• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Factory reset block?

J

Johnny_777

Newbie
I had a Samsung s4 in the past that I had suspected of having spyware installed on it. Later finding out that in fact that was the case. I was able to escape this behavior with a package manager and factory reset option. Shortly after I lost the ability on my device to perform a factory reset through settings or through a hard reset. Even my ability to reset my device through lock and ring had been taken away.
My question is how was this possible to block my ability to reset? Was it through our carrier or through samsung account or hidden google account or a app? I have always wondered about this. Any help would be greatly appreciated.
 
Restart your S4 into its Recovery Mode and use the Factory Reset option:
https://www.hardreset.info/devices/samsung/samsung-i9500-galaxy-s4/recovery-mode/
When your phone is running in its Recovery Mode, your Samsung or your Google account are not a factor, nor are any installed apps. Recovery isn't accessing any installed apps nor their background services, it's a maintenance mode with only a handful of specific functions independent of the installed OS or its utilities. (i.e. even if the installed Android OS becomes corrupted and your device can't boot up into it, a working Recovery is still able to do all of its functions.)
 
svim said:
Restart your S4 into its Recovery Mode and use the Factory Reset option:
https://www.hardreset.info/devices/samsung/samsung-i9500-galaxy-s4/recovery-mode/
When your phone is running in its Recovery Mode, your Samsung or your Google account are not a factor, nor are any installed apps. Recovery isn't accessing any installed apps nor their background services, it's a maintenance mode with only a handful of specific functions independent of the installed OS or its utilities. (i.e. even if the installed Android OS becomes corrupted and your device can't boot up into it, a working Recovery is still able to do all of its functions.)
Click to expand...
Thanks. I forgot to add to my original explanation of my question that I could not update my OS as a solution either. I no longer have the device in operation but I do remember that I couldn’t even get the recovery menu to appear. It was almost like a fast boot or something and the device would just restart automatically giving me no options from recovery screen. Ultimately now it’s not that important...I just always wondered how it could have even been possible. The main reason for asking is because I had told the only people around me with physical access to my phone that I had found away to work around this problem by resetting my phone, taking out the sim, starting up on WiFi, disabling certain packages in question with a package disabler (package disabler was a suggestion from google) and then reinstalling my sim. Then 3-4 days later my ability to reset my device was completely taken away somehow. I also noticed a new file folder Satdigger which was empty not sure if it’s relevant to my question though. Thanks
 
In short, that is why I was asking how that ability to enter recovery and perform a reset could be taken away. Along with the ability to reset through settings or lock and ring or erase phone. I had often found things in my research that led me to believe that my phone had been cloned per say or just a node that was ultimately being controlled from another source that could override my ability on the device itself. Thanks
 
Johnny_777 said:
In short, that is why I was asking how that ability to enter recovery and perform a reset could be taken away. Along with the ability to reset through settings or lock and ring or erase phone. I had often found things in my research that led me to believe that my phone had been cloned per say or just a node that was ultimately being controlled from another source that could override my ability on the device itself. Thanks
Click to expand...
Not that tech savvy on computers or phones for that matter. But I had just noticed odd things that could not be explained so I tried my best to learn what I could through online resources. Not a lot of info out there on this topic so I asked. Thanks
 
I will try to recall from memory because my notes are in storage. But to my best recollection from settings it was as if they reset option was greyed out so when pressed to reset nothing happened. From power off holding the hard keys to go to recovery it would just restart the device and never get recovery menu. On remote lock, ring and erase it was the same thing I had faced in settings, I could see the erase option but it was not functional as if my screen had lost the ability to sense me touching it or something.
I promise I’m not making this stuff up. This whole process of noticing something was off with my phone started on a Samsung S5 then moved to a droid turbo2 then to a Samsung S4 across the time frame of probably 2years. It wasn’t until I was advised to install a package disabler and found that it combined with resetting my phone and the above steps gave me a work around did I lose my ability to reset.
I was challenged of my sanity by those closet to me and also the same people who would have had access to my device. I tool very thorough notes the whole time. The reason I asked if it were possible if it was done through my carrier is because of two reasons. First, I was just an account member at the time. Two, I found what looked like some type of manifest or something like that that had been installed on my phone by Ve#%on with a remote endpoint.Also I had notice in carrier features that SDM remote Query was enabled. Never got a straight answer as to what that feature was for or what it meant even from upper level tech support. My suspicion started with google play services and turned to Amazon apps that came direct from our carrier. I was told later these apps were not native to Samsung S4. After a lot of research and a long conversation with Amazon AWS support staff I was told my concerns were valid. Also told they were surprised I paid close enough attention to discover this. But it ended by being told that they were not at liberty to provide who was responsible but that I had made it to the identity pool and without a subpoena they could not share that information with me. They did though advise to get a subpoena and took thorough notes in the case I did move forward with getting a subpoena. But I was not financially able to do so at that time. I often wondered if amazon cognitio was the culprit along with a couple other things but I had to at that point in my life just drop it. Today what I often wonder is not about who...but how could someone have so much control over a device they could remove your ability to even factory reset your device. Sorry for the long explanation. Just tried to fill in as much as I could from memory. I do have notes of all running packages at the time if going through any of those at a later date might help me get an answer or anyone else in the future that may face something similar. Thanks again
 
