Develop Bugs

[TUT] Android Security

This thread is meant for all new Android Users, unsure about the security of their phone and their personal data in this operating system.
Please feel free to contribute all kinds of security related information (anti-virus, firewall, theft protection but also viruses, data harvester apps...).
The structure of this thread:
1. Common Sense / Permissions
2. Security Software
3. Dangerous Software
4. FAQ
1. Common Sense / Permissions
In contrast to what you might be used to from Windows Mobile, Android informs you about the permissions, an app requests, when installing it, either through the Android Market or through an .apk file.
It is important to read these permissions and be reasonably suspicious, when an app requests permissions, that seem inappropriate. But some common sense is also needed to understand that some apps need permissions, you cannot understand immediately.
Here is an example of the permissions, you have to accept before installing an app:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What do these permissions mean?
I will not list all the permissions here, some are self explanatory and for everything else, you can read up on them here.
In general, you can trust Google with all their apps and permissions. Voice Control apps and Siri clones also in general require a lot of permissions, which makes sense, as they should be able to call your contacts, send emails and sms, etc. Install those apps only by developers you trust!
1.1 Permissions you can do nothing about
- Hardware controls, such as disable sleep mode etc.
mostly required by games, that want to keep the display on. Nothing to worry about.
- Write to your sd card
Apps that edit files (e.g. photo editors, office apps, ...), download files (Dropbox, Download all files, Wallpaper or ringtone downloaders, ...) and games, that require additional data to be played (e.g. Gameloft games or other graphics intensive games) need to be able to write files to your sd card, either after you created those files yourself or downloaded files.
- reading imei / phone state
many apps require this permission. while, technically, with a security app, you could disable this permission for the apps, it is not such a bad thing.
this permission is needed to identify the phone. commercial software might determine your valid purchase status through the imei.
the phone state also gives apps the possibility to react to incoming calls and go into standby for the duration of the call.
1.2 Permissions that invade your privacy
- access SMS inbox
necessary for Try 'n' Buy Apps (e.g. Gameloft Games), Apps with in-App purchases, and some apps, that require sim identification (whatsapp, Dailyme...)
For everything else, you should be suspicious.
- access contacts/ call logs
necessary for communication apps with contacts sync (twitter, facebook, skype, ...), also every app which has to do with ringtones (zedge, mp3 ringtone maker, ...) and online games, where you can invite friends to play with you (mostly card and board games and MMOs). Everything else might be a data harvester.
- your current location (network based or gps)
necessary for navigation apps, photography apps and communication apps that allow you to share your location.
Other apps, especially games, should not have this permission.
1.3 Permissions that might cost you money
- make outgoing phone calls
necessary for google apps, voice control apps and name lookup/caller id/phone book apps (for Germany dasTelefonbuch, dasOertliche and klicktel).
This permission should generally not be found in games and small info apps.
- send SMS
necessary for apps with sim activation (Try 'n' Buy Games, apps with in-app purchases, whatsapp, ... (see "access SMS inbox")).
For everything else, when in doubt, google the name of the permission or ask here, what it means and whether the app is trustworthy.
So, what can you do about these permissions?
There are basically 2 options:
1. Don't Install an app that seems suspicious for requesting too much information.
2. Install security software to block certain permissions.

2. Security Software
Here we gather general information and reviews on different security apps.
2.1 LBE Security
LBE Security is a very powerful Security Suite. It can be found here (XDA) and here (Market).
It requires root.
With this app you can regulate permissions given to all the apps you have installed. you can set Internet Access (separated by 3G and Wi-Fi), IMEI, SMS, contacts, location... for all your apps. Also, there is an app monitor, that gives you a notification icon for newly installed apps, so you can comfortably set its permissions. Also, it comes with a traffic monitor, that tells you, how much of your monthly plan has been used. Its statistics can also show you, which app used up what amount of traffic and how many calls and sms were caused by each app. Also, besided permanently forbidding or allowing something, you can set it to ask you each time, as you might want to allow an app to send an SMS once (for verification), but not anymore after that.
Forbidding all unnecessary permissions for apps (including Internet), this is the only software I currently use, as, when set up right, it effectively works as firewall, traffic monitor, virus protection and privacy protection.
2.2 ???
As mentioned above, I only use the one app, but feel free to post basic information and/or reviews of other apps, like kaspersky or avg or droidwall or whatever comes to mind and I will post them here.

3. Dangerous Software
In this portion of the thread, I will list all apps, that have been posted as data harvesters, viruses or generally harmful to your device.

