Brickstin

Everyone have a Happy Halloween!

^lack of updated firmware" 100% In Danger!" P.S Malwarebytes Administration please consider allowing members to edit their posts after posting - there is times that as a human being we miss something especially when so focused on something crucially important ( Allow every new Post to be edited within 5 mins) this way I don't have to make another post to correct my typos...

Update: I Hard reset/formatted the phone, still no dice: this means that the network provider (Assurancewireless) has more then likely globally blocked the proper UPD/TCP Ports preventing Google Play Services & Google Play Store from properly communicating with Google Servers. This potentially means that every single Assurancewireless customer can no longer get playstore downloads/app updates or firmware updates - Assurancewireless has created a National Security threat on a Global scale: someone needs to contact the FCC and the FTC, this is extremely dangerous and could potentially allow cyber terrorists to infiltrate the network of Assurancewireless/UMX on a global scale via insecure/ out of date apps/ security loops in the handset due to lack of update firmware.... PLEASE EVERYONE BE AWARE: YOU'RE PRIVATE INFORMATION COULD BE IN 100% IN DANGER! App/Firmware updates are put out for a reason - to insure everyone's security & Safety for Networks & handsets & keep Telecommunication/Cellular Providers Secure and operational, Patches/App updates/Service Updates/Firmware updates must be provided for everyone's continued safety and prevent any undesirable operation or disruption of Technological communication services. Handsets rely on Data network services to function ( We don't live in Analog days anymore) - it's no different than a computer/laptop connecting to a network with internet allowing world wide communications to send and receive data on a daily basis. With potential security breaches, one's handset can turn into a drone for a hacker/cyber terrorist and do anything illegal they wish from using your phone information to steal credit/financial info and rob you of your finances to committing Felony level crimes in your name, I have had my identity stolen once and someone tried to open up a business in Rio of Brazil, I was even wanted in Louisiana when I have never been there in my life. I almost ended up in Jail, lucky I was able to get into the clear after a thorough investigation that saved me. I don't think anyone wants their handset to be used illegally to commit terrorism on any scale what so ever, to even using your phone to communicate with other terrorists or hackers. I ran a Computer Business out in Indiana of South Bend, PCER LLC, I have relocated to MN and started Cyber Patrol Division to provide online security & awareness to the public to help better safeguard online communities - So I have a bit of experience and knowledge in the technological lane. I am going to request another handset and do thorough testing on that new unit, I hope that this is just an isolated incident: If I get the same result(s) with the replacement handset then this will confirm my findings, I will keep everyone posted. Best Regards, Kai

That didn't work, now it won't even show updates available.. Its not even connecting to the store at all.. It shows no updates.. THIS is a univeral situation within the network.. NOT thep hone.. I have turned on this phone's HOTSPOT to send internet to my laptop and my other phones.. My other Phones that run android are not able to connect to the playstore and google play services to DOWNLOAD app updates either.. now it wont even show that I have any installed apps in the play store.. I GOT NOTHING the entire list is gone.. I don't know why I even bothered to try this when I knew more than likely it would not work.. BUT my PHONE PROVIDER BLOCKED Those ports that involves the services.. My PHone is completely unprotected.. COMPLETELY I cannot get firmware updates I cannot get anything.. I had already said in my Original POST that My other devices that I have connected to this primary phone's hotspot ARE NOT able to connect.. If I Disconnect those Android devices or tablets OFF this UMX PHone's hotspot and use another wifi source they DOWNLOAD Perfectly with no issues what so ever..

