PSA: Kingo and vRoot determined to be malware [UPDATE 8 DEC]

[LordManhattan]

MOD EDIT: Updated statement, not entirely true and currently under review. Hang tight, everything will be explained soon.

Remember the little discussion we had going in a thread here regarding vRoot, and i joked about vRoot was mining IMEIs? Well, apparently it's true . We have only ourselves to blame. I'm already rooted so i'll unlock my bootloader and install recovery. That way i don't need to root again if i screw something up. You "should" do the same if you're already rooted and don't care about losing Gracenote and X-Reality. Remember to backup your TA folder.

This application is currently under review, XDA is in contact, and working with Kingo to resolve security issues, however until certain guidelines are met links will not be allowed in xda.

Thank you.

What does this mean? What are they able to do with our IMEI's (if they have them)? I'm not sure, and i won't speculate.

UPDATE: We'll have to wait this one out and see what happens. In the meantime, do not use Kingo or vRoot.

UPDATE - 19 november:

FB post from Kingo:

"In this 1.1.2 version, the IMEI is no longer a problem. It's a long way to release the open source 2.X version, we have to face many tech problems and facing the Android 4.3,4.4 update at the same time. Thank you for your understanding."

If this is true, then it's safe to use Kingo again. We don't know if this is indeed true, but i don't see why they should lie about it since we can easily check it ourselves. Nothing from the devs behind vRoot though, so keep staying away from it for now.

Thanks to @stopa10 for keeping us updated

UPDATE - 8 december:

A new rooting tool has been released. Download it from this thread, and follow this guide (just swap vRoot with the new tool).

Thanks to cubeundcube (dev) and @RyokoN

 

[SpyderTracks]

Remember the little discussion we had going in a thread here regarding vRoot, and i joked about vRoot was mining IMEIs? Well, apparently it's true. We have only ourselves to blame. I'm already rooted so i'll unlock my bootloader and install recovery. That way i don't need to root again if i screw something up. You "should" do the same if you're already rooted and don't care about losing Gracenote and X-Reality. Remember to backup your TA folder.



What does this mean? What are they able to do with our IMEI's (if they have them)? I'm not sure, and i won't speculate.

Jesus, that's bad news! My laziness pays off for once, but damn them for doing that!

This should be a sticky.

Sent from my C6833 using XDA Premium 4 mobile app

 

[LordManhattan]

Yeah, i was so soo skeptical when vRoot started to show up, and i refused to use it. Well, that was until i just had to have root, and i used it. I hate myself!

And yeah, i have PMed a mod and asked if this can be stickied so people don't use them.

 

[SpyderTracks]

Yeah, i was so soo skeptical when vRoot started to show up, and i refused to use it. Well, that was until i just had to have root, and i used it. I hate myself!

And yeah, i have PMed a mod and asked if this can be stickied so people don't use them.

I was just about to root this weekend, had everything ready to go... Does this mean we have no root methods now?

Sent from my C6833 using XDA Premium 4 mobile app

 

[LordManhattan]

I was just about to root this weekend, had everything ready to go... Does this mean we have no root methods now?

Sent from my C6833 using XDA Premium 4 mobile app

Yup, that's correct. Check the mod edit in the OP btw. Things could change pretty quickly again.

 

[omniphil]

I was just about to root this weekend, had everything ready to go... Does this mean we have no root methods now?

Sent from my C6833 using XDA Premium 4 mobile app

But vRoot does certainly grant root access.

 

[hamdogg]

Yeah we all had reservations about vRoot tool. But rooting was just to important to deny its easiness.
Will be interesting to see what the outcome is. What will happen from now...

 

[LordManhattan]

But vRoot does certainly grant root access.

So does Kingo, but the thing here is that we don't know why they are pulling IMEIs and what not. You can use it, but you won't know what's actually happening in the background (while it's rooting). But read the OP. The people that are checking into this will update us when they have more on this. In the meantime, don't root unless you really really need to.

 

[x5starguerillaa]

Hmmm....

Lord M, remember the topic we had on vroot?

Exactly this.

Maybe ask chainfire to investigate further?


Sent from my C6833 using xda app-developers app

 

[LordManhattan]

Hmmm....

Lord M, remember the topic we had on vroot?

Exactly this.

Maybe ask chainfire to investigate further?