Not sure if this info helps but will share just in case. I had install a connection tracker app to record connections made to both my phone and my wife’s phone. Also in developer options made system processes show on the screen so I could see what was taking place. The connection tracker had a lot of connections as I learned was normal but it also had a few connections to IP’s that I determined to be local from the connection tracker app showing the connection location and providing the IP address. The IP address brought me to a login for a Microsoft email account login and I had not received received or sent any emails in days. Also discovered something called “Dirty Data Sync”. Last but not least, my gmail account would not work unless I allowed it to sync. As for my wife’s phone, the only connections I was unsure of was Teklink which was local and Ve$&on business. How ever I did notice one thing while having both of our phones. I turned on my WiFi, because I usually kept it off because of my issues, and on the notification bar on her phone a symbol popped up at the top indicating a push message being sent. Like I said, I am not tech savvy so some of this could be normal but I am very observant and persistent. Just trying to educate myself on how someone or something could have complete and absolute control over your personal device. Sorry once again for such a long response. Thanks
 
A 'Package Disabler' app pertains only to installed apps, it is not any kind of Android operating system manager so you're issues with upgrading/altering the Android version is a completely separate issue. Keep in mind the operating system is the software interface between you and your phone's hardware. Apps are just how you interact with the operating system. You the user only have very little ability to directly interact with the OS itself. So using some app you've installed from the Play Store isn't going to be able to let you do anything like upgrade the Android version to another.
Also note that you have to use the correct ROM that matches your phone model (and if you have a carrier-locked model it has to match that carrier). ROMs are not interchangeable so to stop doing that.
 
Correct. My attempt to update my OS was strictly based on the fact I had read that if I did so it would get rid of any malware that may be present. The package disabler was to freeze individual packages with permissions it should not ordinarily have and that I could not force stop and delete data or turn off completely in my app list. But thanks again. Still would like to know the answer to my question about how someone or something could be in complete and total control of your cellphone and restrict your ability to factory reset it. Could it be possible to restrict the ability to perform a factory reset on a cellphone through ADB in order to not have to reset the sync of my personal information to someone else’s cloud? Thus (dirty data sync)(aws cognito)(push messages from another device to my device via WiFi)(sdm remote query enabled) and one I have yet to mention which was local track sync operation found in the file system. Thanks again
 
So you have no option to do a factory reset? Go into settings, system, reset options screen? If something is preventing you, make sure you have device admin apps unchecked.
 
At that point in time I checked absolutely everything. But could not find any explanation for how this could have been possible. Just got to thinking about it so I asked. I explained the scenario to a digital investigator once and he told me that with the level of control I described what was taking place had to be done at an account level. Either carrier, Samsung or google or a combination. Just never really got any answers so I asked. Thanks.
 
Not sure if you read all the threads. The device is not currently active. Just recalling from past experience. To my knowledge the only device admin was lock, ring and erase. Sorry if i had you confused. I should have clarified that again. My question was general in nature although I give a lot of details of what I experienced and thought could be potentially the issue of what was actually going on with my device prior to me losing the ability to perform a factory reset through recovery or through settings or through lock and erase which should have had privilege to do so. Thanks for your help
 
just curious, did you loan your phone to someone? did you send it in for repair?

the reason i asked is because, the only way anybody can get into your phone to do things like prevent factory resets from happening, is to root the phone (basically bypassing the phone's security protecting the phone's os). this cannot be done remotely and will usually require a computer. there were a few one click methods, but early android updates closed those exploits. unless the phone was never updated, that most likely was not the case. adb is a tool that allows you to enter commands to the phone from your computer. you can moves files, and even access recovery from the phone. it can't alter or change the os. you can use it to flash custom roms where the ability to factory reset has been taken out.

......but again the phone needs to be rooted for that to happen. how do you know your phone has been rooted? it can be very hard to tell. there are some apps that you can get in the play store that can verify if the phone has been rooted or not.

so to answer your main question about losing the ability to do a factory reset or hard reset...will depend if the phone was rooted or not. i can't see any other way someone can alter the os like that. there is no way to do this remotely. however, if someone can actually get a hold of your device physically, then it is possible to root your phone without knowing.
 
