Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by gradinaruvasile

  1. Hi, I have a cheap Chines phone (Cubot Rainbow) which after a month of purchase started to open unwanted web pages. This happened when Chrome was running or was just launched, or when the Store app was launched it opened with random unrequested apps focused. The most annoying was when using the Facebook Lite app it showed full screen app install nag pages that could be only escaped if you actually tapped a X sign on it - anything else is below it even if you open stuff from the drop down menu. I did a logcat on the phone and it has some lines like this (various websites are opened): 03-20 21:04:42.310 23448 23722 I ActivityManager: START u0 {act=android.intent.action.VIEW dat=http://crapeta.com/... flg=0x10000000 pkg=com.android.chrome cmp=com.android.chrome/com.google.android.apps.chrome.Main} from uid 10022 from pid 23613 on display 0 The "uid" 10022 is the user id of the package that requested the action. adb shell "dumpsys package | grep -A30 'userId=10022'" userId=10022 sharedUser=SharedUserSetting{de1a2e5 android.uid.systemui/10022} pkg=Package{ad251ba com.android.systemui} codePath=/system/priv-app/SystemUI resourcePath=/system/priv-app/SystemUI legacyNativeLibraryDir=/system/priv-app/SystemUI/lib primaryCpuAbi=null secondaryCpuAbi=null versionCode=23 targetSdk=23 versionName=6.0-1474361238 splits=[base] applicationInfo=ApplicationInfo{aead9c8 com.android.systemui} flags=[ SYSTEM HAS_CODE PERSISTENT ] privateFlags=[ PRIVILEGED ] pkgFlagsEx=[ ] dataDir=/data/user/0/com.android.systemui supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity] timeStamp=2016-09-20 11:09:09 firstInstallTime=2016-09-20 11:09:09 lastUpdateTime=2016-09-20 11:09:09 signatures=PackageSignatures{4fa86b [4fd7fc8]} installPermissionsFixed=false installStatus=1 pkgFlags=[ SYSTEM HAS_CODE PERSISTENT ] declared permissions: com.android.systemui.permission.SELF: prot=signature, INSTALLED User 0: installed=true hidden=false stopped=false notLaunched=false enabled=0 I found the apk file on the phone and downloaded it and attached it to the post. Also i loaded it in the virustotal.com page - attached below. 13 / 55 detection ratio but Malwarebytes did not detect it. The "System UI" application can not be disabled and i suspect it is the actual system ui which manages the UI, taskbar, touch and whatnot. It does some data transfer - i am not sure if the system ui needs access to the internet. The phone was reset to factory defaults and there are no visible issues right now, but the app did make some data transfer. I tried reflashing the phone but i am not sure it actually it worked because it did not took much to reset (the .zip downloaded contained another .zip with the actual data maybe i have to extract that...). SystemUI.apk.zip
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.