4. FAQ
Here we collect the Questions and Answers worth mentioning.

Let me start of with a few questions on specific permissions:
1. Two out of the three Angry Birds versions on the market require "Positioning". I denied this through LBE and it works just fine, I don't see, what the app would need that for.
2. While I understand that the official Facebook app would need the permissions for contacts and Location, I wonder why it wants to read my SMS inbox and sent paid SMS. I also denied this through LBE. Doesn't seem to be necessary.
3. could someone send me the correct names for all the permissions?

This is interesting but it would get far more coverage in one of the general forums.
Sent from my R800i using Tapatalk

that is true. but the information here is meant for new android users, and there are very few around the general section, while i think, that many of the blackstone users just recently started working with android.

Chef_Tony said:
that is true. but the information here is meant for new android users, and there are very few around the general section, while i think, that many of the blackstone users just recently started working with android.
Click to expand...
Click to collapse
I think he means general Android sections of XDA, not just the Blackstone area .
Your tut applies to all Android, y'know?

yeah, I understand he was talking about the "general general section", but again, don't all noobs just look at their own device's sections? I mean, I don't even look into the general sections, only the devices I own and/or moderate. However, I believe there is something to it, so I moved it to "Android General" and back, leaving a permanent redirect, so this thread is found there as well which will hopefully draw some attention and also contributors here.
Btw. if there were several contributions that concern blackstone specific security, I'd be fine with that as well. Most important thing is that someone posts more content for me to add. I'm not exactly an expert on the topic, just wanted it covered because I believe it is important and has come up recently.

Chef_Tony said:
yeah, I understand he was talking about the "general general section", but again, don't all noobs just look at their own device's sections? I mean, I don't even look into the general sections, only the devices I own and/or moderate. However, I believe there is something to it, so I moved it to "Android General" and back, leaving a permanent redirect, so this thread is found there as well which will hopefully draw some attention and also contributors here.
Btw. if there were several contributions that concern blackstone specific security, I'd be fine with that as well. Most important thing is that someone posts more content for me to add. I'm not exactly an expert on the topic, just wanted it covered because I believe it is important and has come up recently.
Click to expand...
Click to collapse
Ah, yes I do get your point as well... But honestly, Blackstone Android is a very small subsection of Android - I just wanted your (honestly well-written) tutorial to reach a larger audience - that's all .

What about a piece on the NSA'S SEAndroid? I haven't really done much looking into it but there is a wiki page over on the selinux site. Although it's more protecting you personal data than anything else I think.
Sent from my R800i using Tapatalk

Great information I recently started doing some research on this subject matter and started a survey over at bit.ly/infolookup I am compiling security related tips that I can then point users too that have questions about their privacy and security.
I second LBE, I also use Droidwall firewall great app and Lookout along with Cerberus for tracking. Feel free to checkout the survey I will also link back to this resource once I have the completed blog posting on my findings.
Thank you.

Isn't this Malware? Why Norton no catch?

If not, how do I find where it's coming from? When I click it, it just brings up ads in my browser. Thanks
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my SGH-T989 using Tapatalk 2

juntjoo said:
If not, how do I find where it's coming from? When I click it, it just brings up ads in my browser. Thanks
Sent from my SGH-T989 using Tapatalk 2
Click to expand...
Click to collapse
Download the app AirPush Detector. It will tell you which app is causing those ads.
Sent from my SGH-T989D using xda premium

Also install airblocker app. It helps blocking push notif. Ads
Sent from my SAMSUNG-SGH-T989 using XDA

Another good one from the market is addons detector.
°··:··SGSII T989~ juggernaut v5.0~ streamline #29~cyan··:··°

Just another reason why I like XDA... It's a great place for answers.

just going off the thread title: because norton is ****e.

Most anti virus and malware apps don't work
Sent from my SAMSUNG-SGH-I727 using xda premium

Danial723 said:
Most anti virus and malware apps don't work
Sent from my SAMSUNG-SGH-I727 using xda premium
Click to expand...
Click to collapse
especially anything made by norton...

...

Wow alot if imbeciles in this thread lol
Sent from my SGH-T989 using XDA

Norton is one of the worst anti virus out there.. for mobile or desktop use.
Sent from my SGH-T989 using Tapatalk

Its sad we even have to worry about this stuff on Linux I thought the line was drawn around windows.

