For some time now my phone (galaxy so running android 10) has been acting very outside the norm of typical phone behaviour . The phone takes screenshots on it's own all day. It does odd things like when I try and change passwords it will close the app over and over and not let me. I have found video of things I am doing when I was not recording anything and my camera wasnt on. When I make video or go live it will say camera already in use or some times I wont have audio at all . Leading me to believe the mic is already on . If I go into recovery logs I get the warning message that my phone has trace in the kernel and is being debugged by an outside source. Also some of the system apps have installed certificates that at times prompt Google chrome to block me from accessing websites . This is just a tip of the iceberg. I believe the phone has a custom rom and is either being controlled remotely or I have a virus I cant find . Within the limits of my very limited understanding of android and linux.....how do I at least verify for certain my hypothesis is correct?
- Jun 10, 2014
- 39,653
- 595
- 113
How do i verify unauthorized remote access to my phone
In Settings, About Phone, what software is the phone running?
https://r.tapatalk.com/shareLink/to...ead.php?t=409154&share_type=t&link_source=app
In Settings, About Phone, what software is the phone running?
https://r.tapatalk.com/shareLink/to...ead.php?t=409154&share_type=t&link_source=app
VidJunky
Well-known member
- Dec 6, 2011
- 6,204
- 1,198
- 113
It is highly unlikely that your device is under any kind of remote access. Let's first try to establish whether or not your device has been tampered with.
Has your device been out of your physical control or missing for 4 hours or more when someone could have had access to it?
Does anyone else have access to your device or is capable of unlocking it because they have a fingerprint saved to the device, they know the pass code or password, or know your security pattern?
Have you had to set up your device like it was factory reset after finding or getting it back from someone?
If you answered no to those questions your device isn't being remotely accessed or hacked.
You say your device is a Galaxy SO. There is no model SO so we will need to know what model it is to better help you but I can explain some of what you're experiencing with some confidence. As for the screenshots, Samsung has a screenshot feature where you brush your hand across the screen and it takes a screenshot. This brushing motion can easily happen when putting your device into or pulling it out of your pocket and even when just handling it. Settings>Advanced features>Motions and gestures>Palm swipe to capture turn this off.
It also sounds like you're not using accidental touch protection. Settings>Display>Accidental touch protection turn this on. With this off you could be changing all kinds of settings, sending messages and any number of other things without even knowing it.
Apps cannot block you from web pages. Android does not allow apps to have access like this so if you are running into web pages that are blocked it is for some other reason. Also Certificates allow access and do not block access.
Custom ROMs are not easily installed on devices. This goes back to the questions I asked earlier. You would have to have given up control of your device for hours for someone to install a ROM. You would also have lost all of your information on the device after the install and it would have been like a factory reset event. Installing a ROM wipes the phone.
Now we get to the juicy part, you talk about viruses. Are you running any virus scanners on your device? Virus scanners are a scam. They do more harm than good, they scare people into thinking there's something wrong with their phones when there isn't, and they usually cause the phone to do weird or odd things that seem like the viruses they are supposed to protect people from. In my opinion they are completely worthless. Some may disagree but I have yet to see a report of one finding an actual virus on an Android system. You yourself mention the fact that Android is a Linux system. The type were things are compartmentalized and not able to communicate across lines, which is how most viruses work.
I think if you turn off Palm swipe, turn on Accidental touch and stop using the virus scanner things will improve for you.
Has your device been out of your physical control or missing for 4 hours or more when someone could have had access to it?
Does anyone else have access to your device or is capable of unlocking it because they have a fingerprint saved to the device, they know the pass code or password, or know your security pattern?
Have you had to set up your device like it was factory reset after finding or getting it back from someone?
If you answered no to those questions your device isn't being remotely accessed or hacked.
You say your device is a Galaxy SO. There is no model SO so we will need to know what model it is to better help you but I can explain some of what you're experiencing with some confidence. As for the screenshots, Samsung has a screenshot feature where you brush your hand across the screen and it takes a screenshot. This brushing motion can easily happen when putting your device into or pulling it out of your pocket and even when just handling it. Settings>Advanced features>Motions and gestures>Palm swipe to capture turn this off.
It also sounds like you're not using accidental touch protection. Settings>Display>Accidental touch protection turn this on. With this off you could be changing all kinds of settings, sending messages and any number of other things without even knowing it.
Apps cannot block you from web pages. Android does not allow apps to have access like this so if you are running into web pages that are blocked it is for some other reason. Also Certificates allow access and do not block access.
Custom ROMs are not easily installed on devices. This goes back to the questions I asked earlier. You would have to have given up control of your device for hours for someone to install a ROM. You would also have lost all of your information on the device after the install and it would have been like a factory reset event. Installing a ROM wipes the phone.
Now we get to the juicy part, you talk about viruses. Are you running any virus scanners on your device? Virus scanners are a scam. They do more harm than good, they scare people into thinking there's something wrong with their phones when there isn't, and they usually cause the phone to do weird or odd things that seem like the viruses they are supposed to protect people from. In my opinion they are completely worthless. Some may disagree but I have yet to see a report of one finding an actual virus on an Android system. You yourself mention the fact that Android is a Linux system. The type were things are compartmentalized and not able to communicate across lines, which is how most viruses work.
I think if you turn off Palm swipe, turn on Accidental touch and stop using the virus scanner things will improve for you.