Sent from my C6833 using xda app-developers app

I PM'd Chainfire about vRoot back in september. He was skeptical, and wouldn't use it himself, and that was pretty much it. I don't know if he's part of the investigation now though.

We'll have to wait until the mods have investigated this further, but what we already know is that they're logging our IMEIs. If that's intentional or not is a different question and I guess that's why the mods are investigating it. All vRoot and Kingo links have been removed from XDA, but if you want to use them then be my guest. I'm not stopping anybody, I'm just warning you

Sent from my C6833 using Tapatalk

 

[hansip87]

So.. I have once rooted with vroot.. But i have upgraded with PC Companion now (lost root). Does that still means my imei has been read too?

Sent from my C6802 using xda app-developers app

 

[LordManhattan]

So.. I have once rooted with vroot.. But i have upgraded with PC Companion now (lost root). Does that still means my imei has been read too?

Sent from my C6802 using xda app-developers app

Yup, it looks like our IMEIs are on a remote server some place (most likely in China). But we don't know what, if or what they can do with it. The mods are - as mentioned on the case, so we'll see what they find.

 

[LordManhattan]

Also, Kingo posted this on their FB page today. If this is true, then it's not as bad as expected, but i hope it's the same story with vRoot (that they aren't mining data), since that's what we've used the most around here.

 

[3mL]

Quick question... Should I be worried?
I used vRoot.

 

[LordManhattan]

Quick question... Should I be worried?
I used vRoot.

I have also used it, including A LOT of other people. But no, you shouldn't be worried or lose any sleep We'll have to wait for the verdict from the mods, but no, I wouldn't be worried.

Sent from my C6833 using Tapatalk

 

[jeremy.chan]

i like their statement, it somehow rings of the truth being spoken, that it's a bunch of devs who want wide recognition (for the right things), and clarifying it like how they're doing is a good start to getting this resolved.

 

[blueether]

As we say down here:

Bugger me

---------- Post added at 05:46 PM ---------- Previous post was at 05:20 PM ----------

Just a thought...

Could the gathered imei be used to get blacklisted stolen phones to work again by cloneing our imei to the stolen phone?

 

[fastest83]

As we say down here:

Bugger me

---------- Post added at 05:46 PM ---------- Previous post was at 05:20 PM ----------

Just a thought...

Could the gathered imei be used to get blacklisted stolen phones to work again by cloneing our imei to the stolen phone?

Of course it could.
But I don't see how that could be useful to Chinese people, since a stolen phone with blocked IMEI can be used freely in another country.
For example, if I steal a phone here in Italy, and it gets IMEI blocked, I can sell it in the UK because it will definitely work there.

I also used vRoot like everyone else, it was simple, quick, and most of us needed it for restoring our old apps or for tinkering with DPI or something else.
I don't regret it, and I'm still skeptical about it being such a malware app. The only app I saw was MtkCamera, and I've just seen it on the first version of vRoot, not the last one.
Furthermore, I did a full scan with McAfee (and uninstalled the minute after) and it didn't find anything.
That doesn't mean the whole process it's secure (because it pushes data into the phone and erases it after it's done), but it's a start.

Just my 2 cents obviously, not backed up by any concrete proof.

Sent from my C6833 using Tapatalk 2

 

[SweFox]

Interesting.. I just don't understand how IMIE could be useful for them if it now was intentional to save it.

It's not like they can block the IMIE from another country is it :s? And even if they block/clone it or whatever, does this even make a difference being another country and all?

How important is IMIE? I know it's like your personal number and you use it to block the phone within the country. For example, I know people sell phones that they got from a contract, the carrier then blocks the IMIE and sends them a new phone making the scammer get away with money and a new phone.

But still, from another country?

 

[fastest83]

Interesting.. I just don't understand how IMIE could be useful for them if it now was intentional to save it.

It's not like they can block the IMIE from another country is it :s? And even if they block/clone it or whatever, does this even make a difference being another country and all?

How important is IMIE? I know it's like your personal number and you use it to block the phone within the country. For example, I know people sell phones that they got from a contract, the carrier then blocks the IMIE and sends them a new phone making the scammer get away with money and a new phone.

But still, from another country?

Ehm... Just said the same thing on the post above yours... Not a page, not 10 pages before, just ONE post.

Sent from my C6833 using Tapatalk 2