Yes. The S4 was my Moms prior to being mine. As for who else could have had access, my wife could have for sure. And I have let a few friend use it to make a call or two but they only had it 2-3 minutes tops. I tried to update the OS and couldn’t. I never ran a root check but wondered now if that is what kept me from being able to update. Not sure if this is relevant but I had three separate SD cards I had been storing my information and screenshots and everything from conversations with google to our carrier on these SD cards. All three got corrupted and showed they held no info on them and I was very careful with them to mount and in mount properly. The reason I bring this up is because on my wife identical phone an email symbol was her device admin. But this thing had rights to delete the phone and or delete and erase SD cards turn on WiFi and Bluetooth and more than I could ever remember. It had absolute complete control. When clicked on it said if it was disabled as admin it would delete the phone which I found as odd. I had just never heard of email being device manager and having absolutely every permission you could thing of. It was not the gmail logo either. I often wondered if my phone was being controlled somehow by hers or from a hidden app. Also if it could have been enterprise level apps cause I found a lot of com.sec apps and after reasearching where enterprise level apps. Last thing, the only real reason I suspected her phone could play a role was when I explained previously that I had both devices and I turned on WiFi on my phone and her phone started sending mine push messages cause you could see the icon on the toolbar. Anyways thanks for the help. Sorry for not being educated enough on this topic to have a more productive conversation.
 
Johnny_777 said:
Yes. The S4 was my Moms prior to being mine. As for who else could have had access, my wife could have for sure. And I have let a few friend use it to make a call or two but they only had it 2-3 minutes tops. I tried to update the OS and couldn’t. I never ran a root check but wondered now if that is what kept me from being able to update. Not sure if this is relevant but I had three separate SD cards I had been storing my information and screenshots and everything from conversations with google to our carrier on these SD cards. All three got corrupted and showed they held no info on them and I was very careful with them to mount and in mount properly. The reason I bring this up is because on my wife identical phone an email symbol was her device admin. But this thing had rights to delete the phone and or delete and erase SD cards turn on WiFi and Bluetooth and more than I could ever remember. It had absolute complete control. When clicked on it said if it was disabled as admin it would delete the phone which I found as odd. I had just never heard of email being device manager and having absolutely every permission you could thing of. It was not the gmail logo either. I often wondered if my phone was being controlled somehow by hers or from a hidden app. Also if it could have been enterprise level apps cause I found a lot of com.sec apps and after reasearching where enterprise level apps. Last thing, the only real reason I suspected her phone could play a role was when I explained previously that I had both devices and I turned on WiFi on my phone and her phone started sending mine push messages cause you could see the icon on the toolbar. Anyways thanks for the help. Sorry for not being educated enough on this topic to have a more productive conversation.
Click to expand...
So let’s say for the sake of the conversation that somehow my phone had been rooted without my knowledge, how then could it be possible to restrict my ability to perform a factory reset by any means? Just try to educate myself. Thanks
 
Johnny_777 said:
So let’s say for the sake of the conversation that somehow my phone had been rooted without my knowledge, how then could it be possible to restrict my ability to perform a factory reset by any means? Just try to educate myself. Thanks
Click to expand...
if the phone is rooted, you will have access to the system apps. you can delete or alter them as you like with no restrictions....I'm no developer so I can't get too technical as to how to code.

but the question would be why would somebody want to do that? why not just steal your identity and leave?
 
ocnbrze said:
if the phone is rooted, you will have access to the system apps. you can delete or alter them as you like with no restrictions....I'm no developer so I can't get too technical as to how to code.

but the question would be why would somebody want to do that? why not just steal your identity and leave?
Click to expand...

There is reason I have learned...since this forum is public I will leave it at that. With that said, I studied all the system apps closely. I tried to research some based on name and some based on permissions that seemed out of proportion. But lack of available info kinda stopped me on that. I do remember a few that concerned me and I do have notes were I listed every single system app. I will locate those and refresh myself and ask about a few tomorrow. The ones I remember were AASA service v4.0 and mobile tracker v1.0. AASA service had every permission you could think of and some and I could not disable it. Mobile Tracker just seemed odd to be listed that way since Google Play Services had so much location rights of its on with GMS persistent. Neither of which could be disabled. Those were just a couple that come to mind. All of this kinda ties back into being advised to get a package disabler and resetting my phone.
Thanks for spending the time to help sort through some of this stuff. I just was never able to 100% pinpoint what and how? Unfortunately I have always had a hunch about who and why. Thanks again
 
com.sec.android.app.controlpanel
Control panel remote services
org.simallance.openmobileapi.service remote
com.android.exchange
SMS relay service
cloud wait for WiFi service
NTSC proxy service
com.sec.MSC.NTS.android.proxy
Amazon metrics service
com.amazon.fv
odot service
Gatt Service
WiFi HS20 utility service
com.samsung.hs2o settings
Com.samsung.inputeventapp

These are just a few more.I have a lot more of course but I figured I would spare you.
I have been doing a little reading and found a site were a few people had faced almost identical situations as I did.

