Does factory reset remove malware?

[meridius]

The phone company took my phone away and I am not sure what they did with it. There was a problem with my internet connection APN which they changed.

I have done a factory reset and hard reset (wipe data/factory reset) as well as a full scan with an IS suite. In addition I ran a root recovery check from the Android Recovery console which passed.

Would these actions have eliminated any potentially dangerous code if it had been added without my knowledge?

Also how can we test for unauthorised changes to the android source code by a third party?

 

[Dillon Derbowka]

A factory reset will clear everything that was on the phone to the point where it would have came from factory.

 

[mikedt]

The phone company took my phone away and I am not sure what they did with it. There was a problem with my internet connection APN which they changed.

I have done a factory reset and hard reset (wipe data/factory reset) as well as a full scan with an IS suite. In addition I ran a root recovery check from the Android Recovery console which passed.

Would these actions have eliminated any potentially dangerous code if it had been added without my knowledge?

Also how can we test for unauthorised changes to the android source code by a third party?

Apart from the phone company, which I presume are legit and can be trusted, has anyone else had unsupervised access to your phone out of your sight?

Depending what phone it is, you can usually check its integrity yourself. Like if it's a Samsung, check the Knox and warranty void counters, they should be 0x0.

 

[meridius]

It's only the phone company that has had access to it. I was only worried that they could have installed some software using root access without telling me. My tablet phone is Philips TLE722G. If there is anything else I can do that isn't risky to check the integrity of this model of phone and operating system (Android 7) please let me know.

 

[psionandy]

If it's the phone company, I doubt that they would be installing malware surreptitiously on your phone.

.. especially as they don't need to. If there was a court order against you then they could get what they need through the back end...

 

[meridius]

Sounds similar to Windows... I don't normally allow anyone to touch my electronic equipment and especially not to take it out of sight to adjust an APN through their pc or whatever they did. If a factory reset takes android and it's code back to it's original state then that's what counts at this stage.

 

[James_Watson]

Don't worry. I don't think the phone company will do that in general.

Or you may check if there is any new and strange process in Settings - Apps or Settings - Developer options - Running services.

 

[deltamind]

I have tried to factory reset some of my devices in the past and it never seemed to remove the malware, ended up sending it to get repaired. I don't think the company would do something like that.

 

[svim]

.... If a factory reset takes android and it's code back to it's original state then that's what counts at this stage.

No a Factory Reset does NOT return the Android operating system on your phone back to its original state. That's an often repeated but incorrect statement. A Factory Reset clears off user data, it does nothing to the operating system.
Just as an example, if you bought a phone running Marshmallow (version 6.x.x) and it was at some point upgraded to Nougat (version 7.x.x). Then later on you had to do a Factory Reset for whatever reason. Your phone would not revert back to its originally installed version of Marshmallow. It would remain running the version of Nougat it was before the actual Factory Reset is done. So if it was running 7.1.1 before the Factory Reset, it will still be running 7.1.1 after the Factory Reset. So the fallacy that a Factory Reset wipes 'everything' just isn't a reality. If that were true, that 'everything' is wiped from the internal storage media, this means there would also be no operating system either. Your phone's Android operating system cannot just magically restore itself if it's indeed completely deleted.
Your phone's internal storage media is divided into several partitions, most are dedicated solely to the operating system and one is just for storing user data and things. A Factory Reset wipes clean that user data partition, and that's it. Those operating system partitions are left as is. Unfortunately, the term 'Factory Reset' has always been a bit of a misnomer. Yes in a sense it does return a phone to it's 'factory' state -- there's no user data, no user apps, no user configuration settings -- so in that sense it does apply, conditionally. But as far as the operating system, that's going to be same as it was before you do the Factory Reset.

 

[meridius]

I don't think the phone company have done anything malicious but I am just taking precautions and thanks for the factory reset update. It is a deceptive term...

I am not sure I understand root verification options but I managed to get into Developer mode. I didn't see any unusual programs running in 'Running Services'. Is there anything else I can investigate from there? Also is it advisable to hide Developer mode from the menu again and how?

 

[svim]

I'm not sure as to why you suspect your phone company installed some kind of exploit onto your phone while it was being serviced. Ignoring conspiracy theory and paranoia, why are you so worried they did anything except correct that APN issue?

 

[dontpanicbobby]

No. Way late.

