Samsung Snooping

[edc2k12]

I am wondering if the S8 will have the same snooping problems that I have with my new SM-C900Y which just came out. Both Samsung and Taiwan Cellular are tracking all of my activities. I found this out by installing the "LostNet NoRoot Firewall" as it is free and I could get the information on why my cellphone was acting strange.

I noticed that applications I disabled were all of a sudden no longer disabled and was consuming a large quantity of internet bandwidth.

The S8 and the C900Y look very much like the same sets. In any case, it would be nice if the S8 was rooted and all of the snooping crap removed. The C900Y can't be rooted as the system automatically rewrite the recovery image if it notices it has changed. Just like how Windows 10 stops changes to the boot sectors.

 

[Golfdriver97]

Do you have a list of the applications?

 

[edc2k12]

The following is a list of applications running in the background connecting to the Internet and passing on my activities to third parties without my permissions. Most of these were found by my installing a firewall on my cellphone and reviewing the logs.

AASA Service
AllShare FileShare Service
Always On Display
Android System Webview
ANT+ HAL Service
App Lock
Assistant Menu
Automation Test
AutoPreconfig
Backup And Restore Manager
Badge Provider
BBC Agent
Beacon Manager
Bluelight Filter
Bluetooth Share
Bluetooth Test
Camera
Camera Test
Captive Portal Login
Chrome
Clipboard Save Service
Clipboard UI Service
Cloud Gateway
CMH Provider
com.android.carrier.config
com.android.managedprovisions
com.qualcomm.atfwd
com.qualcomm.embms
com.qualcomm.timeservice
com.samsung.android.sm.watchmanagerstub
com.samsung.android.sm.devicesecurity
com.samsung.dcmservice
com.samsung.faceservice
com.samsung.storyservice
com.sec.android.app.chromecustomizations
com.sec.android.app.wfdbroker
com.sec.bcservice
Container Agent2
Device Test
DiagMonAgent
Documents
DRParser Mode
Easy Setup
Email
Emergency Manager Service
Enhanced Features
Enterprise SIM Pin Service
EPDG Test app
FidoSUIService
Filter Provider
Find My Mobile
Fingerprint
Galaxy Apps
Gallery
Game Optimizing Service
Game Tools
Google Play Service & Store
Health Service
HTML Viewer
IMS Service
Intelligence Service2
Interaction Control
Internet (Browser)
Kies Application BNR
KLMS Agent
KNOX (I did not set it up)
Knox Enrollment Service
Knox SetupWizardClient
Knox FolderContainer2
LinkSharing
MDMApp
MMS Service
Mobile Tracker
My Interests
Nearby Services
NFC Service
Popupui Receiver
QuickConnect
Radio
RCP Component
Remote Control
RILNotifier
Safety Assistance
Samsung Account
Samsung Cloud
Samsung Keyboard
Samsung Notes
Samsung Print Service Plugin
Samsung Push Service
Samsung Setup Wizard
SAmsung Themes
SCPM Service
Secure UI Service
Security Policy Updates
Security Log Agent
SecVideoEngine Service
Service Mode
Settings Receiver
Shooting Mode Provider
SilentLogging
Smart Caller ID
Smart Tutor
SysScope
Video Player
Voice Assistant
VPNDialogs
WIFI Direct Share
WithTV

 

[Amele]

Ok, I am as paranoid as the next person but a lot of these are system apps, some android some Samsung and while I am not big on having them all running in the background, and while some of them certainly do send info back to either Google or Samsung, I am not clear that they qualify as spyware. Am I wrong? Someone else weigh in here!

 

[Ay Star]

Hello, I'm new to this site but I've been dealing with a similar issue. I can not seem to find much about this. Evidently there is something on my S8 that goes by two names of which I can not establish are the real name, either the complicated Android.AVT.Evo-gen.AG759512, or the more simple name I see when inspecting it in my phone's App Info, it shows up as Device.Keystring

The weird part about this is that I came to know about this when my AVG Pro app found this as malware and advised I disable it, and evidently I can not, but I can force stop it. I can see all of the app's history and for the most part is matches with edc2k12's list with some additional names I can not find much info on, (i.e. Face, IOTHiddenMenu, Perso, Launcher, TFunLock, and more) but mostly containing the same. I can't find much info on this online. It has used and sent about 150 MB of data as used a good chunk of battery life.. My carrier is T-Mobile and this is a U.S. model. I'm not sure what to form from this. I don't think it's an actual virus but AVG sees it's activity and existence as one which lead me to here. If anyone has any additional info I would love to figure out ways any of this means. It seems to have accessed a lot of my phone without going noticed since disabling my AVG service to test it was the cause for my abnormally warm S8 and low battery.

 

[Mike Smith53]

I have the exact same system apps running my GS8. I've been unable to disable, I cleared data which did return. I went and changed data usage on them and somehow it's persistent and returns back. I believe it's authorities. Samsung enabled for third party. I've done factory reset multiple times and apps are still there. I bought it in April 2017 and when I went through recovery log it shows the phone was rooted and set to act as if they are preinstalled. Also concerned me is the Knox was uninstalled but had mobile data usage .? Anyone find anything about those malicious apps?

 

[Tim1954]

Hmmm... Install Adguard and firewall all the apps. They don't use any data on my S8 according to the firewall..

