Matt31
Well-Known Member
I have AdFree and I still get ads in my notification bar
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Seeing ads in my notification bar?
- Thread starter whitenoiz
- Start date
I have AdFree and I still get ads in my notification bar
tmarie1412
Lurker
Thank you so much for this info. I found the Pandemic 2 app I just got was sending me push notifications. I cant stand them.
ciprianmagda
Lurker
In my case it was the pinit app (official app for pinterest). This forum thread was really helpful to identify the spammer. Now I see that the app is not on the android market anymore. I was looking forward to rate it one star but it is gone now...
Tablet Wallpapers was the culprit on my device. +1 to Airpush detector. It did its job.
Thanks to this thread, I installed Airpush Detector and it found Tablet Wallpapers as one of 3 possible culprits - knew it was Tablet Wallpapers, though, since I installed that weeks ago (when the push notifications began) and the other two apps were just added yesterday. New York Live Wallpaper and Winter Scenes Live Wallpaper were the other two, FYI.
whitedragon551
Member
BloatFreezer does it as well. It was one of my favorite bloat freezing programs, but its obviously removed now.
aulternator02
Lurker
Hit the Scan button in the center.
Hit the Addons button.
Click on the drop down box.
Go to Push Notifications.
Click on one of the things listed and start uninstalling one by one. I would write down everything that is listed. As soon as I deleted the culprit the adds went away in 5 minutes tops.
I didn't think the addon detector would work, so I didn't write the name of the culprit down
I know for a fact that is was either a wallpaper or a recent theme I installed for GoLauncher.
So far no more adds! And one HAPPY CAMPER!
Hit the Addons button.
Click on the drop down box.
Go to Push Notifications.
Click on one of the things listed and start uninstalling one by one. I would write down everything that is listed. As soon as I deleted the culprit the adds went away in 5 minutes tops.
I didn't think the addon detector would work, so I didn't write the name of the culprit down
I know for a fact that is was either a wallpaper or a recent theme I installed for GoLauncher.
So far no more adds! And one HAPPY CAMPER!
robh5854
Lurker
Thanks you lot for all the interesting and useful info on this forum (not just this thread). I'm a forum noob but signed up to add to this thread because I started to receive a small, square, green speech bubble with a smiley face in my notification bar. I couldn't delete it and it kept on taking me to unwanted ads for other apps. After seeing this forum I downloaded Ad Network Detector by Lookout (it had a long list of recognized offenders) and it identified the culprit as LeadBolt from the app Helidroid 3D. Although I can uninstall I chose to 'opt out' because I still want to play the app! It seems to have worked so far. I'll let you know if things change. I've given the app an appropriate rating with a warning to other potential victims.
lostinthought
Lurker
So, first of all, I'm extremely grateful to have found this tread.
HOWEVER, it comes a little late. I just got my phone a couple weeks ago, and in my excitement, I downloaded what I thought was an official google calendar app without checking the credentials of the developer or closely looking at the permissions (You must attempt to imagine how much of an idiot I feel like right now. Do it. Just put yourself in my position. Also, it seems ridiculous that it wouldn't occur to me that I wouldn't have to download an official google calendar, but I implore you not to embarrass me further).
What follows are the details of my experience with the app "Google Calendar" by the 'developer' "App for Android". You can scroll down to the bolded questions I have resulting from this experience, if you find me too long-winded.
I started seeing tons of ads on my notification bar AND on my desktop, but couldn't figure out which app put them there (I have been trying out many since I got my phone). Finally, I took to the 'net and found out about Airpush and Addons detector. Both pointed to this "Google Calendar" app. I couldn't, for the life of me, figure out why Google would push ads via Airpush and Leadbolt.
I went to the marketplace/Google Play to see what had been written about this app, but when I pulled up "My Apps" from Google Play, the app was not visible at all. I dismissed this as probably due to the fact that it was "an official app" and I couldn't uninstall it from the marketplace for that reason. It wasn't until I went to Running Services, that I saw the offending service that I realized I COULD uninstall it, and, quickly, I did!
After searching for it on Google Play again, I saw it somewhere on the fourth or fifth page when searching for "google calendar". It had a rating of 4.9 stars with 14 ratings, and the first review said "Great App!" (Again, please do not point out the ignorance/stupidity on my part.) So I didn't even think much when I installed it for these reasons.