 

[Xavier Black]

No a Factory Reset does NOT return the Android operating system on your phone back to its original state. That's an often repeated but incorrect statement. A Factory Reset clears off user data, it does nothing to the operating system.
Just as an example, if you bought a phone running Marshmallow (version 6.x.x) and it was at some point upgraded to Nougat (version 7.x.x). Then later on you had to do a Factory Reset for whatever reason. Your phone would not revert back to its originally installed version of Marshmallow. It would remain running the version of Nougat it was before the actual Factory Reset is done. So if it was running 7.1.1 before the Factory Reset, it will still be running 7.1.1 after the Factory Reset. So the fallacy that a Factory Reset wipes 'everything' just isn't a reality. If that were true, that 'everything' is wiped from the internal storage media, this means there would also be no operating system either. Your phone's Android operating system cannot just magically restore itself if it's indeed completely deleted.
Your phone's internal storage media is divided into several partitions, most are dedicated solely to the operating system and one is just for storing user data and things. A Factory Reset wipes clean that user data partition, and that's it. Those operating system partitions are left as is. Unfortunately, the term 'Factory Reset' has always been a bit of a misnomer. Yes in a sense it does return a phone to it's 'factory' state -- there's no user data, no user apps, no user configuration settings -- so in that sense it does apply, conditionally. But as far as the operating system, that's going to be same as it was before you do the Factory Reset.

So let me ask you a question..according to your nice, extensive, comprehensive and very educating statement:

Does malware, virus or pathogen elements get only into the USER DATA PARTITION..or do they also get into the other operating system partitions you mentioned?

Because I'm just recovering from a hacker attack in my fabulous §5 phone that just happened last week..a format reset didn't do a thing nor reflashling the firmware..I had to get creative and think like a hacker to get rid of that which had me in the edge of craziness..for real.

 

[Hadron]

The answer is it depends on the malware and the phone/OS. It's possible to install malware to /system in the same way that it's possible to obtain root access, which also requires modifying /system. So if any "one click root" app works on your phone and OS version then you are by definition vulnerable, since the same exploit could be used to install malware to the system, where it would survive a factory reset. If no such app works on your phone that isn't a guarantee of safety from such things, since there may be an exploit the root community haven't found, or installing malware may just be simpler to do that way, but if they do work on your phone then for sure it's vulnerable.

If you do get malware installed to system you really need to reflash the ROM to be sure it's removed. But a complete reflash will remove it, because that overwrites everything, so if it didn't I'd check your Google account because that would imply that they had some way of reinfecting you.

 

[svim]

That could be something of a mystery to fix. While most exploits are limited to compromising things just in the limited, user data partition, there are a number of more advanced exploits that are much more sophisticated and are able to insert themselves into the operating system (even on a non-rooted device). When that happens that requires re-flashing the ROM, and probably a Factory Reset in the event the exploit is based on something in the operating system that infects the user data. That's also the issue to make note of when using anti-virus/anti-malware apps from the Play Store. Those are installed with the typical user-level permissions so they are limited to the general, user data partition with only very, very limited access to the operating system. So while those types of utilities are successful most of the time, there's a lot of times they just can't clean out something if it's in the OS.
On a rooted device, it might be possible to manually delete infected files that get into the OS, but that's of course very dependent on a lot of factors. The safest option is to re-flash the ROM. Plus, once your device gets compromised, if it is something really sophisticated, i.e. some professional-level malware released into the public by our 'fun-loving, always helpful' NSA, the odds that any of us will be able to remove it could be a challenge with the added problem being really well-crafted exploits are hard to even detect.

 

[Xavier Black]

The answer is it depends on the malware and the phone/OS. It's possible to install malware to /system in the same way that it's possible to obtain root access, which also requires modifying /system. So if any "one click root" app works on your phone and OS version then you are by definition vulnerable, since the same exploit could be used to install malware to the system, where it would survive a factory reset. If no such app works on your phone that isn't a guarantee of safety from such things, since there may be an exploit the root community haven't found, or installing malware may just be simpler to do that way, but if they do work on your phone then for sure it's vulnerable.

If you do get malware installed to system you really need to reflash the ROM to be sure it's removed. But a complete reflash will remove it, because that overwrites everything, so if it didn't I'd check your Google account because that would imply that they had some way of reinfecting you.

You've nailed it exactly right to the point!, that's the way the ****er got to me..through the Google..an app I downloaded from your fabulous Google play store(lol)..to be exact: YOUMAIL.

 

[Cranjack]

Yeah, this will help you to remove maleware but you will lose all of your important data.