 

[Gayle Lynn]

I use NetGuard Pro https://play.google.com/store/apps/details?id=eu.faircode.netguard

Malwarebytes https://play.google.com/store/apps/details?id=org.malwarebytes.antimalware

ESET https://play.google.com/store/apps/details?id=com.eset.ems2.gp

VPN https://forums.androidcentral.com/e...744%26chan%3DUUacUvbUpU5991755&token=Am9MbpJr

 

[deadbeatles]

Do you have a Samsung account and a Google account and are they signed in? If so, does NetGuard prevent tracking by Samsung and Google even when signed in to the accounts?

 

[Joe Edwards5]

Some of those applications or systems are needing certain permission to run. Such as cloud gateway needs permission for settings change and for changing your phone settings and storage customization. This app is what Google uses to back up your info. It needs the permission so it can make copies of your photos and access your app and phone settings so you have a backup of settings and system settings. Example, when you get a new phone and your wifi connections are on your new phone it's because of the app reading and making a backup copy of your saved wifi networks. Also intelligence services allow your wireless calls to be sent securely so if someone intercepted the call it would be scrambled or your broadcast would be reordered so it wouldn't make sense. By the way virtual soft keys are for your touch screen buttons like home or back button on your screen.

 

[Blazer0981]

I have the exact same system apps running my GS8. I've been unable to disable, I cleared data which did return. I went and changed data usage on them and somehow it's persistent and returns back. I believe it's authorities. Samsung enabled for third party. I've done factory reset multiple times and apps are still there. I bought it in April 2017 and when I went through recovery log it shows the phone was rooted and set to act as if they are preinstalled. Also concerned me is the Knox was uninstalled but had mobile data usage .? Anyone find anything about those malicious apps?

You believe it's the authorities? Why? What would make you think that? Do you do things that the authorities would be interested in? Planning on doing something in the future? Did it ever cross your mind that what you're seeing might actually be there because it's supposed to be? Don't you think if it was actually a fake file, people other than just you would have picked up on it by now?

Can you logically explain any of that?

 

[D.P.G.]

Wonder how many people didn't realize Samsung snuck this in and haven't disabled it:

https://www.samsung.com/us/account/customization-service/

 

[T48]

Wonder how many people didn't realize Samsung snuck this in and haven't disabled it:

https://www.samsung.com/us/account/customization-service/

How do you disable it? Have got that pop up a few times when ever they want to update something.

 

[pbike908]

I haven't noticed any excess data usage with my Galaxy S8. i don't run any third party malware, nor have I taken the steps to investigate what is running in the background like other posters.

I do run Google's Datally, and it doesn't report anything untoward happening. Google insists it's not spying on me with this app, but who knows for sure. It is a risk I will accept as I listen to a lot of Spotify downloaded playlists on my S8 and prior to installing Datally even when I was listening to downloaded playlists Spotify would periodically chew through a lot of data. There were numerous reports of this in Spotify forums, and the silence from Spotify was deafening. Since installing Datally, that put a stop to that.

 

[chanchan05]

That list is lol. A lot of those are needed to just have the phone working as it should. The others need internet access to scan for updates.

 

[Pastychomper]

I thought all the updates on an S8 were handled by Google Play and Galaxy Apps. What would be the point in individual apps checking for updates? Several of the apps on that list (like Mail) have legitimate reasons for connecting to the internet, and others have less obvious reasons in their terms or privacy policies (like Samsung's Health Service), but I wonder why the camera app or Always On Display would ever need access.

 

[chanchan05]

I thought all the updates on an S8 were handled by Google Play and Galaxy Apps. What would be the point in individual apps checking for updates? Several of the apps on that list (like Mail) have legitimate reasons for connecting to the internet, and others have less obvious reasons in their terms or privacy policies (like Samsung's Health Service), but I wonder why the camera app or Always On Display would ever need access.

Google Play only handles the updates for apps from Google Play. Some people never bother to sign into Samsung apps. Each of Samsung's apps like the AOD, My Files, Camera, Theme engine, etc has the ability to check for updates themselves independent of Galaxy apps. Although you still need to use Samsung Apps to download and install.

 

[Pastychomper]

Thanks, chanchan05 - that makes sense.

 

[Garywilson]

Have you tried checking if there’s no spyware installed on your S8? You may not know it but there could be one. Apps like Xnspy, Trackmyfone, etc. can be easily downloaded on an Android device and they right away go into discreet mode, moments after installation. Reset your device, I would say.

 

[VickiH]

You believe it's the authorities? Why? What would make you think that? Do you do things that the authorities would be interested in? Planning on doing something in the future? Did it ever cross your mind that what you're seeing might actually be there because it's supposed to be? Don't you think if it was actually a fake file, people other than just you would have picked up on it by now?

Can you logically explain any of that?

This is a prime example of not fully comprehending what another comment is saying. I only point it out because I make this error all the time. Mike said 'authorities' not 'THE authorities', which are two very different things. Maybe Mike could have used a different word which would have made his point a little more clear, but I believe his comment is about applications having authoritization. The English language has multiple interpretations for a wide variety of words.
I agree with other users that bloatware, especially system bloatware, is getting ridiculous.
It would be so nice if we could purchase a clean system and only get system applications that are relevant to our individual needs, but that doesnt seem possible as far as how our current technology operates.
Until then, all we can do is clear cache, clear data, force stop, use the device a bit, power down, start back up, test run, and if everything goes smoothly, disable the beast-application we dont need. Its best to perform this one application at a time.
I also like to wait at least 24 hours before I disable anything, unless I know exactly what it is, what it does, and if there are other application dependencies.
Im not a pro, or an expert. This is just something Ive learned over time.