Posts made by kalena

So,finally solved the problem, the phone type c port was broken. I've taken phone back to manufacturer to do an rma today.

Your device has been released with Android 10. Please update to at least TWRP 3.5.0 for Android 10 support.

Is it possible to find and copy the hidden additional files? Using app or maybe with the help of PC using certain software I can?

yes, if your device has previously unlocked bootloader and Magisk installed, you can read/check size of

/data/user/0/com.oup.elt.dicts.bilingual/files

otherwise connect your phone via adb, create backup and extract it (see linked questions)

adb backup com.oup.elt.dicts.bilingual

The problem is no layout selected for physical keyboard - it's set for each keyboard separately in Settings > System > Languages & input > Physical keyboard > [Select your keyboard] > [Select a layout from a list]

This is an alert pop-up from Avast Antivirus that is integrated on some Huawei/EMUI devices.

Regarding the actual infection, it's hard to say, but based on online reports about the pop-up, looks like most of them were false positive:

• https://community.appinventor.mit.edu/t/why-my-compiled-app-with-trojan-app-has-virus/1607 (and its linked discussions)
• https://piunikaweb.com/2022/01/22/halifax-bank-app-security-threat-pop-up-issue-on-android-acknowledged/ (22 Jan 2022)
• https://community.monzo.com/t/monzo-app-appears-to-be-infected/128192 (21 Jan 2022)
• Reddit:
  • https://www.reddit.com/r/Huawei/comments/s9w9e2/security_threat_app_appears_to_be_infected/ (22 Jan 2022)
  • https://www.reddit.com/r/Huawei/comments/sa192z/no_your_phone_does_not_have_an_infected_app_it_is/ (22 Jan 2022)

Also on https://www.reddit.com/r/Huawei/comments/le1tox/comment/grl1br1/?utm_source=reddit&utm_medium=web2x&context=3 , there was a suggestion to update the virus database.

Open the "Optimizer" app, that should have shipped by default with any modern Huawei smartphone. Tap the gear icon in the top right corner to open the settings dialog.

The last option in that list is called "Online Virus Scan". If the last update was many days ago, you can manually update by tapping "Online Virus Scan" and selecting "WLAN only".

As to how to confirm the official message, unfortunately, Avast does not seem to provide any more detail other than only letting the user choose to ignore/uninstall the app.

• One way is to contact them by any means, like public forums (preferable, so other users can give more input), or even call their customer support directly.

• Another way is to cross-scan the app with multiple scanners (e.g. https://www.virustotal.com/gui/ ). One can retrieve the APK file by downloading it from reliable alternative sources (e.g. https://www.apkmirror.com/ ), then uploading it there.

  https://www.virustotal.com/gui/file/bfd6b77951789991d36a4bdd62d78a464647851642721ab7816b6eb91ed1dbbc/detection is the scan result for https://www.apkmirror.com/apk/asana/asana/asana-6-84-3-release/ (20 Jan 2022).

Ok, I have tried switch mode with access point, same results. I disabled IPv6 option in the secondary router and it works. I guess android 8.0.0 doesn't support IPv6. Not sure why the router still honors IPv6 since it's in bridge mode or switch mode.

Again other devices always work. My assumption is this android somehow honors the IPv6 option in the secondary router even though the router is not in router mode.

I use Google Pixel 6 with Android 12. I don't see where to adjust the brightness when taking a panorama picture. How can one adjust the brightness when taking a panorama picture?

I have a Moto Z2 Play device (android 7.1.1) that was rooted with Magisk (v20.1) with Magisk Manager app (v7.4.0). Magisk Manager Hiding feature was also activated.

When I deactivated the Magisk Manager Hiding:

1. Magisk Manager v7.4.0 got auto updated to v22.1 and Magisk was shown as not installed
2. Selected direct install option in the app to install Magisk (v22.1)
3. Rebooted the Moto Z2 Play device

And the device failed to power up... Is there any way to fix this?

I have tried Fastboot boot to TWRP and flashing Magisk-v20.1.zip but to no avail, device still doesn't start up normally when I press the power button. Currently I can still boot into fastboot/recovery mode.

