Page 1 of 2 1 2 LastLast
Results 1 to 15 of 23

Thread: How To Find Spyware On Your Android Device

  1. #1
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0

    Post How To Find Spyware On Your Android Device

    Name:  os-monitor.png
Views: 1833
Size:  149.2 KB

    So how was your weekend? Good, good. Mine? Pretty uneventful, really. I did find out that an Android app that I've been using for years has been phoning home to China, but other than that...

    The app in question is ES File Explorer, currently boasting some 300 million downloads in its Play Store listing. I've been using it for its remote file manager abilities, which basically turns my phone into an FTP server so I can transfer large files wirelessly over my home network. Little did I know that the app was also transmitting data back to a Chinese server at the same time.

    But now I do, and it's all thanks to some forum threads and my new favourite app.

    Unknown Folder "baidu"

    This all started with a thread on the Sony Xperia Care Forums that I came across last week. Honestly, the original idea for this post was to warn prospective Sony buyers about potential spyware in the My Xperia app. From that thread:

    To sketch the magnitude of the problem: potentially, the Chinese government can:

    • Read status and identity of your device
    • Make pictures and videos without your knowledge
    • Get your exact location
    • Read the contents of your USB memory
    • Read or edit accounts
    • Change security settings
    • Completely manage your network access
    • Couple with Bluetooth devices
    • Know what apps you are using
    • Prevent your device from entering sleep mode
    • Change audio settings
    • Change system settings

    All of the above can potentially be monitored and managed remotely via internet WITHOUT YOUR KNOWLEDGE OR PERMISSION!
    Apparently the culprit is a folder in the internal (root) storage of Xperia devices called "baidu". If you didn't know, Baidu is the Chinese search giant that's widely rumoured to have close ties with the PRC government. Hold that thought...

    The proof that Sony was leaking data to Chinese servers was proved with a screen grab from an app I had never heard of, OS Monitor—it's available on both the Play Store and F-Droid. Since F-Droid only hosts apps with some sort of open-source license, I figured it was legit. Best part of all? It doesn't require root.

    baidu.cuid

    Back to Baidu, I had noticed a file in the internal storage of my Nexus 5 called "baidu.cuid". A bit of searching yielded a thread on XDA with other Nexus owners also in possession of this mystery file. The consensus seems to be that ES File Explorer is to blame. From that thread:

    To those that thought it *might* be ES File Explorer - I salute you. My research:

    I deleted the directory and tried a bunch of apps to try and find the culprit. Then I did a root search of my phone for the word "baidu." I used CM11's file explorer rather than a 3rd party app. Here's what came up: In folder /data/data/com.estrongs.android.pop/shared_prefs is a file: __Baidu_Stat_SDK_SendRem.xml. When I look at the XML it's pretty simple. It's sending a logfile. I don't know what it's sending a log of-that bothers me.

    I also did a little more background research. Apparently one of Baidu's founders is an angel investor in EStrongs. I hate to say it, but this might compel me to stop using ES File Explorer even though it's a great app...
    For your reference, here are the contents of the XML file on my device:

    Code:
    <?xml version='1.0' encoding='utf-8' standalone='yes' ?>
    <map>
        <int name="timeinterval" value="24" />
        <string name="cuid">|077024260485253</string>
        <long 3947ECD933FCB2F4F91AB27AEE2A348D name="lastsendtime" value="1415026434602" />
        <string name="mtjsdkmacss">qU7242VmtgqdqpefypCliw==</string>
        <string name="cuidsec">WTUMQrCjbexVl0YepOKIUd7mCsyLmARNinh5Cm28RQCYwTvuRxLO51ktKMfZczzApSx3piqrtcuuN25IcN2bNA==</string>
        <boolean name="onlywifi" value="false" />
        <boolean name="exceptionanalysisflag" value="false" />
        <int name="sendLogtype" value="1" />
    </map>
    Someone smarter than me will have to figure out exactly what's going on here. But thanks to OS Monitor I can at least confirm that ES File Explorer is indeed connecting to a server in Beijing:

    Name:  es-beijing.png
Views: 1650
Size:  1.06 MB

    Again, I can't say exactly what is being shared here, but the fact that an app with access to everything on my device and my home network is making a remote connection without my express consent is enough for me to stop using it. Immediately.

    If you suspect that there may be spyware on your Android device then OS Monitor is your new best friend.

    Further Reading:

    Xperia Care Support Forum: Unknown folder "baidu"
    XDA Developers: What is baidu folder for?
    Google Play Apps: OS Monitor
    My mobile memoirs — free ebook available here.
    My HoFo feedback... is that still a thing?

  2. #2
    Join Date
    Jan 2012
    Posts
    46
    Carrier(s)
    Fido
    Feedback Score
    0
    Which leads to tomorrow's topic, choosing your new file manager.
    I have been using ES File Explorer for a number of years now...

  3. #3
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0
    Happy to oblige!

  4. #4
    Join Date
    Feb 2002
    Location
    GTA
    Posts
    2,254
    Carrier(s)
    Koodo
    Feedback Score
    1 (100%)
    Quote Originally Posted by asharx View Post
    Which leads to tomorrow's topic, choosing your new file manager.
    I have been using ES File Explorer for a number of years now...
    Holy crap! Me too!

    Quote Originally Posted by acurrie View Post
    Happy to oblige!
    Andrew, thank you so much!

    So, any suggestions as to the alternatives? ES File Explorer is VERY useful.