The way I found out was holding that ad down until it scrolled all the way through and it gave the app. Most likely it was from a golauncher app. So I deleted that app.
Sent from my SGH-T989 using xda

Thanks! I'll try that airbrush thing you guys mentioned. so Norton sucks uh? So i should just uninstall that?
Sent from my SGH-T989 using Tapatalk 2

juntjoo said:
Thanks! I'll try that airbrush thing you guys mentioned. so Norton sucks uh? So i should just uninstall that?
Sent from my SGH-T989 using Tapatalk 2
Click to expand...
Click to collapse
Yes uninstall ASAP. Don't let the media fool u Norton is garbage.

As stated, norton is garbage, aswell as most droid AV, norton sucks no matter the platform, for PC, avg is best (pro, not free, free sucks), for android if you need AV, Install McFee for root amazing app with to many features, and works awesome as system app, and settings can be written to /system instead of /data for best use,
At buddy sayin remove Golauncher, how would this help? Ive been monitoring all through that aswell as GoSMS, and a few other go apps, and have yet to see a version with Airpush support?
With that said, i WILL state it does have useless functions and bloated scripts, none of which really impact performance or even data usage, so i can see the developers point on leaving it in, probably for compatibility (some of those functions MIGHT be needed on other devices,
Please dont put down apps solely apps on a basis which you havent even researched, if you have questions/concerns, contact the dev directly.
@OP
Norton is crap and on windows more or less wastes resources to perform half-assed functions, that can be done using commandline, or even be done better with a free version of just about ANY antivirus, having built over 300pcs for my @home business over the course of the past few years i have NEVER included it as a preinstall, or even recommended it to my customers, on a side note, its made me easy money, from "fixing" PCs with it installed and and having issues with the firewall, or false positaves, or even viruses that leaked through, pretty much my main question when they come in is "what antivirus do you use" if they say norton my response is usually "ok, im pretty sures what the issue is, i should have it ready in a few hours, il call if theres any issues"
I have about 30 norton keys laying around from "upgrading" and selling propered licenses for new antiviruses (AVG Pro 2011 is my bestseller), that i will probably never see money back for, but oh well its a garbage product that doesnt belong on anything but maybe a CD..
No interest in the droid version as the PC version has wronged to many people and caused me some greif, easy fix for airpush is update your hosts file to a ad blacklist (complete should be around 8-900kb if more its probably bloated/entries duped, if smaller, incomplete, you can google lists and make your own)and if on ICS, simply update your proxy to enable host redirection viola, push notes gone
*although i so have an Awesome distro that includes a very trimmed down norton thats cabable of scanning outside the OS (running from BIOS) that does the job nicely, but its far from "official"...

i use ad detector from the market. it is free and it will run a scan and tell you which apps you have installed that will push ads to your notification bar.
As far as malware/anti-virus goes, nothing is as good as Malwarebytes Anti-malware. There needs to be an Android version of it.

doug36 said:
As stated, norton is garbage, aswell as most droid AV, norton sucks no matter the platform, for PC, avg is best (pro, not free, free sucks), for android if you need AV, Install McFee for root amazing app with to many features, and works awesome as system app, and settings can be written to /system instead of /data for best use,
At buddy sayin remove Golauncher, how would this help? Ive been monitoring all through that aswell as GoSMS, and a few other go apps, and have yet to see a version with Airpush support?
With that said, i WILL state it does have useless functions and bloated scripts, none of which really impact performance or even data usage, so i can see the developers point on leaving it in, probably for compatibility (some of those functions MIGHT be needed on other devices,
Please dont put down apps solely apps on a basis which you havent even researched, if you have questions/concerns, contact the dev directly.
@OP
Norton is crap and on windows more or less wastes resources to perform half-assed functions, that can be done using commandline, or even be done better with a free version of just about ANY antivirus, having built over 300pcs for my @home business over the course of the past few years i have NEVER included it as a preinstall, or even recommended it to my customers, on a side note, its made me easy money, from "fixing" PCs with it installed and and having issues with the firewall, or false positaves, or even viruses that leaked through, pretty much my main question when they come in is "what antivirus do you use" if they say norton my response is usually "ok, im pretty sures what the issue is, i should have it ready in a few hours, il call if theres any issues"
I have about 30 norton keys laying around from "upgrading" and selling propered licenses for new antiviruses (AVG Pro 2011 is my bestseller), that i will probably never see money back for, but oh well its a garbage product that doesnt belong on anything but maybe a CD..
No interest in the droid version as the PC version has wronged to many people and caused me some greif, easy fix for airpush is update your hosts file to a ad blacklist (complete should be around 8-900kb if more its probably bloated/entries duped, if smaller, incomplete, you can google lists and make your own)and if on ICS, simply update your proxy to enable host redirection viola, push notes gone
*although i so have an Awesome distro that includes a very trimmed down norton thats cabable of scanning outside the OS (running from BIOS) that does the job nicely, but its far from "official"...
Click to expand...
Click to collapse
for PC , Nod32 found at www.eset.com is the best

