hey guys i download a app but didn't get what I thought I was getting, what I was trying to get was apk pure but but it ended up being apk file Manager i got some pictures of some further Information, also i was getting random game apps being installed Tha wasn't done by me, i really hope this is just adaware and not spyware
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
possible Spyware found
- Thread starter willsp28
- Start date
@willsp28, just a little suggestion: when you add a bunch of replies [instead of editing your OP], it gives the impression [before entering the thread] that several people have responded, and your issue is being addressed. I very nearly skipped it because of that!
It's unrealistic to expect immediate replies. So please ask your question(s) in one post, then be patient! As soon as someone sees it and has advice to offer, they will.
It's unrealistic to expect immediate replies. So please ask your question(s) in one post, then be patient! As soon as someone sees it and has advice to offer, they will.
That's a pretty dramatic step. Please post back if it's already a done deal.
Are these apps actually installed? What happens if you click on those game icons?
The reason I ask is that according to the permissions of the official version of that app (APK File Manager) it can install shortcuts on the desktop but not applications. So if that is the official app (and as far as I know APKpure check uploads before they make them available, so it should be the same app) it could put a shortcut on the screen that would take you to a download page for the game but should not be capable of installing the game itself.
But note that that is saying that if you have the real app it would not be capable of that. If it's a modified version (which APKpure claim they filter out) then its capabilities could be different.
The odd thing is that I can find that app in the Play Store but I can't find it in APKpure! There is an app called "APK File Manager" in APKPure but it's got a slightly different logo and a different version and is from a different developer. That said from what I can see in the comments both are trash. And as you've found it's not the same as the APKPure app itself.
The reason I ask is that according to the permissions of the official version of that app (APK File Manager) it can install shortcuts on the desktop but not applications. So if that is the official app (and as far as I know APKpure check uploads before they make them available, so it should be the same app) it could put a shortcut on the screen that would take you to a download page for the game but should not be capable of installing the game itself.
But note that that is saying that if you have the real app it would not be capable of that. If it's a modified version (which APKpure claim they filter out) then its capabilities could be different.
The odd thing is that I can find that app in the Play Store but I can't find it in APKpure! There is an app called "APK File Manager" in APKPure but it's got a slightly different logo and a different version and is from a different developer. That said from what I can see in the comments both are trash. And as you've found it's not the same as the APKPure app itself.
ok yes its actually installing random games i opened up several games, but it looks like the apk file Manager wasn't actually installed but rather a link added to my home screen giving it the appearance of being installed, the real apk pure isn't in the play store but the fake one is, i just want to know if we can find out if this is adaware or spyware, but i lm guessing since the suspect app isn't actually installed none of the virus scans can see it, seems like a pretty cleaver way of sneeking in, since it says its being installed just like any other app
and sorry bout the multiple posts earlier, i wasn't thinking i could edit and add to my post, ill do that next time
and sorry bout the multiple posts earlier, i wasn't thinking i could edit and add to my post, ill do that next time
puppykickr
Android Expert
Ok.
First, ditch everything that you or whatever downloaded.
You did say you started with a fresh, empty device, right?
So, either do a factory reset again, or go through the apps list in the settings, and uninstall anything that just got downloaded.
Here is a link to the official ApkPure website, and right on the home page there is a button to download the ApkPure apk.
I have the app and it is good.
https://m.apkpure.com/
Be sure to also install XAPK Installer, as you will need it for some apps.
Another excellent choice is UpToDown, which is the number two appstore on Earth.
https://en.uptodown.com/
Here is a direct link to the UpToDown app download page...
https://uptodown-android.en.uptodown.com/android
I use bboth of these, and then there is one more- called F-Droid.
F-Droid is great for utilitarian apps, and for security minded individuals.
https://f-droid.org/
First, ditch everything that you or whatever downloaded.
You did say you started with a fresh, empty device, right?
So, either do a factory reset again, or go through the apps list in the settings, and uninstall anything that just got downloaded.
Here is a link to the official ApkPure website, and right on the home page there is a button to download the ApkPure apk.
I have the app and it is good.
https://m.apkpure.com/
Be sure to also install XAPK Installer, as you will need it for some apps.
Another excellent choice is UpToDown, which is the number two appstore on Earth.
https://en.uptodown.com/
Here is a direct link to the UpToDown app download page...
https://uptodown-android.en.uptodown.com/android
I use bboth of these, and then there is one more- called F-Droid.
F-Droid is great for utilitarian apps, and for security minded individuals.
https://f-droid.org/
As Mr Spock might say, "insufficient data".
The simplest explanation for what you describe is that you have downloaded and installed an app which has the capability of installing other apps. That might be the only thing it can do, in which case your phone has not been hacked, you've just installed and enabled something unwanted. But it's hard to ever say definitively that someone hasn't been hacked, because a smart hacker who was after your credentials would not then advertise their presence by installing games - if they are any good you might not know at all. If you are worried about hacking the most likely route is via your Google account, so I would review which devices have connected to it and see whether there is any unexpected activity there. But I think hacking is not the most likely explanation here. However, if you have suffered unauthorised app installs we cannot know what those apps might contain, so while it's possible that this is just an unethical way of promoting some (probably ad-filled) games we can't say for sure.
We don't know what is behind these app installs, though logically it has to be an app that has permission to install other apps. If you scan for apps with that permission (many security apps can do this) that can narrow down the list of candidates. If you are running a modern version of Android you should have to grant the app that permission (which would narrow it further - look in Settings > Apps > Advanced > Special App Access or something similar), while on older versions once you enable installation from "unknown sources" any app with that permission could use it. If you are using APKPure you will have to have enabled at least one app to do this in order to be able to install apps downloaded from them.
