• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Preowned Android security measures

M

migueluli

Lurker
I just purchased two preowned HTCs (a Desire HD for my gf, and a Desire Z for me) and I just realized the security issues this poses. If any of these phones were infected with some kind of spyware all our personal data could be compromised, email accounts, banking data, etc.

I'm new to Android and ignore the most basic things about rooting, custom ROMs, factory resetting and so on. What I do know is that both phones have been carrier unlocked (ignore the method, since there are several, right?), which makes me fear going back to a locked phone if I do any of the above without being careful.

What would you recommend me to do?

Maybe I'm being overly cautious, but I think the potential damage is big enough to take some precautionary actions.
 
Welcome to AF! :)

If both aren't rooted, then just factory reset both as soon as you get them and you'll be fine. Without root, you can only write to the phones data partition and a factory reset wipes the data partition so will delete any malicious apps that may be on there.

A factory reset is pretty easy and if the phone is totally new, you won't be losing any thing important.
 
Great, thanks! A couple of doubts on how to proceed.

To make sure if the phone is rooted I should get some terminal emulator app and then check if I can gain superuser privileges with 'su', right? Is that enough to be sure? How can I install a terminal emulator without going through the marketplace (thus requiring google credentials and defeating the point of all this somehow)?

And regarding the carrier unlock, will the phones remain unlocked after the factory reset? Does this depend of the method uned for unlocking?

<paranoid>And last question. Would it be possible at all for a phone to be rooted, to have malware installed on it, and then somehow have it unrooted to remove the traces?</paranoid>

Thanks again for your help!

Edit: Also, what if they ARE rooted?
 
Ok, I've been digging a bit deeper and it seems that a factory reset can't undo the unlock. So far so good.

So, as far as the phones are not rooted, I'll only need to reset to factory settings to be on the safe side.

I'll try to go even deeper to see if I find out about the convoluted case between the paranoid tags :)
 
El Presidente said:
Re the paranoid tags, not to my knowledge. If it needs to be rooted to install the software, it will need to be rooted for the software to work.
Click to expand...

TO the OP:Basically this means, if you are worried of spyware apps: do a factory reset, and unroot, and you're safe as long as you arent rooted.





I do have a question though, what if you flash a new ROM? Would hidden apps be removed too?
 
chanchan05 said:
I do have a question though, what if you flash a new ROM? Would hidden apps be removed too?
Click to expand...

Yeah, because it would wipe or at the very least rewrite the system partition (where the OS resides) when installing the new ROM.

I've heard of some tracking apps that install on the system partition (Cerberus is one I think) and the only way to remove them completely is to install a new ROM/reflash your existing one.
 
El Presidente said:
Yeah, because it would wipe or at the very least rewrite the system partition (where the OS resides) when installing the new ROM.

I've heard of some tracking apps that install on the system partition (Cerberus is one I think) and the only way to remove them completely is to install a new ROM/reflash your existing one.
Click to expand...

If thats the case, I'd think that's the OP's best bet to avoid the stuff he's paranoid about. Simply reflash the phones with stock firmware (or better yet, cyanogen).
 
chanchan05 said:
If thats the case, I'd think that's the OP's best bet to avoid the stuff he's paranoid about. Simply reflash the phones with stock firmware (or better yet, cyanogen).
Click to expand...

It looks like it is.

If I understood well, if there was such a program residing on the system partition, unrooting and doing a factory reset wouldn't be enough to get rid of it.

Is this correct?
 
i would suggest you flash the stock system, of course you would need to know how to do it, once you flash the stock system of course wipe data and cache, and dalvik cache, erase all traces, that is the safest method
 
El Presidente said:
Yeah, because it would wipe or at the very least rewrite the system partition (where the OS resides) when installing the new ROM.

I've heard of some tracking apps that install on the system partition (Cerberus is one I think) and the only way to remove them completely is to install a new ROM/reflash your existing one.
Click to expand...

Yes, this is true...another example is McAfee WaveSecure. Re-writing with a stock ROM would be the safest way to go. You might be able to take the devices into your local carriers store and ask them to re-flash it (RUU, etc.

I can also think of a few other ways that you could install some malicious app or function on a rooted device that would continue to be present even after un-rooting (i.e., messing with the init scripts, etc.).

I don't want alarm the OP with the above...but I think the real question is how much effort do you think someone has gone to to insert something malicious into an Android device vs. the chance that it really has happened?

Also, if you are adb-conversant and/or have the Android SDK installed, you should be able to do an "adb shell" from your PC to test its response to the "su" command without installing the Android Terminal Emulator (although you should be able do a push install of that app from your PC via adb also).