I found that for me what was causing that ad to pop up was the MP3 Downloader app. If you have an mp3 downloader app, the way i knew that was it, force close the mp3 downloader and you'll see that ad go away.

blackangst said:
Wow alot if imbeciles in this thread lol
Sent from my SGH-T989 using XDA
Click to expand...
Click to collapse
Because people use Norton?

Potential Security Issue with S-Memo and JB

I was poking around my GS3 today (ATT version but running the Sprint Official JB release LJ7) and I found something pretty shocking. I was poking around the S-memo databases when I opened a table using SQLIte editior. When I opened the table I was shocked to see my Google account username and password in clear plain text. Now, I did have the option to sync to Google drive and the app did prompt for my google username and password so obviously it stores it somewhere. I was just shocked to see it stored in plain text and not encrypted.
I know someone who checked his ATT GS3 running ICS and he did not have these entries in his DB which makes me think it's a JB thing.
To check you need to be rooted and have SQLite editor installed.
Steps to check
1. Set up S-Memo to sync with your Google account
2. Use SQLite editor and navigate to /data/data/com.sec.android.provider.smemo/databases
3. Open the Pen_memo.db file and select the CommonSettings table. Look to see if your Google account info is stored in plain text.
This could potentially be a serious issue. If people running JB on their GS3 can check this that would be awesome. Someone already checked the latest ICS build for the ATT variant but if others on ICS or with a different variant can check that would be great. I will get to check my GF's I-9300 running JB tomorrow when I see her.
Also I'm not sure how app permissions work on android, meaning if one app could access the data/database of another app(without root, because obviously with root another app can, in this case SQLite opened the file). Since the DB is in the /data partition and the permissions are r/w by default I'm thinking it wouldn't be difficult for a malicious non root app to access this database and query it for the information unless there is something built into android that wont allow that.
I have attached a SS of what my table looked like. Obviously I blacked out my PW and also the Google auth ID
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.

ViViDboarder said:
Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.
Click to expand...
Click to collapse
Ahh OK. Yeah I wasn't sure if another app would be able or not. Ive never not been rooted so I wasnt 100% sure about that. So I guess this issue would just concern root users. I still think though the data should have been encrypted before the record was inserted. It did kinda freak me out to open that table and see my google password staring at me.

I don't use S-Memo much but thanks for the heads up.

ViViDboarder said:
Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.
Click to expand...
Click to collapse
There are on Play and on the net "free apps" which needs root access to work. Once you grant access to any of them those can get your info and sent it to anyplace.
Sent from my O=O

csmasn said:
There are on Play and on the net "free apps" which needs root access to work. Once you grant access to any of them those can get your info and sent it to anyplace.
Sent from my O=O
Click to expand...
Click to collapse
Agreed but that is why you should be checking carefully what root apps are doing. Also not just willy-nilly granting Superuser permissions. Half of XDA would be at risk cause they see the SuperUser popup and most of the time just press grant not ever thinking 'What does that mean?' yes they want to test an app, but FFS check what it wants to do. That is the screen that pops up (another one people ignore - yes I am guilty of it my self sometimes thinking nothing has changed between one version to the next) just as you are installing the app. If it is wanting to do things in areas you don't want it to be then don't install it and confront the developer about it.
In this case you can't really confront Samsung devs about this, but the thing is we know what it is for, and secondly your not installing it comes pre-installed. But you get my point. I doubt that the Samsung devs have malicious intensions, where as other developers that your are granting SuperUser permissions to...who knows?

Yikes! Good news, this is not as bad as it seems. The data is not accessible without root.
Once an app has root, it is all over. You have to trust the app to use it wisely (trust me a lot of root apps are unsafe). With this kind of issue, it is probably safer to notify the OEM before publishing, allowing them time to fix it. This is exactly why I am not one to run root apps without a review of them myself.
I took the liberty to forward this on to those that can get it fixed. Nice find.

This should probably use a token-based authentication system, rather than the ACTUAL google account username and password...
Still not brilliant for security, but at least it's not your ACTUAL password in plaintext...