If you want my guess as to where you might start looking, look at your web browser. You said you found a web shortcut to this app on your desktop after looking at it in the browser, so if the browser is capable of placing shortcuts on your desktop (and many are) the most obvious explanation is that some ad script on the site told the browser to do this. If you have granted the browser "special access" to install unknown apps then the same procedure could in principle be used to install apps: this is why I think it's an appalling piece of design that any browser should be allowed to even have the permission to request app installation, and why I would never grant this to one of my browsers. But it's something that I suspect some people do out of a misplaced sense of "convenience": it saves you having to download an apk and then use something else to install it (yay, save a couple of clicks by granting the power to install malware to the app most likely to be targetted by a malware installer, really smart!).
However, the thing that doesn't fit is that the suspect apps are being reinstalled after a factory reset. A reset should rescind any special access, or on an older Android versions clear the setting to allow installation from unknown sources. Of course if you reinstall other apps after the reset, or if you have a backup of settings which gets reinstalled, that would be different. I'd check whether the permission to install from unknown sources has been granted to anything, and if it has make sure you don't just restore a problem after a reset.
This is the most likely scenario. If the original unwanted apps/games were installed from the play store and you have backup settings and apps on your phone turned on ... AND after the restore, when prompted to restore those settings you clicked yes, then what's going to happen is that the app settings --including any special permissions -- will be restored from Google Drive and a fresh copy of the app will be downloaded from the play store.
If you are concerend about being hacked, the first thing to do is secure your Google account as @Hadron mentioned. Review your security settings here: https://myaccount.google.com/security making sure you've changed your password recently, and for that matter, change it again. Make sure all your contact information is accurate and current. Enable 2-step verification. Click 'manage devices' and remove any you don't recognize. Now, go ahead and factory reset your phone again, this time when prompted, do NOT restore from backups. You, of course will have to manually re-install all of your apps, but you should be fairly safe from any previous hack, if one existed.
My device is Android 9 when I set up my device I selected set up as new so it shouldn't have installed anything from my previously installed apps, I also didn't have unknown sources on, but I definitely agree that a hacker that could leave a back door even after a factory reset wouldn't be installing apps and blowing his cover, so then I've got adware that isn't cought by adaware apps and stays after a reset, I'll reset it again and make sure I don't copy any information from my current settings, also what's weird is that my old phone that I was using to test the suspect app ended up downloading the exact same set of apps, I've never seen anything like this
Nothing can stay after a reset unless it has been installed to system, which requires root privileges. With Android 5 malware that could escalate to root and then install stuff to system was a reality, but I've not heard of anything that can do that with Android 9. So unless it has happened to restore despite your telling it not to this is quite surprising.
I'm almost inclined to try this on my old phone, which has root and a custom recovery (so I could take a nandroid backup and then restore that to absolutely for sure remove anything that downloaded). It's been a long week though, so I'm not sure I'll find the energy tonight (as the phone doesn't have an SD card I'll have to find a microUSB OTG adapter to store the backup off-device, which is something I've not touched for about 3 years).
I'm almost inclined to try this on my old phone, which has root and a custom recovery (so I could take a nandroid backup and then restore that to absolutely for sure remove anything that downloaded). It's been a long week though, so I'm not sure I'll find the energy tonight (as the phone doesn't have an SD card I'll have to find a microUSB OTG adapter to store the backup off-device, which is something I've not touched for about 3 years).
Ok I just did another factory reset and only installed this forums app and did not turn on unknown scources
And it will let me uninstall those game apps, so there not just bloatware are they? Cause I don't remember having.to uninstall them before but I could have just forgot, but also bloatware can't be uninstalled without root, which I do not have
And it will let me uninstall those game apps, so there not just bloatware are they? Cause I don't remember having.to uninstall them before but I could have just forgot, but also bloatware can't be uninstalled without root, which I do not have
Attachments
Hang on a sec. What phone is this we are talking about and who's your carrier? The reason I ask is that AT&T used to bundle a lot of non-removable bloatware with their branded devices. A couple of years ago they changed the model to download the bloat from the play store on first run. This did a couple of things ... It saved them on development of custom firmware for all their offered models, it allowed them to change what apps were downloaded quickly and easily, if they wanted to add or remove sponsors. And, it gave end users the ability to completely uninstall the apps if they wanted since they weren't technically part of the System ... just the script to install them was.
I wonder if that's what's going on with your phone?
The easy way to test this is to create a test gmail account with no links to your primary account. Then factory reset your phone and use the test account to login to the play store. If the games show up, then it's most likely sponsored bloat being installed by either your carrier or the manufacturer.
I wonder if that's what's going on with your phone?
The easy way to test this is to create a test gmail account with no links to your primary account. Then factory reset your phone and use the test account to login to the play store. If the games show up, then it's most likely sponsored bloat being installed by either your carrier or the manufacturer.
Here is screenshots of my old phone also cricket
The apkpure in the middle is the real app the one on top is the link to apkpure.com and the bottom is apk file manager
Edit : I'm not sure where I got the APK link from that acted like it was being installed but just added a icon on my home screen and after that I started getting apps downloaded, now a possibility is that the APK pure was the 1st app I installed after a reset and my phone was still in the process of installing bloatware, but in my experience all bloatware is already installed by by default and not download after everything is booted up
The apkpure in the middle is the real app the one on top is the link to apkpure.com and the bottom is apk file manager
Edit : I'm not sure where I got the APK link from that acted like it was being installed but just added a icon on my home screen and after that I started getting apps downloaded, now a possibility is that the APK pure was the 1st app I installed after a reset and my phone was still in the process of installing bloatware, but in my experience all bloatware is already installed by by default and not download after everything is booted up
Attachments
Last edited: