malware or genuine update?

[navdroid]

Hi,

Few trial games, Gamezone, typing meter, s note and s connect (screenshot attached) got installed on my phone probably during what looked like a genuine software update.

If i do a factory reset, these games are shown reinstalling themselves. An orange progressbar and game thumbnails are shown.

My android version is unchanged. It was and is 4.2.2.

Are these software malware? The inexperienced lady at the samsung service center said it might be part of the OS update. But i am still doubtful.

 

[navdroid]

Correction: the apps that got installed were typeit, surfing meter, game zone, s connect, prince of persia, nova, s note and one more game.

 

[Hadron]

When you say during what looked like a genuine software update you mean through Settings > About > Software Updates? Did the phone reboot to install the update? If not I'd be very doubtful it was an actual update.

A real update would install stuff to system so it would not be affected by a factory reset. But I guess if the games have large binary elements they may well install part to system (if part of an official update) and download the rest to general storage, so I don't think what you describe is impossible. Not all updates change the Android system, so again it's possible that it's genuine.

"S Note" and "S Connect" are Samsung apps, so the sort of thing which you'd expect in an update. I'd think that installing a few games as part of an update would be less likely, but I cannot be certain. If you bought the phone through a carrier rather than directly from Samsung they would be responsible for any updates.

So the conclusion is that I can't rule out the possibility it was genuine (info on precisely how the update occurred would be most helpful here). If you are concerned this might be a good time to install something like Malwarebytes and give the phone a scan - that will do no harm and may tell you something.

 

[navdroid]

Thank you.
I did not initiate the update. The settings in the phone were to automatically download updates if connected to wifi. The wifi used to get switched on automatically and downloads would happen.
Yes, the phone rebooted for the update to take effect.
Am surprised this happened just a few weeks after my warranty expired.

The games allow me to play only for 120 seconds and are totally not more than 11MB. What about the other softwares that got installed? Typeit, surfing meter and gamezone? Anyone know those as genuine? I didn't purchase the phone directly from samsung. It was from a retailer who sells phones of many other brands.

Will try malwarebytes. I hope when i install such a software and the uninstall it, android gurantees it is fully uninstalled and does not leave behind any residual spy software?

 

[Hadron]

If by residual spy software you mean MalwareBytes then there's nothing to worry about there.

It does sound like an official update the way it installed. Your warranty is irrelevant: the manufacturer or carrier will push out updates on their schedule, and you get these whether in warranty or not.

So the games are samples, which presumably let you download the full thing (maybe for a price)? If so I would really hope it's not Samsung themselves doing that.

Type It you can find in the Play Store. The others are very generic names (a Web search turned up many references to something called a Samsung Game Hub, but not zone).

 

[navdroid]

Thanks for helping out Hadron. Malwarebytes did not find any malware.
Yes the games are the kind of samples you mention.
It's disappointing that Android or Samsung resort to such cheap ways to make money.
Wish the factory reset data was a read-only section that future updates would not be able to alter. And subsequent updates would be stored in separate areas of memory. That way, at least a user would have a choice of upto which stage they want to do a factory reset.

 

[Hadron]

The problem is that people would then complain about storage - you'd effectively have to keep a spare copy of your original OS & firmware as a backup, and then have the updated versions as the working copies. Allowing you to selectively roll back would use even more of your storage. That's one reason why people root, to give themselves control of this stuff.

It won't be Google adding these apps. If the phone does not have carrier-branded software that would suggest it's Samsung (though it's usually carriers who are the worst for adding bloat). The good thing is that the actual update is stored in the system partition, rather than the data partition where user-installed apps live, so only data downloaded by the updated apps is using space. Hence if you disable the apps you don't want (which I assume it will let you do) and clear data for them they shouldn't get in your way.

 

[navdroid]

I thought the updates would be like a software patch and the space taken would be = Android OS + patch.
So felt that the user should have the choice of installing only the OS or to install the OS+patch.

Yes, i can uninstall the games and disable some of the other software, but they do come back after a factory reset.

Anyway, thank you very much. Glad to find a helpful forum. Good UI too this forum has!

 

[electricpete]

Glad you like the forum.

If you are rooted, you have some options for getting rid of bloatware (Titanium backup).

 

[electricpete]

For that matter if you're rooted you can prevent OEM / carier updates altogether.

For the AT&T Samsung S4, stopping updates (from Samsung and AT&T) can be accomplished by freezing three apps:

OPTION 2 - Freeze the following applications...
-- AT&T Software update -- system/priv-app/wssyncmldm.apk -- AT&T
-- wssyncmlnps -- system/priv-app/wssyncmlnps.apk -- Samsung
-- LocalFOTA -- system/app/LocalFOTA.apk -- Samsung

above quote is excerpted from here:
http://forum.xda-developers.com/showthread.php?t=2616221

Of course the updates may also bring security improvements which you'd be stopping. For that matter, some people may have security concerns about rooting in general. I tend to think the concern would be limited to the particular apps that you explicitly grant root access, but you never know.