Let us know how deep down the rabbit hole you want to go :).

We can at least try to eliminate some of these possibilities and allay your fears.

Cheers!
 
El Presidente said:
Re the paranoid tags, not to my knowledge. If it needs to be rooted to install the software, it will need to be rooted for the software to work.
Click to expand...

chanchan05 said:
TO the OP:Basically this means, if you are worried of spyware apps: do a factory reset, and unroot, and you're safe as long as you arent rooted.
Click to expand...

That isn't quite the case, every phone has a system partition, just because you have to be rooted to install it doesn't mean you have to be rooted for it to work or else we would have no stock apps on our phones that survive factory reset ;)

chanchan05 said:
I do have a question though, what if you flash a new ROM? Would hidden apps be removed too?
Click to expand...


El Presidente said:
Yeah, because it would wipe or at the very least rewrite the system partition (where the OS resides) when installing the new ROM.

I've heard of some tracking apps that install on the system partition (Cerberus is one I think) and the only way to remove them completely is to install a new ROM/reflash your existing one.
Click to expand...

If the phone is rooted a simple rom flash can leave parts of /system behind. Not all roms format /system before writing them, when you change from one base rom to another (Sense to AOSP) wiping /system is usually something you need to do manually otherwise it can cause issue with system apps forceclosing due to parts of the old /system still being there (some roms will wipe it others will not it all depends on the dev)


@migueluli
Have you confirmed if the are or are not rooted (I was unable to tell by reading the thread) If they are not rooted then you really can't do anything to the /system partition without rooting them first. It is possible that someone could have rooted then unrooted but on most phones that involves reinstalling the stock firmware and it will completely wipe any partitions.

If you have not confirmed if the phones are or are not rooted then the first step to take before discussing roms and partitions on the phones would be to find out if they are or are not rooted.
 
I just received the first of the two phones I bought, the Desire HD.

I've logged in using 'adb shell' from my Ubuntu laptop, and I cannot get superuser privileges, so I think that it isn't rooted.

Yeahha said:
It is possible that someone could have rooted then unrooted but on most phones that involves reinstalling the stock firmware and it will completely wipe any partitions.
Click to expand...

For these specific phones, Desire HD and Z, how can I find out if being unrooted and on the stock firmware means that all partitions are clean? If that's the case then I can be confident that there's no malicious software on the phone only by doing a factory reset, right?

If that is not enough to be sure, you mention that even flashing a new ROM doesn't guarantee cleaning the whole /system partition. Could you point me to some instructions on how to do it?

As far as I understood, in that case the steps that I should follow for each device would be the following. Please correct me if I'm wrong.

  1. Do a factory reset (to delete all data on the device)
  2. Format the SD card
  3. Root the device
  4. Flash a ROM making sure of wiping the /system partition
  5. Unroot the device (just in case)
For now I'd rather stick to the stock ROM for a while, and switch to a custom one if I see I really need it.

Also, the Desire HD is supposed to be my gf's phone, and I'd rather wait for mine (the Desire Z) and go over the whole process (if I need to) on that one first. The phones are supposed to be christmas presents, so it's not that we're in a hurry to start using them.

It's very likely that I receive the Z tomorrow. If I do, and the answer is that I need to do all that stuff, then I'll try to clean it on saturday morning.

I know this is probably overkill but I think that, considering the amount of personal information that these phones will handle, its better to be safe than sorry.

Thanks once more to all of you for the help. I'm learning a lot along the way :)
 
For the both phones, it looks like the unroot method is to use a RUU file which would wipe and write all partitions so you should be good. If you want to be paranoid about it then you could boot into hboot on each device (I think the easiest way to get there will be power off the phone hold volume down and power while it powers on, I am 99% sure it is like this for both phones but perhaps someone with the phone will be able to confirm) make sure hboot says "s-on" then reboot if that is the case then there is nothing funny going on and all you would need to do to make sure their clean is a factory reset.
 
Yeahha said:
For the both phones, it looks like the unroot method is to use a RUU file which would wipe and write all partitions so you should be good. If you want to be paranoid about it then you could boot into hboot on each device (I think the easiest way to get there will be power off the phone hold volume down and power while it powers on, I am 99% sure it is like this for both phones but perhaps someone with the phone will be able to confirm) make sure hboot says "s-on" then reboot if that is the case then there is nothing funny going on and all you would need to do to make sure their clean is a factory reset.
Click to expand...

So if both are not rooted, have the stock ROM and both have s-on on the hboot screen, then a factory reset would be enough in your opinion, right?

That would be great, since having to root, flash, etc. both phones is not how I'd rather spend my weekend ;)
 
You must log in or register to reply here.
Back
Top Bottom