Dear Malwarebytes community, I think we have a serious problem, I am currently trying to diagnose this but Assurancewireless may have just blocked certain UPD/TCP communication protocols and ports that connect to Google Play Services, just a few days ago o the U693CL phone I lost the ability to update my apps in my phone via Google Playstore, not only that but the same communication protocols needed to download firmware updates has just been blocked as well. When one tries to update or install apps it just never works: the only way to download a firmware-update or Apps or update apps via Google Play is the need for Wifi. I have already contacted Assurancewireless on the matter and filed a formal complaint: they are aware of the issue and so far I have not gotten any word back from them. They say their answer is a new phone - that's their answer 90% of the time.. Get a replacement.. i am going to be doing a factory reset to see if this would fix the issue, however I have my doubts... Reason being is because when I cast my internet from the UMX phone of assurance and make a hotspot so my other devices can connect to it I get the same issue.. Multiple Ports blocked and closed, apps unable to update, not able to get firmware updates etc.. the same issue happens to the other devices unless I drop the wifi connection off my Motorola for example and use the MintMobile Network data or another Wifi connection. if Factory resetting and replacing the phone does not solve this issue with Assurancewireless this confirms with out a doubt that Assurancewireless just put millions of Handsets in danger of security and functionality. No one with this phone and the service of Assurancewireless will be able to properly protect themselves from vulnerabilities found in any of the apps of google or any other developer(s) have made and created updates to continue functionality and safety for those apps. I have already tried to update the firmware to the latest firmware to see if this would resolve the issues and to no avail I still suffer the same fate. This means millions of users are possibly at risk and will no longer be able to install Apps from google Play store or get firmware updates, If you or anyone else has experienced this issue of not being able to install/update apps or download and install firmware updates for the UMXU693CL, and you have tried to no avail to hard reset the phone and even order a replacement and the same issue develops - STOP AND CEASE USE OF THE PHONE IMMEDIATELY! This is a warning to all whom have this phone and are under assurancewireless! You're privacy, data is at great risk! Sincerely yours, Kai @ PCER L.L.C

Just a follow up, I re-enabled the com.sprint apps like you said and I got undesired invasive ads again.. I am sorry but I am going to have to re-disable it because MCM client did this; this is why I had disabled com.sprint.w.installer to begin with: The only thing this COM has been good for is utter annoyance and the unwarranted use of my personal Data allotment.

I was doing some searchin in the XDA Forums and guess what I found :P So far no complaints from the people who have been using it: but it is fairly new - it doesn't have all that bloatware and adware/malware nonsense. If you have this model maybe we should give it a shot? I'm thinking about trying it out - Assurancewireless is sending me a new phone anyway - I'm hoping for the Wiko because it was way better. https://forum.xda-developers.com/t/umx-u693cl-root-recovery-release.4293219/ It's made by these guys:

That is rather interesting to hear: Im sorry to hear that everyone else is having these re-direct issues, sure is quite a bother some problem if you ask me. Now that you mention it, I actually contacted assurance wireless and they told me I can uninstall it, kinda hard to do when it's disabled on the user profile thus preventing me doing so. I will definitely talk to them again about asking them to do a push to my phone to remove them - and then re-enable those two coms so they can do it. Have you had any luck on getting into the code aspect in regard to these re-directs to try and figure out how to stop it? I apologize I missed this, I am just now catching up on replies - I will re-enable/Re-install back into my default profile com.sprint. (s) and the Innopath ones and see how it works, if I get any issues (I hope I don't) I'll let you know - I will keep com.android.part.iinews uninstalled. Thanks for that information :3

It sounds like fun - DO you use Android Studio and Linux by chance? I know this won't remove it from the actual system area, but at least it's working so far, I am on going on day two tomorrow afternoon, so far no popups or crazy things have been happening, I haven't gotten any Chrome Popup/Redirects thus far either. I will keep you posted :3

That's good to know that com.android.part.iinews is not actual adwarePuPs Thanks for the info :)

