How to verify that my Android OS has not been modificated maliciously?

[Avuerim2]

Hi !
I'm looking to reset a phone that is suspected to have been hacked. I'm thinking that a factory reset is not sufficient in the case that a hacker would have rooted the phone and modified the core of android which could be possible if a hacker have a physical access to the phone, am I right ?

I'm wondering so :
1) if it is possible to modify the core of a usual version of android by rooting it, in order to add malicious software ?
2) If 1) is possible, is it possible to do that in a way that it won't be detectable by any antivirus/antimalware tool ?
3) If 1) is possible, is it possible then to unroot the phone => so having an unrooted phone with a modificated OS
4) How could I verify that the OS is the "original one" and has not me modificated ?

It is possible that some elements of my demande doen't make sense as I lack of knowledge.

Thanks in advance for your answer !
Have a wonderfull life !
Avuerim

 

[Mooncatt]

Anything is possible, but hacking Android is rather hard. Modifying to the point of embedding malware into the OS itself and surviving a factory reset is something I've only seen from those dirt cheap Chinese knockoff clones.

So my first question is do you suspect you've been hacked or infected, and why?

 

[Avuerim2]

Hi and thanks for your answer !
It's an IT service I'm doing for somebody. So, the phone is not mine.The person asked me to do a hard reset beacause he suspected to have been hacked for his reasons. Even if the reasons are questionable, my way of thinking is assuming that the phone have been hacked, and thinking of what should I do to give back a phone having done the best to identify if it has been the case, or a least give back the phone garantying that if it has been hacked, it is not more the case.
Then it's true that I find also that topic really interesting, so even only for my culture I would be interested to know how I could verify if the original OS have been modificated. I've thought of that possibility because I've seen somewhere a video of a youtuber that have installed an "app" that allowed him to track the position of a phone, and he embedded that in the OS precisely to make it survive from a factory reset. His goal was to let voluntarly the phone being stolen in order to then localise where the phone would travel.
So I would be interested to have any leads that could help me to answer this questions.

 

[Mooncatt]

Like I said, I'm not aware of any such hacking that survives a factory reset. When setting up the phone, I would make sure to do so from scratch and only reinstall apps via the Play store or the manufacture's app store. If your customer is that concerned, you can possibly find the official ROM from the manufacturer and flash it into the phone. This would technically be more thorough than a factory reset, but functionally not very useful in this case (those ROMs are intended more for people that bricked the device and can't factory reset) and would be more about alleviating their fears than anything.

 

[Avuerim2]

Thanks for your answer !