Jarmezrocks said:
Agreed but that is why you should be checking carefully what root apps are doing. Also not just willy-nilly granting Superuser permissions. Half of XDA would be at risk cause they see the SuperUser popup and most of the time just press grant not ever thinking 'What does that mean?' yes they want to test an app, but FFS check what it wants to do. That is the screen that pops up (another one people ignore - yes I am guilty of it my self sometimes thinking nothing has changed between one version to the next) just as you are installing the app. If it is wanting to do things in areas you don't want it to be then don't install it and confront the developer about it.
In this case you can't really confront Samsung devs about this, but the thing is we know what it is for, and secondly your not installing it comes pre-installed. But you get my point. I doubt that the Samsung devs have malicious intensions, where as other developers that your are granting SuperUser permissions to...who knows?
Click to expand...
Click to collapse
Agreed with you.
But about Google's Devs, because it's a Google's flaw. Encryption is old enough, so they can implement it.
Sent from my O=O

graffixnyc said:
I was just shocked to see it stored in plain text and not encrypted.
Click to expand...
Click to collapse
Suppose they were to encrypt it, where would they store the decryption key?

If somebody knowledgeable stole your GS3, and mounted it in Linux using adbfs, would make a bad situation worse, if they got your Google account login. Passwords in plaintext are bad in any case, I still don't trust either Android or iOS for really sensitive apps like banking.

Great job, samsung.
Why the heck you needed those creds anyway? Use tokens.

Checked mine (4.1.1 International version though), and these are the entries in my CommonSettings table...
IS_BOOT_COMPLETED
IS_MEDIA_MOUNTED
SAVED_PAPER
tutorial_view_state
_pref_list_type_before_tag
serialization_hashcode
serialization_canvas_mode
serialization_tag_mode
...nothing about my Google ID.

So I'm on cm10 tmous and don't use smemo... but I can confirm this issue is the same for com.android.email in databases in the email provider.db is a HostAuth.. and when I open that up sure as sh!t there is ALL my email accounts and listed PW in plain text... not secured... really jacked up its not just an s-memo issue..

da-pharoah said:
So I'm on cm10 tmous and don't use smemo... but I can confirm this issue is the same for com.android.email in databases in the email provider.db is a HostAuth.. and when I open that up sure as sh!t there is ALL my email accounts and listed PW in plain text... not secured... really jacked up its not just an s-memo issue..
Click to expand...
Click to collapse
I just pulled that up on mine too! Wtf!
Generating random authentication keys

Has anything been done about this or basically can anyone with any clue about phones easily get your goggle password if they nick your phone?

cybergaf said:
Has anything been done about this or basically can anyone with any clue about phones easily get your goggle password if they nick your phone?
Click to expand...
Click to collapse
Yea just uninstall s-memo. You really don't need it that bad. And if so use other notepad apps that have voice to text capability or use the aosp keyboard. Anything but s-memo
.:Sent from the Hellfire Galaxy of S & 3:.

da-pharoah said:
Yea just uninstall s-memo. You really don't need it that bad. And if so use other notepad apps that have voice to text capability or use the aosp keyboard. Anything but s-memo
.:Sent from the Hellfire Galaxy of S & 3:.
Click to expand...
Click to collapse
Ummm thought you said above you didn't use s-memo so it's not just an s-memo problem or am I reading it incorrectly?
I've also just checked s-memo and can only see an option for syncing to Samsung account not Google?

Google maps showing high usage even though I haven't used it.

I've noticed Google maps has been keeping my phone awake quite a bit during the day. I've never noticed this behavior before in any of my phones. Not sure if it is a Google Now thing? My battery drain while on standby seems higher than what I would expect from a battery this size. Almost 2-3% an hour with zero use. I can get through the day fine but poor standby drain makes a second day out of the question. On just plain standby my Sensation can last as long or longer with 1/2 the battery.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Yep, same here. I uninstalled the updates and all is well.
Sent from my SGH-T889 using xda app-developers app

OwenW71 said:
Yep, same here. I uninstalled the updates and all is well.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Uninstalled what update?

Not sure which update it was, whichever one is current. I used the Manage Applications menu to uninstall updates on Maps. It won't let you uninstall maps without using TiBu or something similar. Since Maps is considered a system app, you can only uninstall updates. That was sufficient to end the needless power drain.