That's not an issue, I have the ability to restore certain applications even system applications, I was able to do so via ADB Shell- I have uninstalled/disabled the following which all can be restored with the proper commands: This doesn't get rid of the malware from the firmware, this is a work around to disabling certain functions that gets installed into the user directory - I have been testing this so far on the U693CL So far no apps have been suspiciously popping up, no ads, nothing. Even my network traffic is functioning better - I know this isn't someone for who is tech savy but .. Its not that hard to learn with what I did. You can do this with any app and restore it for whatever reason. It prevents the user 0 which is the default from using the installations - in the notice of each app it states "Not installed for this User" 255|U693CL:/ $ pm disable-user --user 0 com.ironsource.appcloud.oobe Package com.ironsource.appcloud.oobe new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.ironsource.appcloud.oobe Success U693CL:/ $ pm uninstall --user 0 com.handmark.expresswheather Failure [not installed for 0] 1|U693CL:/ $ pm disable-user --user 0 com.handmark.expressweather Package com.handmark.expressweather new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.handmark.expressweather Success U693CL:/ $ pm uninstall --user 0 com.amazon.mShop.android.shopping Success U693CL:/ $ pm disable-user --user 0 com.sprint.ms.cdm Package com.sprint.ms.cdm new state: disabled-user U693CL:/ $ pm disable-user --user 0 com.sprint.ms.smf.services Package com.sprint.ms.smf.services new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.facebook.katana Success U693CL:/ $ pm disable-user --user 0 com.facebook.system Package com.facebook.system new state: disabled-user U693CL:/ $ pm disable-user --user 0 com.facebook.appmanager Package com.facebook.appmanager new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.facebook.appmanager Success U693CL:/ $ pm uninstall --user 0 com.facebook.katana Failure [not installed for 0] 1|U693CL:/ $ pm uninstall --user 0 com.facebook.system Success U693CL:/ $ pm disable-user --user 0 com.huub.instantnews Package com.huub.instantnews new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.huub.instantnews Success U693CL:/ $ pm disable-user --user 0 com.sprint.w.installer Package com.sprint.w.installer new state: disabled-user 130|U693CL:/ $ pm uninstall --user 0 com.facebook.orcastub Failure [not installed for 0] 1|U693CL:/ $ pm uninstall --user 0 com.facebook.orca stub Failure [INSTALL_FAILED_INVALID_APK: Split not found: stub] 1|U693CL:/ $ pm uninstall --user 0 com.facebook.orca Success 255|U693CL:/ $ pm disable-user --user 0 com.sprint.ce.updater Package com.sprint.ce.updater new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.sprint.ce.updater Success U693CL:/ $ pm disable-user --user 0 com.innopath.activecare Package com.innopath.activecare new state: disabled-user U693CL:/ $ pm disable-user --user 0 com.innopath.activecare.dev.oem Package com.innopath.activecare.dev.oem new state: disabled-user U693CL:/ $ pm disable-user --user 0 com.teleepoch.myaccount Package com.teleepoch.myaccount new state: disabled-user U693CL:/ $ pm disable-user --user 0 com.amazon.avod.thirdpartyclient Package com.amazon.avod.thirdpartyclient new state: disabled-user U693CL:/ $ pm uninstall --user 0 com.amazon.avod.thirdpartyclient Success 1|U693CL:/ $ pm disable-user --user 0 com.android.part.iinews Package com.android.part.iinews new state: disabled-user 1|U693CL:/ $ pm uninstall --user 0 com.android.part.iinews Success U693CL:/ $ --------------------------------- Phone has been working great for the last 24 hours.

After Some Work I have been doing I have been using an app to Inspect APPS including System apps behind the user interface to pull all the APKs that come pre-installed from UMX Phones given out by Assurancewireless, I have been actually using ADB to remove all the bad APKs from the user profile, I don't think this will permanently remove the pre-installed malware entirely; certain apps pre-installed run payload to download it's functionary package groups to infect the phone after factory reset but the apps still need internet to run their payload, I am going to uninstall all related apps that I have access to including the System Build Apps so the payload can't be executed all the time - 'IF' I can manage to figure out exactly which apps does this, which I have a pretty good idea considering all the sprint indicators and other apps that I know of already. Well I just Pulled Carrier Device Manager which is com.sprint.ms.cdm-1.7.6-1706.apk into the download directory and MALWAREBYTES DETECTED IT AS RANSOMWARE LMAO!! : I'm going to keep pulling packages and extract them to unpack them all and screw around with them in Android Studio so I can try and learn something from them in detail. SPRINT... ASSURANCE, UMX.. I swear they can't fool me anymore, we already have a De-bloated Custom ROM Floating around now to stop this BS permanently, NO MORE Adware/Malware, no more China BS, no more data being stolen and accounts being hacked into. Right now I am testing these removals to see how they work, if I reboot it may come back (we'll see). Trying this on original ROM firmware from UMX/Assurancewireless. I figured to screw around with this phone anyhow - not like I have anything important on it nor do I really use it other then for internet.. That is it. I don't even use text or phone calls or drop in accounts with passwords anymore since the phone is entirely compromised in all aspects of security.. Check out some of the dangerous permissions this pre-installed app has (Shame on you UMX/Assurancewireless):