Upon further inspection, I saw the following requested permissions:
________________________________________________________________
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
YOUR LOCATION
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ BROWSER'S HISTORY AND BOOKMARKS
Allows the application to read all the URLs that the Browser has visited, and all of the Browser's bookmarks.
WRITE BROWSER'S HISTORY AND BOOKMARKS
Allows an application to modify the Browser's history or bookmarks stored on your device. Malicious applications can use this to erase or modify your Browser's data.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
("Show all" reveals the following
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
YOUR LOCATION
ACCESS EXTRA LOCATION PROVIDER COMMANDS
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
SYSTEM TOOLS
AUTOMATICALLY START AT BOOT
Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
________________________________________________________________
So I decided to contact the developer to ask how the app worked exactly, why it needed so many permissions, and to complain about the ads. I'm still an idiot at this point, because I didn't notice that the contact email was "contact@gmail.com". I then got a delivery-failure notice, and went back to the Play website to click on the developer link which took me to "ww1.www.com"... And then I saw the developer's name is/was "App for Android".
Here is where I realized the extent of my stupidity.
(Looking at his/her other app, "Faster Hotmail" showed complaints of ads, too. At the play website, the html string for his/her page is "store/apps/developer?id=App+for+Android" in case you want to see.)
Naturally, I left a rating and a comment and reported the app to Google. Balance was restored to my phone, as the app was now gone, and I had taken the necessary actions available to me to attempt to deter/protect others from downloading the app.
But then I started to wonder: I gave this app my google credentials. Was this simply an adware app? Was it spyware?? Was it trying to phish my credentials??? Is it possible that it was malware and it rooted my phone/installed a backdoor to my phone that I don't know about????
I downloaded Lookout, and although the scan didn't find anything, I also ran the scan with the app installed, and it didn't find the app as malicious. I am in the middle of changing the passwords of several accounts that I accessed from my phone, (I don't use the same password for any two accounts, have a password manager, and am aware that passwords should be changed frequently anyway, so this isn't a big deal.) But I'm still worried.
Thus, my arrival at these forums and this post. I humbly ask for the community's advice. I am, perhaps, too paranoid, but I want to be more careful than I originally was.
My questions are:
1) Is there a safe/verified way to check if an app has rooted my phone?
2) If my phone has been compromised, is the only/best solution to do a factory reset? (Please tell me that a factory reset will work.)
3) Is there anything else that I should do that I haven't mentioned/done already?
Please help/advise
HOWEVER, it comes a little late. I just got my phone a couple weeks ago, and in my excitement, I downloaded what I thought was an official google calendar app without checking the credentials of the developer or closely looking at the permissions (You must attempt to imagine how much of an idiot I feel like right now. Do it. Just put yourself in my position. Also, it seems ridiculous that it wouldn't occur to me that I wouldn't have to download an official google calendar, but I implore you not to embarrass me further).
What follows are the details of my experience with the app "Google Calendar" by the 'developer' "App for Android". You can scroll down to the bolded questions I have resulting from this experience, if you find me too long-winded.
I started seeing tons of ads on my notification bar AND on my desktop, but couldn't figure out which app put them there (I have been trying out many since I got my phone). Finally, I took to the 'net and found out about Airpush and Addons detector. Both pointed to this "Google Calendar" app. I couldn't, for the life of me, figure out why Google would push ads via Airpush and Leadbolt.
I went to the marketplace/Google Play to see what had been written about this app, but when I pulled up "My Apps" from Google Play, the app was not visible at all. I dismissed this as probably due to the fact that it was "an official app" and I couldn't uninstall it from the marketplace for that reason. It wasn't until I went to Running Services, that I saw the offending service that I realized I COULD uninstall it, and, quickly, I did!
After searching for it on Google Play again, I saw it somewhere on the fourth or fifth page when searching for "google calendar". It had a rating of 4.9 stars with 14 ratings, and the first review said "Great App!" (Again, please do not point out the ignorance/stupidity on my part.) So I didn't even think much when I installed it for these reasons.
Upon further inspection, I saw the following requested permissions:
________________________________________________________________
THIS APPLICATION HAS ACCESS TO THE FOLLOWING:
YOUR LOCATION
FINE (GPS) LOCATION
Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
COARSE (NETWORK-BASED) LOCATION
Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows an application to create network sockets.
YOUR PERSONAL INFORMATION
READ BROWSER'S HISTORY AND BOOKMARKS
Allows the application to read all the URLs that the Browser has visited, and all of the Browser's bookmarks.