I noticed when I turned off Google now it went away and I have the most current maps update. You might want to check it out

Google play , ,find google maps app and then uninstall. reboot your phone.
Don't worry, you are not uninstalling the all app just the update.
Sent from my SGH-T889

Do you have the location services enabled ?

enachemc said:
Do you have the location services enabled ?
Click to expand...
Click to collapse
+1
Turn off gps its only a button away to turn on in the status bar? Also try reinstalling google maps if anything
Sent from my SGH-T889 "powered by the force v2" using Tapatalk 2

google now-settings-privacy & accounts-manage location history-location settings-location reporting-Do not update your location. Also uncheck Enable location sharing and Enable location history if checked. Also if your weather widget is updated by geolocation, put in a static zip code instead.

Aguiltysoul said:
I noticed when I turned off Google now it went away and I have the most current maps update. You might want to check it out
Click to expand...
Click to collapse
I'm trying ot avoid turning off google now. Battery life is good enough I can live with it but if I can get rid of the battery drain and keep google now that would be gravey.
OwenW71 said:
Not sure which update it was, whichever one is current. I used the Manage Applications menu to uninstall updates on Maps. It won't let you uninstall maps without using TiBu or something similar. Since Maps is considered a system app, you can only uninstall updates. That was sufficient to end the needless power drain.
Click to expand...
Click to collapse
Trying that out. Will see what my Maps usage looks like tonight.
enachemc said:
Do you have the location services enabled ?
Click to expand...
Click to collapse
Yes. I've had location services enabled on every Android phone I've owned and I've never seen that high map usage so something is different about the Note II setup. When I was using Jelly Bean on my Sensation I never recalled seeing that heavy maps usage so I'm thinking something is off on my setup with the Note II.

After uninstalling the update it looks better. Google search on , ,gps on.
Anyway. .the battery life on this phone is amaizing.i didn't root my phone yet to flash a custom rom because everything looks awesome.
Sent from my SGH-T889

Yeah if you want all that on it will use some battery. I turned everything off I mentioned earlier, google now still works perfectly, but I have 0 maps activity at all registering on my battery activity.

stevessvt said:
google now
-settings
-privacy & accounts
-manage location history
-location settings-location reporting
-Do not update your location.
Also uncheck Enable location sharing and Enable location history if checked.
Also if your weather widget is updated by geolocation, put in a static zip code instead.
Click to expand...
Click to collapse
Thanks for sharing this but can you tell me where to put the static zip?
Sent from my MZ609 using Tapatalk 2

Hit the weather on the widget so it brings up the 5 day forcast. Top right corner hit the menu button. Again, top right hand corner hit the +, put in your zip code and hit your town. Now hit the menu button on the phone itself by the home button, hit show current city, and turn off.
Thats it, your good to go.

This is why I use AutoStarts to prevent apps from starting up in background and manage when the apps do run in the background so that the apps don't take up so much system resources. Yes, Google Maps does auto start when your device boots up and then runs in the background.

stevessvt said:
Hit the weather on the widget so it brings up the 5 day forcast. Top right corner hit the menu button. Again, top right hand corner hit the +, put in your zip code and hit your town. Now hit the menu button on the phone itself by the home button, hit show current city, and turn off.
Thats it, your good to go.
Click to expand...
Click to collapse
Thanks that one was completed since day one, old trick since htc hero
I asked the question because I was missing something in Google Now
Sent from my MZ609 using Tapatalk 2

OwenW71 said:
Yep, same here. I uninstalled the updates and all is well.
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Thanks, that did it! Maps pretty much stopped dead in my battery stats since I did this a few hours ago! :victory:

I'm curious are you people experiencing this issue rooted or stock? I supposed that could be carrierIQ transmitting your location data to the NDAA data fusion centers
"
Americans Are The Most Spied On People In World History
More Spying On Citizens than in Stasi East Germany
TechDirt notes:
In a radio interview, Wall Street Journal reporter Julia Angwin (who’s been one of the best at covering the surveillance state in the US) made a simple observation that puts much of this into context: the US surveillance regime has more data on the average American than the Stasi ever did on East Germans.
Indeed, the American government has more information on the average American than Stalin had on Russians, Hitler had on German citizens, or any other government has ever had on its people.
The American government is collecting and storing virtually every phone call, purchases, email, text message, internet searches, social media communications, health information, employment history, travel and student records, and virtually all other information of every American.
Some also claim that the government is also using facial recognition software and surveillance cameras to track where everyone is going. Moreover, cell towers track where your phone is at any moment, and the major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests for cell phone locations and other data in 2011. And – given that your smartphone routinely sends your location information back to Apple or Google – it would be child’s play for the government to track your location that way.
As the top spy chief at the U.S. National Security Agency explained this week, the American government is collecting some 100 billion 1,000-character emails per day, and 20 trillion communications of all types per year.
He says that the government has collected all of the communications of congressional leaders, generals and everyone else in the U.S. for the last 10 years.
He further explains that he set up the NSA’s system so that all of the information would automatically be encrypted, so that the government had to obtain a search warrant based upon probably cause before a particular suspect’s communications could be decrypted. But the NSA now collects all data in an unencrypted form, so that no probable cause is needed to view any citizen’s information. He says that it is actually cheaper and easier to store the data in an encrypted format: so the government’s current system is being done for political – not practical – purposes.
He says that if anyone gets on the government’s “enemies list”, then the stored information will be used to target them. Specifically, he notes that if the government decides it doesn’t like someone, it analyzes all of the data it has collected on that person and his or her associates over the last 10 years to build a case against him."
READ THE FULL ARTICLE AT THIS LINK:
http://www.pakalertpress.com/2012/1...utm_campaign=Feed:+pakalert+(Pak+Alert+Press)