HAHAHAHA, WELL After Some Work I have been doing I have been using an app to Inspect APPS including System apps behind the user interface to pull all the APKs that come pre-installed from UMX Phones given out by Assurancewireless, I have been actually using ADB to remove all the bad APKs from the user profile, I don't think this will permanently remove the pre-installed malware entirely; I do know that certain apps pre-installed run payload to download its functionary package groups to infect the phone after factory reset but the apps still need internet to run their payload, I am going to uninstall all related apps that I have access to including the system build so the payload can't be executed all the time - IF I can manage to figure out exactly which apps does this, which I have a pretty good idea considering all the sprint indicators and other apps that I know of already. Well I just Pulled Carrier Device Manager which is com.sprint.ms.cdm-1.7.6-1706.apk into the download directory and MALWAREBYTES DETECTED IT AS RANSOMWARE LMAO!! : I'm going to keep pulling packages and extract them to unpack them all and screw around with them in Android Studio so I can try and learn something from them in detail. SPRINT... ASSURANCE, UMX.. I swear they can't fool me anymore, we already have a De-bloated Custom ROM Floating around now to stop this BS permanently, NO MORE Adware/Malware, no more China BS, no more data being stolen and accounts being hacked into. Right now I am testing these removals to see how they work, if I reboot it may come back (we'll see). Trying this on original ROM firmware from UMX/Assurancewireless. I figured to screw around with this phone anyhow - not like I have anything important on it nor do I really use it other then for internet.. That is it. I don't even use text or phone calls or drop in accounts with passwords anymore since the phone is entirely compromised in all aspects of security.. Check out some of the dangerous permissions this pre-installed app has (Shame on you UMX/Assurancewireless:

I have this same phone, its worse then the last model, because at least I could bloody enable developer mode, unlock the bootloader etc. This latest model prevents you from unlocking the bootloader and stops you from going into bootloader mode. The U693CL is completely controlled by the manufacture and I haven't seen any custom Firmwares for this model yet.. Here is the old phone that I had that did the same things: Also have a look at this Published article about UMX and Assurance Wireless and the issues with that the FCC overlooked: https://securityboulevard.com/2020/01/fcc-subsidized-sprint-phones-have-malware-preinstalled/ Please check out this other thread that I am participating in:

I have both U683CL and U693CL. Both of them.. Factory installed malware and adware. Runs payload at every boot to insure malware stays active and functional, certain apps get installed with superuser/administrative access, and root privileges. I have been having issues with assurance wireless for over a year now, Assurance used to be good, I was there when they was just getting big, and I had great services since 2014, but it went to the toilet when when UMX came into existence, Assurance has turned over a bad leaf.. . I have been gathering evidence for the longest time now, reaching out to technicians of Malwarebytes and working with some, even have been in talks with other legal advisors and quite frankly, I think we should do a class action lawsuit guys, I'm sorry but I couldn't get medical help because of Assurance and UMX and a lot of other people have suffered to, there was one time that I had to call 911 for a domestic disturbance crime on going and I couldn't reach out to them because of the ads blocking everything I do I hope to God no one has a heart attack and cant get passed their Ad popups and crap to call 911 for help. I to have TopicNew/Topic It is a system app that MCM Client and it's none removable. I was in a very bad mental state that could have costed me my life and Assurancewireless and UMX made it extremely difficult to get any medical help. Also btw, now my Google account keeps getting hacked and it started happening when I got the U693CL. I had to change the password and no matter how many times I changed it on my UMX I was getting access code requests over and over via text and Google Notifications would pop up, I decided to format the phone and it still does not fix the issue, the malware gets re-installed again. I've contacted the FCC in regard to these issues: I also found this Published article in regard to UMX, Assurancewireless and other issues: https://securityboulevard.com/2020/01/fcc-subsidized-sprint-phones-have-malware-preinstalled/ Here is my post for my old UMX phone: