• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Busybox....HELP PLEASE! What/why/how is it installed on my device without my knowledge or permission

kylabeardad

Lurker
I bought a new Samsung Galaxy Note20 ultra 5g through my phone provider 2 years ago. I recently downloaded the app 'Root Checker Pro' to check for security reasons. While the app's root verification process produced negative results. However, the app's secondary verification process produced a positive result for something called "Busybox" and showed a file path where it says it is installed on my device. I definitely didn't install Busybox as wasn't I even aware of its existence. I brought in my phone into a Asurion verified repair shop to get my screen replaced on 2 separate occasions in December of 2021 and April of this year. I can't remember when exactly when but I began noticing unusual behaviours on my device itself like apps and settings resetting on their own, multiple Note20 ultra name variations signed into various accounts of mine, receiving strange test messages, emails and phone calls. Also, I started to observe large atypical data amounts being used as well as charges on my phone bill that my provider can't even come up with coherent explanations for such as provider linked app and subscription payments. Fees for long distance, texts messages and call waiting both inbound and outbound that I didn't make. I went into my devices recovery mode and found a few suspicious log entries with one section stating that something along the lines of "if debug mode wasn't being used the device isn't intended be used for production use". I downloaded ZArchiver and gave access to "support file operations as the root user" in an attempt to veiw the Busybox file path location implicated by Root Checker Pro. Which only got me 2 file name deep before I was stopped by "access is denied". I'll attach some screenshots for reference. I have spent dozens of hours trying to understand what security weakness possibilities are out there that I should look up on and attempt through the process of elimination troubleshooting anything I found that was simular to what I was experiencing. I just don't have enough time to become technically proficient enough to understand the levels and layers involved with the analysis and protection of computer security systems. I've installed multiple antivirus apps but there worthless against social engineering type attacks. Or at least that I'm aware of. I assistance with this from minds more skilled then mine would be massively appreciated. If there's any additional information that would help I can make available if it would help. Thank you.
 

Attachments

  • Screenshot_20220928-122912_Root Checker Basic.jpg
    Screenshot_20220928-122912_Root Checker Basic.jpg
    211.1 KB · Views: 271
  • Screenshot_20220928-122919_Root Checker Basic.jpg
    Screenshot_20220928-122919_Root Checker Basic.jpg
    228.3 KB · Views: 207
  • Screenshot_20220928-122927_Root Checker Basic.jpg
    Screenshot_20220928-122927_Root Checker Basic.jpg
    296.6 KB · Views: 194
  • Screenshot_20220928-112710_Root Checker Basic.jpg
    Screenshot_20220928-112710_Root Checker Basic.jpg
    233.8 KB · Views: 190
  • Screenshot_20220928-122842_ZArchiver.jpg
    Screenshot_20220928-122842_ZArchiver.jpg
    108.9 KB · Views: 181
  • Screenshot_20220928-123605_ZArchiver.jpg
    Screenshot_20220928-123605_ZArchiver.jpg
    48.6 KB · Views: 197
I agree with @Dannydet
All your suspicions are apparently focused on basic functionality of a typical Android device. Or in other words, you're fabricating evidence of a problem that doesn't exist. Regarding BusyBox, it's a collection of fundamental utilities for Unix based systems that's not only held in high regard but also with a long history going back even before Android even existed.
If you're so paranoid about the background processes any Android device uses to function, it's time to stop using a smartphone for your own mental health. (Note that while Android uses its own variant of the Linux kernel, even iOS on iPhones is a derivative of BSD, a Unix offshoot.)
 
Yeah, Busybox is an integral part of the device's firmware, i.e. Samsung put in there, in the factory when the phone was made.

Busybox is usually found on embedded OSs that use a Linux kernel, such as Android.
 
Last edited:
for a piece of mind, setup two step verification where applicable on all of your various accounts. then do a hard reset. keep in mind a hard reset will trio FRP(Factory Reset Protection) and you will need your original email and password used to sign in originally when you first setup the phone.....so make sure you know that first.
 
I agree with @Dannydet
All your suspicions are apparently focused on basic functionality of a typical Android device. Or in other words, you're fabricating evidence of a problem that doesn't exist. Regarding BusyBox, it's a collection of fundamental utilities for Unix based systems that's not only held in high regard but also with a long history going back even before Android even existed.
If you're so paranoid about the background processes any Android device uses to function, it's time to stop using a smartphone for your own mental health. (Note that while Android uses its own variant of the Linux kernel, even iOS on iPhones is a derivative of BSD, a Unix offshoot.)
Hey, I appreciate your help. I don't know enough about the technical side of smart devices. Whenever I try to figure out how to fix something, I admittedly get overwhelmed with the amount of information I involved with actually understanding whether or not it is or isn't an issue. I'll probably about taking your advice and go back to the basics.
 
I can certainly attest to the annoyances and concerns of modern hardware given I was recently forced to upgrade from my beloved Thunderbolt to a modern phone, but there's no recourse anyway. You can't find a 'simple' flip phone since they're nowadays just smartphones with KaiOS and have embedded all the privacy-hating Google apps like a modern Android smartphone. No carrier today will reactivate a RAZR, Droid, or BlackBerry Curve today. I know the older networks still exist in my state, but carriers refuse to cooperate even if you offered them a lot of money. Believe me, I tried. Unlike the AMPS shutdown this isn't mandated by the FCC just carrier arrogance and futurists who refuse to live in a world where someone still prefers to use a decade-old smartphone.

TL;DR "Going back to basics" is not as possible today. Modern phones flip/basic/dumb/smart all have the same data-gathering going on.
 
Back
Top Bottom