    Sent from my X9006 using Tapatalk
    Cell phone history:
    Motorola DPC 550 - Ericsson DF388 - Sanyo SCP-4000 - Samsung SCH-N150 - Samsung SCH-T300 - LG TM520 - LG VX-4600 - BlackBerry 6750 - BlackBerry 7250 - Samsung SGH-807 - T-Mobile Dash - Motorola RAZR - BlackBerry Bold 9000 - BlackBerry Torch 9800 - Samsung Galaxy S Captivate (rooted) - Samsung Nexus S - Samsung Galaxy S III LTE (rooted, running SlimBean 4.3) - Oppo Find 7a - Moto X Play - OnePlus 3T Midnight Black Limited Edition - Huawei P20 Pro

  5. #5
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0
    I'm working on it. Should have some recommendations in the morning...

  6. #6
    Join Date
    Jun 2003
    Location
    FITH BEYOND Thunder Bay
    Posts
    18,278
    Device(s)
    IR GS BL00D Phone X N0 B.efore C.hrist E.ntity.. |nfinite HELLUS™ TnT $pawn + Ted§ Hell Hound TˇTher
    Carrier(s)
    M¤ther Nature !... @SS2MOUTH Death 0f SELFie -> HardWare Opiates
    Feedback Score
    12 (100%)
    Quote Originally Posted by acurrie View Post
    I'm working on it. Should have some recommendations in the morning...
    @Currie Burning the midnight whale oil for National Security


  7. #7
    Join Date
    Jun 2003
    Location
    FITH BEYOND Thunder Bay
    Posts
    18,278
    Device(s)
    IR GS BL00D Phone X N0 B.efore C.hrist E.ntity.. |nfinite HELLUS™ TnT $pawn + Ted§ Hell Hound TˇTher
    Carrier(s)
    M¤ther Nature !... @SS2MOUTH Death 0f SELFie -> HardWare Opiates
    Feedback Score
    12 (100%)

  8. #8
    Join Date
    Feb 2009
    Posts
    5,317
    Feedback Score
    0
    I use:
    File Explorer
    NextApp, Inc.
    June 3, 2014

    https://play.google.com/store/apps/d...xtapp.fx&hl=en
    If my actions include deeds of philanthropy in charity and acts of loving kindness I am living in my Faith.

    Red Pocket (AT&T) $192yr UTnT 5GB exp 08.08.19
    Red Pocket (AT&T) $184.50yr UTnT 1GB exp 02.19.20
    T-Mo Gold Rewards $10yr exp 01.16.20
    Tello x2 (Sprint) $5 1-use/3mo no exp by 10.05.19

  9. #9
    Join Date
    Nov 2013
    Posts
    29
    Feedback Score
    0
    For what it's worth, I've been running OS Monitor for a few days now, and I haven't seen a single connection from ES Explorer back to the mothership. And I use it fairly frequently. (Google, apps, however... oy vey!) How long did you run OS Monitor before you found evidence of ES Explorer connecting to outside servers?

    I should say though: ES Explorer is one of the apps I hibernate with Greenify, so maybe that's why it's not calling home for me???

  10. #10
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0
    I noticed the connection to Beijing immediately.

    As for the Google apps, aren't they supposed to be syncing your PIM data to their servers?

  11. #11
    Join Date
    Aug 2013
    Posts
    86
    Carrier(s)
    Bell
    Feedback Score
    0
    Are you sure it isn't just usage data, like the Baidu equivalent of Google Analytics, that's being pinged back to the server? I can't remember if there was some kind of pro/donate version of ES that might require validation with mothership.

    ES File Explorer is so good I'd hate to think we're all walking around with little Chinese government spy-cams in our pockets.

  12. #12
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0
    I've just sent an inquiry to [email protected], and encourage any ES user reading this to do the same!

  13. #13
    Join Date
    Nov 2013
    Posts
    29
    Feedback Score
    0
    Yes Google is supposed to be syncing a crapload of stuff. I was just taken aback by the sheer number of connections, even though I disable syncing on half the stuff Google wants to sync...

  14. #14
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    4,342
    Carrier(s)
    Telus $75/15GB
    Feedback Score
    0
    Reply from EStrongs:

    Thank you for your feedback.
    We use a third party Statistic module provided by Baidu it just counts user numbers anonymously and won't collect any user info. You might read our privacy policy from settings.

    Best Regards,
    ES Supporting Team
    I'd still like to get that XML file deciphered. The furthest I've gotten so far is with with someone on Twitter who has only told me: "They look like like Base64 values"...

  15. #15
    Join Date
    Jan 2012
    Posts
    46
    Carrier(s)
    Fido
    Feedback Score
    0
    I am liking FX so far, I haven't used the FTP server, but I played around with FTP Droid and I could see that as an easier way for transfering files.

Page 1 of 2 1 2 LastLast

Similar Threads

  1. » How To Save Power On Your Android Phone
    By oceanwing in forum HTC
    Replies: 24
    Last Post: 06-12-2014, 11:38 AM
  2. Replies: 1
    Last Post: 10-31-2012, 05:47 AM
  3. How to watch Hulu on any Android device
    By hyc in forum Android
    Replies: 2
    Last Post: 02-17-2011, 03:44 PM
  4. how to find imei on a tdma phone...
    By Dan tha Man in forum Nokia
    Replies: 2
    Last Post: 03-04-2004, 07:50 AM
  5. Anyone know how to find info on cell #
    By trin_dog in forum TELUS/Koodo/Public Mobile
    Replies: 8
    Last Post: 07-20-2002, 03:04 PM

Tags for this Thread

Bookmarks