Imagine if Stalin or Hitler had the ability to spy on people like technology has presented us today.

stevessvt said:
Imagine if Stalin or Hitler had the ability to spy on people like technology has presented us today.
Click to expand...
Click to collapse
I dunno were almost to the stazi 1937-38 e. german police state now!!

xiaomi spying

just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html

meanwhile Google (Android OS), Apple, Amazon + basically any company which sells any item with a camera or microphone which connects to the internet
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

bluefender said:
just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html
Click to expand...
Click to collapse
I'm already aware of it not only xiaomi if you have FB installed it does so same for google apps or almost any apps, Im using some tool to monitor my network and im not even using my phone and I see that it's always exchanging data on the internet just to know that I didn't enable any cloud thing or any sync also I have put some Data on my phone when I was away from home and it went out so fast after I checked the apps that used it I found that almost 200 Mb of data is missing but it wasn't used by any app so there is an exchange but it's hidden, im thinking of using another rom and check

bluefender said:
just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html
Click to expand...
Click to collapse
that's why i tell people to use gappless custom roms ...
brownm121 said:
What about the apps described here https://realspyapps.com/phone-tracker/? How to protect your data from such spy apps? They can get all your data as I've understood. Is it possible to protect a phone from hacking and data theft?
Click to expand...
Click to collapse
don't give apps data permission
and restrict all from internet access
if you have an app that need both ensure it dosn't have trackers
if you still don't trust use riru storage isolation ...

Agree generally @loopypalm however I have been using AFWall+ and whitelisted (allowed) supposedly only 4 installed apps - but no system stuff. According to the logs it is blocking literally 000's of requests from the kernel/system and others. However I installed GlassWire the other day and it is showing it exchanging data in and out daily for "Android System".......... :-(
If accurate not sure there is any way to stop that as it must be buried very deep?

loopypalm said:
that's why i tell people to use gappless custom roms ...
don't give apps data permission
and restrict all from internet access
if you have an app that need both ensure it dosn't have trackers
if you still don't trust use riru storage isolation ...
Click to expand...
Click to collapse
Karma Firewall, freeware that uses almost no battery.
China and the CCP are one in the same. The risk of embedded hardware, firmware and software spyware or back doors is high.
The CCP is insidious and nefarious... if you haven't noticed it already

sabei said:
However I installed GlassWire the other day and it is showing it exchanging data in and out daily for "Android System".......... :-(
If accurate not sure there is any way to stop that as it must be buried very deep?
Click to expand...
Click to collapse
there is an app+process called 'NetworkStack' , that is responsable for app to use internet and it's consomation is counted under "Android System"
blackhawk said:
Karma Firewall, freeware that uses almost no battery
Click to expand...
Click to collapse
i read that it dosn't require root, so i'm not sure if it operate at a system level or just does this :

loopypalm said:
i read that it dosn't require root, so i'm not sure if it operate at a system level or just does this :
View attachment 5356179
Click to expand...
Click to collapse
It's a VNP based firewall. It runs best on Pie or lower. With Q and above you lose it's logging function. I'm running Pie so I haven't tested that... and don't plan too anytime soon

loopypalm said:
there is an app+process called 'NetworkStack' , that is responsable for app to use internet and it's consomation is counted under "Android System"
Click to expand...
Click to collapse
yes that shows as a separate process on mine (1073) and is blocked/not allowed along with the rest
(I am still running AEX 7.3 - thanks again for the original recommendation)

sabei said:
yes that shows as a separate process on mine (1073) and is blocked/not allowed along with the rest
(I am still running AEX 7.3 - thanks again for the original recommendation)
Click to expand...
Click to collapse
you can block the package ,yes but not the process
it's the one thing that make you able to connect to wifi/4g ...

