Having ran NetGuard in logging mode for a few days now I've noticed that many of Samsung's in-built services are contacting web services associated at multiple DNS subdomains under:
- *.360.cn
- *.cloud.360safe.com
A lot of them on unsecured HTTP port 80 (some go via HTTPS port 443).
Services I've observed this behaviour so far are:
- Samsung ApexService
- ANT+ HAL Service
- Application installer (com.sec.android.preloadinstaller)
- Assistant Menu
- AirCommandManager (com.samsung.android.aircommandmanager)
- Plus too many other default services to list (most of which cannot be disabled)
Phone's running on stock unbranded SM-N960F build number PPR1.180610.011.N960FXXU2CSA2.
I've scanned the phone using bundled Device Care's McAfee security scan with no findings.
Has anyone else observed this behaviour?
I haven't looked at this as closely as you have,but,I'm guessing it's all tied-in from the Device Maintenance section of the phone.
The name of the company Samsung is currently in bed with is QIHOO:
https://en.wikipedia.org/wiki/Qihoo_360
https://seekingalpha.com/article/4165136-cheetah-mobile-lost-samsung-relevant-risks
Remember/heard of Cheetah Mobile (of Clean Master infamy) ?
https://www.prnewswire.com/news-rel...mobile-security-and-innovation-300043298.html
Well,that's who used to be in partnership w/Samsung & the Device Maintenance aka built-in Clean Master to most,if not all Samsung mobile products.
Fast-Forward to present day & we still have the crapware on our phones,likely scraping info & selling it to anyone interested.
Now,it's just with another company,presumably one with friendlier terms for Samsung.
As you've probably noticed,you can't fully disengage/disable/deny all permissions here,less root (or ADB disabling/package disabler apps).
At least you have a phone that's rootable & can cruise the ROM scene for one that leaves this crap off the phone.
If root isn't an option:
Set up your phone & apps,fine-tune as you like for battery optimization on a per app basis/permissions/etc....
Then,either via ADB or a package disabler,disable the apps responsible for the crapware,especially the ones related to Device Maintenance.
https://forum.xda-developers.com/ga...laxy-note-9-bloatware-removal-thread-t3857508
Follow the link in the OP to the S9/S9+ forum/thread,it gives a better idea of what each .apk actually is/ties into.
Here's the app I use to disable crapware/things I don't use:
https://play.google.com/store/apps/details?id=com.wakasoftware.appfreezer
As to which apps to disable,the S9/S9+ thread,while not an exact match,should give you info on what to disable to stop the phone from pinging the 360 mothership & hopefully,not having any ill effects on the apps you want to keep on-board.
If you want a better idea of how each app is interconnected throughout the phone,use these two apps to take a look:
https://play.google.com/store/apps/details?id=com.ubqsoft.sec01
SD Maid (Pro):
https://play.google.com/store/apps/details?id=eu.thedarken.sdm&hl=en_US
(See the App Control & file manager sections of SD Maid for detailed app info).
Anyhoo,back to curbing the nonsense:
Whichever method you use to disable,should you choose to do so,start with this one:
com.samsung.android.lool (Device Maintenance).
This will make the entire Device Maintenance section inaccessible as well.
That is why I suggest disabling vs outright uninstalling (which necessitates a factory reset to get it back).
You may need to access Device Maintenance for whatever reason from time to time,hence the recommendation for disabling vs uninstalling.
Continue monitoring for a day or so & see if the pinging to the Mothership subsides,or hopefully puts a full-stop to it.
Please keep us updated on what,if any actions you take w/the results. :good:
