• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Help I bought a used phone and... Uh oh. How bad could it be? How can I tell? Is it even salvagable?

M

Marvin P Droid

Lurker
So, a variety of minor suspicious activities accumulated, leading me to start checking out my used phone. I am NOT at all tech-savvy and had never heard of 'rooting' phones before.

I have managed to gather the following details, with which I realllllly hope you can shed some light for me!!
(I am beginning to suspect deliberate, targeted spying may be happening. Or am I being paranoid??) Help!

1.Certain apps will not work on my phone, but display a 'rooted phone' warning.
2.Root checking apps all return a negative result (Not rooted), but also indicate that Busy Box is installed (somewhere) and appears to also indicate presence of SuperUser.
3. The same app also fails my phone on Safety Net check (whatever that is), with results giving 'failed' for CTS Profile Match and for Basic Integrity.
4. I have done a number of full factory resets (I have no SD card) and when it boots back up, NONE of the files are deleted, only the apps. It also boots up with a number of suspicicious apps up and running (such as a 'Device Information' app, TWRP and a few others). But I don't even know what I am looking for. It could be riddled.
5. My facebook account information often appears to show my phone signed in twice, simultaneously, often from different ip's, despite having not moved from my home. Last week it showed me logging in from a Linux device, which I have never used. Maybe this is in fact normal? It just seems bery sus. (Yes, I have changed passwords several times).
6. Battery sometimes charges super fast, sometimes very slow.
7. I have had some very strange messages from people on various social media platforms that SEEM to suggest they can see my activity, although never flat-out saying it. The messages are certainly odd but I may also be adding my own paranoia to this mix.

That is about all I can think of for now.
ANY thoughts/ advice on this will be VERY gratefully recieved!
As you can tell, I have no idea what I am doing with this stuff. I need Big Boy help! Thank you all in advance!
:)
 
I'm no root expert, but Busybox, SuperUser, and TWRP are all indicators of the phone not being factory. TWRP is an open source recovery used to install custom roms, install root patches, perform backups, and other functions. Normally in order to install that you need to unlock the bootloader so you can flash it. Busybox are linux utilities that you can utilize with root access (Android is a linux derivative, which may explain the linux login) and SuperUser is an app that can only be installed with root access.

It may help if you told us what kind of phone, and if you could give us some information from the Settings | About Phone screen.
 
Hi. Thanks. Yes, I gathered that these likely indicate the phone has been rooted.
As I say, I bought it already used but I am not sure if the root was done by the previous owner or through some devious hack.
I should have said, the phone is a Galaxy Note 8.
Which About Phone details will be helpful?
 
It could have been, however evidently not very well. I have actually found some photos and videos of previous owner, whilst looking through files...

Phone is a Galaxy Note 8 and I paid about $120, I think. BUT, I live in Phnom Penh Cambodia, so... Maybe not helpful.

State snooping is certainly completely ufettered by law here, so likely rampant.

Is it likely, or possible, that having been previously rooted, my phone was left more vulnerable for subsequent hackers?
 
The phone details would help folks know what ways are available to get the phone back to factory OS and eliminate the problems you are having. I wouldn't worry about a devious hack, that is really tough to do with Android after a factory reset.

I see you are in Cambodia in a post that just popped up, so that also helps. I would look up how to flash factory firmware for the Note 8. You should be able to find instructions and downloads as that is a pretty mainstream device. I'd give preference to sites like ours or XDA for instructions and links to download.
 
Something more like this
No_PC0tTSMnOK3lTigm04sfdKSr9sPuWfqeKk0Bff0hLtjGItocLw1YpRVee08x6PRF9EG2IUIG7FxlSCmgmyEfEvxVVUmcrZ91ohZ7HyImmxJwg7p2_6gKbYbItT1mF33HUwCxYAkVNGOEwu7ytw3HkrbqH7MKiQy7GJPQ4OPWO3JLK5ve1K9o16I2c9O-_JtQUQcytQ-n3BRbxlp-SomxRksTmOyTqDRX_yEuI-v2RSfRx52HWgZJDsHzXwWddtpmAdkYdnDc-avcvoarSWzSBo5iOrLmKl8-ru-2uI0PEQpoWB2SNONVj0jN1p1hsDxpctrsYmeXnBw6yTEBVfA_URGetw0Cw0PwQYK3qKPiPdAfDI7AiSsiOCrwnHS5Cp5yAuun5yqyJT7nEGlSsBneiQ3LEHpjM1MXVBMIXnNyPi4ETCwCVBycKsG8DgfIgpirPHhP0oZNEquDL57XtVDpVxzSnqIDm90-WCyCFCetEPXil_TQAMELj0sbzIGOTOxlENjFNk7ATao0shMOE1cAgmDm_Br50eKzPAif9NudcZ3TdaaDe6pTwt8t8RXMO-JxVGxb-wImQeAAcgOE-Su23tNiy95msAYsOZQ-_t7lUTpEJQQRW_Qsv8wjBBZNZVSx5VYVTn3Zb1Af6gJvQZkCntZ-ciVjH7zSwqVgOJazqw0qbKsa9i17rxlrzbcpRkAGXyQqn6cBOoREqkbA8hxtx=w423-h938-no
 