{Mod edit: Quoted post has been deleted}
You have quoted an article written by someone selling spy apps...............hardly the most credible and has nothing to do with what I was referring to.

i think people should start editing the apps they work with to remove trackers and useless stuff ...
if you don't have the skills you can use the "mobilism" or "4pda forums" releases, i don't think i have the right to post their links here
other than that nobody can spy on you unless you r an idiot or if they use "Pegasus"

loopypalm said:
i think people should start editing the apps they work with to remove trackers and useless stuff ...
if you don't have the skills you can use the "mobilism" or "4pda forums" releases, i don't think i have the right to post their links here
other than that nobody can spy on you unless you r an idiot or if they use "Pegasus"
Click to expand...
Click to collapse
Easiest thing to do is either don't load crapware or firewall block it.
Amazon, WhatsApp, FB, Instagram, LinkedIn etc never are installed on my device.
Lots do then wonder why their battery life sucks and they have no privacy

blackhawk said:
Easiest thing to do is either don't load crapware or firewall block it.
Amazon, WhatsApp, FB, Instagram, LinkedIn etc never are installed on my device.
Lots do then wonder why their battery life sucks and they have no privacy
Click to expand...
Click to collapse
well , It is easier to escape from a problem than to solve it ...
lot of people can't live without wsp and fb,and i agree, that's a problem ...
that's why i suggested to use storage isolation
(you give an app just one folder to access instead of the whole SD)
and use mod like fouadmod for wsp and cleaned Friendly for Facebook ...
and for identity i don't think there is much you can do unless feed it fake info or create a new identity ...
and if you are a government target just destroy your phone and don't even think ...

loopypalm said:
well , It is easier to escape from a problem than to solve it ...
lot of people can't live without wsp and fb,and i agree, that's a problem ...
that's why i suggested to use storage isolation
(you give an app just one folder to access instead of the whole SD)
and use mod like fouadmod for wsp and cleaned Friendly for Facebook ...
and for identity i don't think there is much you can do unless feed it fake info or create a new identity ...
and if you are a government target just destroy your phone and don't even think ...
Click to expand...
Click to collapse
The problem with those social apps is two fold. All the personal data the user willingly supplies that can then be weaponized against them is the primary issue.
People shouldn't know everything you do and think.
These virtual trash apps have ruined many careers and lives. They are now a source of disinformation and are heavily censured unless you think "correctly". It is a means of controlling the masses by a few.
You're not the customer... you are the product.
Fk that $hit.

loopypalm said:
i think people should start editing the apps they work with to remove trackers and useless stuff ...
Click to expand...
Click to collapse
I've been using some (very few) mobilism apps for years without any ill effects.
Even if you don't use FB yourself, that by itself doesn't exempt you from its tracking, as you'll notice if you follow the tip below.
If you're rooted, another way (which doesn't always work, sadly) would be to get OSS App Manager from F-Droid, see what trackers are there for any given app (you're clear if none are listed) and block some or all of them... YMMV.

pnin said:
see what trackers are there for any given app (you're clear if none are listed) and block some or all some of them... YMMV.
Click to expand...
Click to collapse
Anybody else tried using Warden - app on XDA to remove trackers/beacons etc?

pnin said:
I've been using some (very few) mobilism apps for years without any ill effects.
Even if you don't use FB yourself, that by itself doesn't exempt you from its tracking, as you'll notice if you follow the tip below.
If you're rooted, another way (which doesn't always work, sadly) would be to get OSS App Manager from F-Droid, see what trackers are there for any given app (you're clear if none are listed) and block some or all some of them... YMMV.
Click to expand...
Click to collapse
If FB, Amazon etc is preinstalled either package block it or firewall block.
I prefer using Package Disabler to kill them although you can use ADB to do it.
I keep locations disabled unless I need maps which is rare. Helps battery life too.
Lol, FB is pure poison...

blackhawk said:
Package Disabler
Click to expand...
Click to collapse
Is this the paid for app?

sabei said:
Is this the paid for app?
Click to expand...
Click to collapse
Yes, annual subscription. Use the none Samsung variant. I can't say how well this variant works. The Samsung version works well but won't block Google play Services. I've been using it for over 2 years.
They do respond to emails promptly.
{Mod edit: Link to paid app removed @blackhawk )