- Mar 9, 2012
- 168,601
- 9,483
- 113
Welcome to Android Central! Not much I can add to VidJunky's excellent breakdown, but I would suggest booting into Safe Mode and seeing if any of this stuff still happens: https://www.t-mobile.com/support/devices/android/samsung-galaxy-s10/safe-mode-samsung-galaxy-s10
Sorry it took so long to reply . I downloaded tapatalk and made a profile and cant figure out how to add this post to my profile so I get notifications. The "so" was a typo I feel it should be obvious. The phone is a galaxy "S9" and is running android 10 . The recovery logs show the phone is running a debugging script "trace_scriptk" or something similar...in fact it says " warning warning warning warning...phone is running trace....... something or other. If u are not a developer currently debugging please contact vendor as phone is not for for production use.....I called my vendor who told me somehow my EMEI had been changed somehow ....almost like someone swapped my phone..
..in my Google history it showed me using a backup and recovery app I had never used....and the vendor had me contact samsung who told me its hacked....good and i would need to send it in to be repaired. But I need solid proof that's tangible. I am currently in a custody dispute and things are being said that are downright false and libel and I'm worried maybe my ex hired a private eye.....or is using a familiar member that is a police detective to try and get dirt on me. This all has me a little freaked out as typically men arent treated as equals when we are single parents and there is a bias against us.
..in my Google history it showed me using a backup and recovery app I had never used....and the vendor had me contact samsung who told me its hacked....good and i would need to send it in to be repaired. But I need solid proof that's tangible. I am currently in a custody dispute and things are being said that are downright false and libel and I'm worried maybe my ex hired a private eye.....or is using a familiar member that is a police detective to try and get dirt on me. This all has me a little freaked out as typically men arent treated as equals when we are single parents and there is a bias against us.
- Mar 9, 2012
- 168,601
- 9,483
- 113
All I can suggest is to get a new phone, with a new phone number, and make sure you adhere to prudent security precautions from now on. If someone has truly hacked their way into your phone and your account, then futzing around with account passwords may not be enough. Good luck!
Ok I understand and appreciate this....however.....what I think I am asking is
....what can I look for in my system files.....or any log file or trace ....that will show me for certain that there are any sort of config files or anything of that nature that is being used to gather info and send it out. I used a packet sniffer and found that streaming video was leaving my phone ....like all the time.....via the port that is reserved for HTTP ...I think it was 500 or port 550. I dont wanna just get a new phone. I need to figure this out. In fact I have reason to believe a friend of mine is going behind my back and doing this for my ex. And I feel.....with my desire to learn and the immense pool of knowledge you folks have.....this can be solved and the good guys can score a W. I promise u ....I'm fairly certain this is all what I think it is. And I want to get to the bottom of it. I will share all my logs .....and anything else needed. I was even looking into using a raspberry pi as a sniffer to try and trace the requests and stop it. Any outside the box ideas would be immensely appreciated. But.....if no one is up to the challenge...then I suppose the easy way out...tossing it and starting all over again is my best option? But I have a feeling you guys can help me
....what can I look for in my system files.....or any log file or trace ....that will show me for certain that there are any sort of config files or anything of that nature that is being used to gather info and send it out. I used a packet sniffer and found that streaming video was leaving my phone ....like all the time.....via the port that is reserved for HTTP ...I think it was 500 or port 550. I dont wanna just get a new phone. I need to figure this out. In fact I have reason to believe a friend of mine is going behind my back and doing this for my ex. And I feel.....with my desire to learn and the immense pool of knowledge you folks have.....this can be solved and the good guys can score a W. I promise u ....I'm fairly certain this is all what I think it is. And I want to get to the bottom of it. I will share all my logs .....and anything else needed. I was even looking into using a raspberry pi as a sniffer to try and trace the requests and stop it. Any outside the box ideas would be immensely appreciated. But.....if no one is up to the challenge...then I suppose the easy way out...tossing it and starting all over again is my best option? But I have a feeling you guys can help me
VidJunky
Well-known member
- Dec 6, 2011
- 6,204
- 1,198
- 113
First I assumed the SO was a typo of some kind but we all know what happens when assumptions are made. I was simply asking for clarification. Meanwhile. There have been reports leaked that the FBI can install things on Android and Apple devices without acceptance and knowledge. That's a far cry from a local police department, two bit detective from the phonebook or even your average person.
I don't want to discount what you believe, I am merely pointing out the difficulty in achieving such a feat.
My inside and outside ideas;
If you have Verizon or Asurion insurance. I've found the people who work in the Verizon tech center at the Corp. stores will replace a device for just about any reason. Asurion online will too. Get a new device, which almost always comes with a new SIM card. Set it up from scratch without using a backup, I mean if there is some kind of app on the device it might be saved in a backup. It would probably still require some setup but if we're going full on conspiracy no reason to chance it. In the meantime go online on a trusted PC or laptop, use one at work, they spy on you but they wouldn't release anything without a court order, and change all of your important passwords, social media, Google, Samsung, Verizon.... Most of which have an option for 2-Step verification. I would turn that on as well.
When the new device arrives get and activate Authenticator from the Play Store to use for your 2-Step and rest peacefully.
I don't want to discount what you believe, I am merely pointing out the difficulty in achieving such a feat.
My inside and outside ideas;
If you have Verizon or Asurion insurance. I've found the people who work in the Verizon tech center at the Corp. stores will replace a device for just about any reason. Asurion online will too. Get a new device, which almost always comes with a new SIM card. Set it up from scratch without using a backup, I mean if there is some kind of app on the device it might be saved in a backup. It would probably still require some setup but if we're going full on conspiracy no reason to chance it. In the meantime go online on a trusted PC or laptop, use one at work, they spy on you but they wouldn't release anything without a court order, and change all of your important passwords, social media, Google, Samsung, Verizon.... Most of which have an option for 2-Step verification. I would turn that on as well.
When the new device arrives get and activate Authenticator from the Play Store to use for your 2-Step and rest peacefully.
Similar threads
- Question
Facebook
Twitter
Instagram