From the image you posted, you want the "Software Information" menu, the next one down to show some useful info. :)
 
Buying any pre-owned phone will involve some risk -- if you actually knew the previous owner, and trust them, than there's something wrong with the phone and/or the installed Android OS that you need to have looked into; if through a verified retailer or licensed re-seller than the odds are less (they tend to reflash the firmware and/or Factory Reset by default) and again, you need to have the phone and/or the OS looked into; if you don't know anything about the previous owner or anything about its history, the odds it's been compromised in some way are really high.
If you know of a trusted service shop nearby, have them flash the firmware and do a Factory Reset. This essentially returns the phone back to its original, first-time user status. (flashing the ROM replaces the installed Android operating system with a new, clean install, a Factory Reset completely clears the user data partition). But you're never going to be able to get a definitive determination if your phone is or isn't compromised using any online help forum. That requires a hands-on, trained technician to fully examine a phone, and that also requires a good amount of disposable income on your part. The most economical thing to do is just flash phone and reset it, then start over. Or buy a new phone that doesn't have what may or may not be a questionable past.
 
Svim...

Yeh, I got it from a small, family-run phone shop on the outskirts of Phnom Penh. Lol. Couldn't really inspire less confidence than that, eh?

Your advice is probably what I will do: Kill the bastard with fire and just buy a NEW one. Problem sorted...(?)

BUT I did read something, somewhere advising somebody with a similar problem to not only replace the phone, but also the sim card and to open a new Google account and delete the old one. Does that really sound necessary?

Also, what are the chances that my phone is riddled with undetectable spyware?
 
I'd replace the phone with a NEW one, also a new SIM card and new Google account as you don't know if, or to what extent they may have been compromised. I realise it's a pain having a new number and Google account, having to tell people too.
 
Marvin P Droid said:
Svim...

Yeh, I got it from a small, family-run phone shop on the outskirts of Phnom Penh. Lol. Couldn't really inspire less confidence than that, eh?

Your advice is probably what I will do: Kill the bastard with fire and just buy a NEW one. Problem sorted...(?)

BUT I did read something, somewhere advising somebody with a similar problem to not only replace the phone, but also the sim card and to open a new Google account and delete the old one. Does that really sound necessary?

Also, what are the chances that my phone is riddled with undetectable spyware?
Click to expand...

Technically, there are things called keyloggers that can remember anything/everything you type- passwords, security info, etc..

The odds of this surviving through a factory reset are dubious, but obviously the device has some history.
 
A factory reset does not undo any changes to the system. That's why stuff like busybox, superuser, TWRP are still there. And, potentially, any other system changes that the previous owner made before doing a shoddy job of unrooting it.

The clean way to unroot, which also removes all other changes, is to reflash the phone with a set of stock firmware. Doing this should clear your phone of anything unwanted that is one it.

If however you suspect that there might have been a keylogger you need to change any password you have entered from that device. And of course you should not use that device to do this, at least not until you are certain that it is clean.
 
Marvin P Droid said:
Svim...

Yeh, I got it from a small, family-run phone shop on the outskirts of Phnom Penh. Lol. Couldn't really inspire less confidence than that, eh?

Your advice is probably what I will do: Kill the bastard with fire and just buy a NEW one. Problem sorted...(?)

BUT I did read something, somewhere advising somebody with a similar problem to not only replace the phone, but also the sim card and to open a new Google account and delete the old one. Does that really sound necessary?

Also, what are the chances that my phone is riddled with undetectable spyware?
Click to expand...

At this point if it's a matter of different issues you need to consider. If this phone has been compromised in some way (that is not a given as it 'might' not be) and if you've been using it as a day-to-day phone than anything you've done on the phone is questionable. (i.e. they could now have the user names/passwords to various online services). But even if nothing is exploiting this phone, it's previous history is always going to be an issue that should never be ignored (i.e. TWRP is a custom Recovery, the phone should be using Samsung's stock Recovery, so that itself is an indicator of previous usage you cannot just ignore) -- you need to flash the firmware (replace the installed Android OS) and do a Factory Reset (wipe the user data partition) to clean a used phone, and that needs to be done before you set it up and start using it. While the phone is offline and being reloaded/wiped completely, you need to go through the very arduous task of resetting to the passwords to all your online services. This password reset project has to be done while the phone is offline, if it was compromised any changes you make to your online services could be tracked via the phone. You need to clean up your online presence so when the phone is clean when you then set up and configure your online service on it again you'll be using your new login authentications.
 
You must log in or register to reply here.
Back
Top Bottom