WRITE BROWSER'S HISTORY AND BOOKMARKS
Allows an application to modify the Browser's history or bookmarks stored on your device. Malicious applications can use this to erase or modify your Browser's data.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
STORAGE
MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS
Allows an application to write to the USB storage. Allows an application to write to the SD card.
SYSTEM TOOLS
PREVENT DEVICE FROM SLEEPING
Allows an application to prevent the device from going to sleep.
("Show all" reveals the following
HARDWARE CONTROLS
CONTROL VIBRATOR
Allows the application to control the vibrator.
YOUR LOCATION
ACCESS EXTRA LOCATION PROVIDER COMMANDS
Access extra location provider commands. Malicious applications could use this to interfere with the operation of the GPS or other location sources.
NETWORK COMMUNICATION
VIEW NETWORK STATE
Allows an application to view the state of all networks.
SYSTEM TOOLS
AUTOMATICALLY START AT BOOT
Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
________________________________________________________________
So I decided to contact the developer to ask how the app worked exactly, why it needed so many permissions, and to complain about the ads. I'm still an idiot at this point, because I didn't notice that the contact email was "contact@gmail.com". I then got a delivery-failure notice, and went back to the Play website to click on the developer link which took me to "ww1.www.com"... And then I saw the developer's name is/was "App for Android".
Here is where I realized the extent of my stupidity.
(Looking at his/her other app, "Faster Hotmail" showed complaints of ads, too. At the play website, the html string for his/her page is "store/apps/developer?id=App+for+Android" in case you want to see.)
Naturally, I left a rating and a comment and reported the app to Google. Balance was restored to my phone, as the app was now gone, and I had taken the necessary actions available to me to attempt to deter/protect others from downloading the app.
But then I started to wonder: I gave this app my google credentials. Was this simply an adware app? Was it spyware?? Was it trying to phish my credentials??? Is it possible that it was malware and it rooted my phone/installed a backdoor to my phone that I don't know about????
I downloaded Lookout, and although the scan didn't find anything, I also ran the scan with the app installed, and it didn't find the app as malicious. I am in the middle of changing the passwords of several accounts that I accessed from my phone, (I don't use the same password for any two accounts, have a password manager, and am aware that passwords should be changed frequently anyway, so this isn't a big deal.) But I'm still worried.
Thus, my arrival at these forums and this post. I humbly ask for the community's advice. I am, perhaps, too paranoid, but I want to be more careful than I originally was.
My questions are:
1) Is there a safe/verified way to check if an app has rooted my phone?
2) If my phone has been compromised, is the only/best solution to do a factory reset? (Please tell me that a factory reset will work.)
3) Is there anything else that I should do that I haven't mentioned/done already?
Please help/advise
robh5854
Lurker
Ooops! Looks like it didn't work. I chose to opt out of the ads via the LeadBolt page that came up after my Lookout scan. I re-started my HTC and the notification went. After a while it popped up again. I gave them a few days in case it took them a while to process my response but it didn't work. I uninstalled the app but to my surprise the box popped up again a day or two later! I ran a Lookout scan and it didn't id any app present that pushes ads. I've downloaded Addons Detector and run a scan but it still didn't detect any app of this nature, even though the little green box was sat in my notification bar!
Any ideas, anyone?
Any ideas, anyone?
Harry2
Extreme Android User
Maybe a new AirPush "player", yet unknown to the AirPush detectors of the Market.
I read about a method which may be helpfully if the AirPush detectors won't find any push notification addon in your apps.
And so you won't know which of your free apps is responsible for the spam in your notification bar.
You might hunt the culprit app on your own with the aid of the phone logging app 'aLogcat' (free in Market).
But be warned, you'll need some experience with logs or the will to learn it
Wait until the annoying ad appears in you notification bar.
Start 'aLogcat' and then clear its log.
Then pull down the notification bar and tip on the icon of the annoying ad.
Return quickly to aLogcat (via long press on the HOME button).
Now you should see the culprit app and following it the AirPush SDK in the log's rows.
Good luck
Harry
I read about a method which may be helpfully if the AirPush detectors won't find any push notification addon in your apps.
And so you won't know which of your free apps is responsible for the spam in your notification bar.
You might hunt the culprit app on your own with the aid of the phone logging app 'aLogcat' (free in Market).
