1. AC Question's Avatar
    is this a threat on my android 4 tablet?
    07-10-2015 01:55 PM
  2. Javier P's Avatar
    What app is saying that it's a thread?
    07-10-2015 02:48 PM
  3. B. Diddy's Avatar
    Welcome to Android Central! What app is telling you that it's a high risk? Chances are it's a false positive (which is fairly common with a lot of antivirus apps). The app is likely an important system component, so don't mess with it.
    07-10-2015 02:49 PM
  4. j_a_m_i_e's Avatar
    It's evil.

    Note the report here ( w w w . a v g t h r e a t l a b s . c o m / g b - e n / a n d r o i d - a p p - r e p o r t s / a p p / c o m . a n d r o i d . g o o g l e . s e t t i n g s / ) which from preliminary investigation, appears to match what I've found too (one of the tables is called credit-cards -numbers(!))

    Visibly, it randomly throws a combination of banner ads, full screen ads and 'news' popups on the device - no matter what app is foregrounded.

    Note the name. Google uses the convention "com.android.*" for android "internal" apps, and "com.google.android.*" for their "add-on" apps.

    I've never seen com.android.google.* used anywhere officially.

    If anyone wants a copy I can upload it, along with typical runtime data (as soon as I've determined none of my top secrets are within!)

    As for it's origins, it arrived *preinstalled* on a Q8H A23 tablet ordered from China (a rather nice cheap tablet otherwise)

    It is installed as /system/app/com.android.google.settings.apk, and looking at the file date, appears to be self updating.

    The com.android.browser also arrived hobbled - the homepage is forced to some google-referring landing page. And for some reason, history is disabled.

    The other 2 are suspect also. Note that all 4 have an update date well after I obtained the tablet.

    total 7316
    -rw-r--r-- 1 0 0 210461 Jun 19 14:44 CloudsService.apk
    -rw-r--r-- 1 0 0 2063264 Apr 11 16:30 com.android.browser.apk
    -rw-r--r-- 1 0 0 2612471 Jul 9 05:54 com.android.google.settings.apk
    -rw-r--r-- 1 0 0 2600073 May 30 02:45 com.yiranhan.globalweather.apk

    As for removal, you need to root the device, as it's installed as a system-app.
    I did mine using adb (which connects with a root shell)

    The apps *appear* to have not mangled the Linux system - removing the app, it's dex, and it's data directory seem to kill it.

    I'd be interested to know where you purchased yours, and whether you have the other 3 offending apps.
    B. Diddy likes this.
    07-13-2015 07:34 AM
  5. B. Diddy's Avatar
    Excellent, thanks for digging deeper into this! That is very sneaky.
    j_a_m_i_e likes this.
    07-13-2015 10:41 PM
  6. kazdaddy's Avatar
    Hi

    I am also the owner of a a23 tablet.
    I have the same problems you describe... app installing themselves - malware being detected by avast antivirus.
    I have removed the cloudsService.apk via adb, but the thing restores itself after reboot of the tablet. could you please describe in detail what needs to be done to root out this infection?
    01-25-2016 09:48 AM
  7. treetopsranch's Avatar
    I would throw that thing away. It has malware installed by the Chinese maker.
    01-25-2016 10:43 AM

Similar Threads

  1. Replies: 8
    Last Post: 10-08-2016, 02:11 PM
  2. Replies: 4
    Last Post: 07-21-2015, 11:54 AM
  3. Replies: 1
    Last Post: 07-10-2015, 03:03 PM
  4. Replies: 1
    Last Post: 07-10-2015, 02:59 PM
  5. Replies: 0
    Last Post: 07-10-2015, 01:43 PM
LINK TO POST COPIED TO CLIPBOARD