So a week or two ago, my phone started to act very suspiciously. It started to glitch, run slow, and restart on it's own. Upon digging around in the running processes, I discovered hundreds of curiously named .apks and custom written scripts that seemed to make use of "org.simalliance.openmobile.api.service:remote ". Essentially I found logs being created of every app and service on the phone and found protocols used to dump the logs into a remote service. Simple spyware? Maybe....until I found this.

Upon trying to factory reset the phone, I saw that the phone was in "#manual mode. Multi csc mode applied" There were also several log files that appeared to show some genius level hijacking of everything in the phone down to the root files. At this time I'm not 100% sure if the "phone" rooted itself. But, it sure looks that way based on the log files. The files show custom scripts being injected to launch apk files and scripts while "factory resetting" the phone (I've never reset or rooted this phone). The interesting thing is though, is that once the files did their work, they deleted themselves, according to the logs.

Upon trying to factory reset or wipe the cache partition, the phone spits out a short log file and in about 2 seconds "factory reset and wipes the phone". However, upon booting the phone, it's clear that all of the same rogue apps (multiple iterations of "android system", "google services", "smartcard manager" and processes are still running strong. A few examples include "com.qualcomm.attfwdservice" "com.qualcomm.embms" "com.qualcomm.telephony" "deviceTest" "com.samsung.inputeventapp" "com.trustonic.tuiservice" "Make_sim_DBService" just to name a few. I realize that at face value, some of these processes are part of core files in the phone, but upon viewing the processes started by them and the permissions they are given, they seem very out of place.

Permissions include READ_CALL_SETTINGS, "This application can access MDM content providers" "com.sec.android.app.music.permission.WRITE_SE TTIN GS", "com.sec.android.app.sns3.permission.SNS_FB_AC CESS _TOKEN", "MIRRORLINK_ACCESS_PERMISSION", "com.samsung.android.soagent.permission.ACCESS ORY" "com.android.permission.LOCK_TASK_MODE ".......provider.badge.permission.WRITE" and many more. all of the apps that I deem suspicious are mentioned in the process description as grouped together and all have similar permissions.

Some other symptoms (to name a few) of the phone are random shutdowns and reboots (this always happens when trying to install a new app however), battery life being taxed slightly, catching the phone once or twice in a menu when unlocking the phone, cache files constantly piling up for audio recorder and camera, "selfie alarm process", things like google services and play store showing up in the downloaded apps section, getting redirected to "tracking.roo....." very briefly before getting to the URL I typed.

I got this from https://www.sammobile.com/forum/thr...y-Compromised!!-(Like-Nothing-I-ve-Ever-Seen)
I was amazed to find it almost fit identical to what I myself had gone through.
The reason I say that is because about a week ago I realized I was not the admin on my own hp laptop which I bought new last Christmas and no one has ever used but me and has never left my home...but it has been used over my home WiFi network. I also had my sons Samsung WiFi tablet affected by this type behavior.
So what started as a concern for how someone or something could restrict my ability to factory reset my old cell while in use is starting to turn into a possible network issue which would make sense to some degree since I had 3 different phones affected before. Sorry for such a long post. Any and all responses welcome. I promise I have an open mind.
 
Dannydet said:
Ditch every device you own including your network devices and start brand new along with Gmail email, passwords and phone numbers
Click to expand...

Wow....I am sensing that was not sarcasm cause you think I am paranoid or crazy like most others I have tried to explain this too.

Because this is an android forum I never mentioned my switch to an apple product shortly after and then having two apple id’s taken over and actually watching my screen roll and seeing letters being typed and see WiFi which I did not have on be on and then turn off right before my eyes. The thing I loved about my android was being able to view the file system. Looks like I will be getting another soon enough.

Thanks so much for your response. In your experience would you say this would be from a local threat from a potential hacker I might know or do you think it’s a hacker that just picked us by random and could be anywhere in the world. Or just nasty malware that made its way into our network? I know any answer would be speculative at best and my defense to another occurrence would essentially be the same reguardless but I would love your opinion on where possibly this threat could be coming from because I personally have always thought it was from a close source because a long conversation with AWS abuse support I spoke with that said I needed a subpoena to find out who was in the identity pool I had tracked it back too. Thanks again for not mincing you’re words in your response.
 
You must log in or register to reply here.
Back
Top Bottom