But be warned, you'll need some experience with logs or the will to learn it
Wait until the annoying ad appears in you notification bar.
Start 'aLogcat' and then clear its log.
Then pull down the notification bar and tip on the icon of the annoying ad.
Return quickly to aLogcat (via long press on the HOME button).
Now you should see the culprit app and following it the AirPush SDK in the log's rows.
Good luck
Harry
robh5854
Lurker
Thanks Harry. I didn't end up trying your advice because I didn't need to. I just ran a scan again with Addons Detector and it cornered the offending app (I hadn't read the bit in Addons that states it only scans notifications received in the last 48hrs which is why I mistakingly thought it couldn't detect the offending notification - told you I was a NOOB!)
Here's the weird bit however....Addons id'd the app as 'TANK 2012'. I have never installed that app (or even searched for it on Google Play). I don't know where it came from unless it managed to piggy back in to my phone through the original offending app 'Helidroid 3D'.
Anyway, I've used Addons to uninstall it now and will see if that has stopped it. Have a nice day!
Rob.
Here's the weird bit however....Addons id'd the app as 'TANK 2012'. I have never installed that app (or even searched for it on Google Play). I don't know where it came from unless it managed to piggy back in to my phone through the original offending app 'Helidroid 3D'.
Anyway, I've used Addons to uninstall it now and will see if that has stopped it. Have a nice day!
Rob.
alostpacket
Over Macho Grande?
^ Harry is awesome
Jus' sayin'
Jus' sayin'
alostpacket
Over Macho Grande?
( ... )
1) Is there a safe/verified way to check if an app has rooted my phone?
2) If my phone has been compromised, is the only/best solution to do a factory reset? (Please tell me that a factory reset will work.)
3) Is there anything else that I should do that I haven't mentioned/done already?
Please help/advise
1) I'm not 100% sure, but if you see an app with a name like "superuser" that's a good indication you are rooted.
2) Factory reset will indeed help really clear out your phone. There may be some malware out there that can get around it, but even if there is it would be very, very, very rare. Factory reset should set you straight. However, be careful to un-check "save my preferences" under the privacy settings on the phone, else Google Play may try to re-download all your apps for you once you sign in after a factory reset.
A better way would be to make a list of your apps and install them one by one. ( You can actually use my app Listables to make the list, but there are also other apps too)
3) It seems like you are pretty well covered. You are taking exactly the right security-mindful steps a person should take if they suspect they have malware. In fact, I'm quite impressed with your diligence
Hope that helps and dont hesitate to ask if you have more questions.
TheMrPatrick
Lurker
I downloaded the app Mario Kart from the android market yesterday, it didn't work but it did cause ads in the notification bar. Checked android market again today and the app is removed from it. I have removed the app but should I take any precautions? My Galaxy Ace hasn't done anything special aside from the ads so far.
I had similar problems with GLU games Like blood and gore and zombies and sniper. It would send these little ads up to my notification saying save 75 percent off a weapon upgrade. or If you buy the ocopy today you get a free up grade of gear. Really cool games awesome graphics but I deleted them because it would wake my phone make a beep as well. After that I got a new notice in my bar that was from T Mobile telling me my bill will be ready soon then two days later my bill is ready and the then two days later my bill as past due. Then starts the text messages. I found in the my account app you can turn those notifications off.
I had a similar problem with an add called "BeNaughty" Drove me crazy! Found out it was a theme that I had downloaded called "go ICS" which was just an imitation of the real IceCream Sandwich theme.
To Get Rid of:
Step 1 - click on the add and quickly look in the upper left corner where it will give the app, theme, game that keeps sending these stupid apps.
Step 2 - Delete
Step 3 - Give them a low rating or and warn others!
To Get Rid of:
Step 1 - click on the add and quickly look in the upper left corner where it will give the app, theme, game that keeps sending these stupid apps.
Step 2 - Delete
Step 3 - Give them a low rating or and warn others!
doctorfrylock
Member
Anybody who is getting notification bar ads, download Addons Detector instead of Airpush Detector.
Harry2
Extreme Android User
Have a look at LookOut's Ad Network Detector
which doesn't need any permissions, like AirPush Detector.Harry
blackepoxy
Android Expert
Yeah same here, with the ICS go launcher theme, it's hard to find a ICS go launcher theme that doesn't have it...
I have one installed now that shows it has it, but i have never seen any spam from it...
Maybe it starts up when you select choose wallpaper...