information regarding a class action if it is feasible.
    It's really not a big deal.
    For starters, a random piece of adware did NOT root your device. In order to root, you would need to run commands and codes into your device using a program called ODIN, and unless your phone rebooted, showed a red system menu, then rebooted itself again, it was not rooted. You would also have a root access application like SuperSU or SuperUser.

    *****

    There's 2 ways to go about fixing the adware...

    1. Factory Reset, THEN ODIN back to factory stock, the files (from root accessed files and normal files alike) will be entirely resetted to how the stock .img was created.

    2. (Easier way) Root, use Titanium and uninstall the adware application causing the problem. Seeing as I've never had adware on my device, I feel this way would only be a temporary fix.

    Needless to say, fix #1 is preffered.

    If this is an issue for you (novice problems might I add), use an antivirus designed for your device. There are multiple options in the Play Store.

    And a side note for ya, this will not stand up in court, this wouldn't even make it to court; in any way possible. If a lawyer had a nickel for anyone who has ever had adware on their devices that was trying to take a company to court to get some kind of settlement or resolution, lawyers would be very rich people.

    You visited a site that infected your device with adware. (Probably pornographic). You'll be wasting your time and money. Based on the fact that you went to the extent to call them and threaten them is even worse, almost childish. They don't care, they probably get calls like that all day, every day.

    This is not some random anomaly, it's a virus that was installed into your device due to your Internet browsing / downloading habits.



    *****
    When you see **** on the ground, rather than yelling at it and rolling around in it, just pick it up and be done.