If disabling Google Assistant does not prevent, then try also disabling https://play.google.com/store/apps/details?id=com.google.android.googlequicksearchbox&hl=en as it gives access to the Google Assistant via its settings (open Google app, press on your account, select Settings -> Google Assistant). https://support.google.com/assistant/answer/9475056?hl=en&co=GENIE.Platform%3DAndroid states that:

To use the new Google Assistant, you need a Pixel 4 and up with:

• The Google app with version 10.73 and up.

The above is also true for other phones brands and models. So disabling Google app should prevent the Assistant from starting when you insert the headphones.

I am using an LG Aristo 2 Plus, Android 8.1.0, and have a CA and client certificate to use for a wifi network. I have downloaded the certificates onto my phone and when I attempt to install them through:

General -> Lock screen & security -> Encryption & credentials -> Install from storage -> navigate to the files

The files are greyed out or disabled and I am unable to install them. They're both in p12 format.

Back in January 2022 when the OP asked the question, I had the same issue while pasting images with Chrome using the Paste option after using Copy image (but not with Kiwi browser, see comments).

With the latest Chrome version (98.0.4758.01), the issue has disappeared. Whatever the cause, it seems the Chrome developers have (for now) solved it.

I have a Samsung Galaxy A20s with Android 11 and 2790 MB RAM. The phone was originally designed for Android 9.0 but now that it's been upgraded to 11; it's become slow and my RAM is always almost full and the https://play.google.com/store/apps/details?id=com.inkwired.droidinfo app says my Java Heap is 192 MB.

is there any way I could change the heap size? It's way too high for my A20s.

Google's https://support.google.com/mail/troubleshooter/2650727 's last resort ("Only follow these steps if the above steps didn't work") solved it for me!

However, it initially led to confusion since it seems to refer to obsolete settings.

The correct "last resort" steps are:

1. Open your device's Settings app.
2. Tap Apps & notifications > See All Apps (not "App info").
3. Tap Gmail > Storage & cache (not "Storage").
4. Tap CLEAR STORAGE > OK (not "Clear Data").
5. Restart your device.

Not sure step #5 is mandatory, but I guess it's better to be on the safe side.

Google Security Blog statement on Log4j vulnerability as of https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html :

Android is not aware of any impact to the Android Platform or Enterprise. At this time, no update is required for this specific vulnerability, but we encourage our customers to ensure that the latest security updates are applied to their devices.

Original Answer/Background info for context:

Q: What is the Log4j vulnerability (also known as Log4Shell)

JNDI is the Java Naming and Directory Interface. It is not an app, but a library/service allowing for runtime configuration. Log4j is a common library used in server applications. Certain strings when used with the v2.x version of the Log4j library can invoke the JNDI API which can result in leaking of sensitive information and thereby facilitate other attacks. Basically this a variation of input sanitization, except in a logging utility which for reasons had a useful but dangerous feature enabled.

Q: Input Sanitization?

You probably heard of so called https://en.wikipedia.org/wiki/SQL_injection where some specially crafted string can modify the commands given to the database engine. Example:

Here, Robert '); DROP TABLE Students; -- can be inserted into this query insert into Students (id, name) values (42, $name). When the software directly substitutes $name with the name, it becomes this query/command: insert into Students (id, name) values (42, Robert '); DROP TABLE Students; --) (insert, and then drop the table, everything else is commented out).

Developers need to sanitize the input, that is, check for every possible dangerous value. Developers can for example escape the ' in the name before substituting. Alternatively developers using SQL can use prepared statements, where no substitution is even done.

In the case of the Log4j vulnerability, developers were expecting the Log4j library to record application/server values, including input strings, with the expectation that those strings were plaintext and not able to invoke APIs.

Q: Is Android OS vulnerable?

A: Not by this particular vulnerability - Android OS while parts are written in Java uses its own logging library. Android OS also doesn't use JNDI protocol/service and isolates each app in its own sandbox. While this means that this particular JNDI exploit can't be used on Android, https://en.wikipedia.org/wiki/Stagefright_(bug) has shown that Android is not without bugs and exploits, resulting in more security with each version.

Q: Are Android Apps vulnerable?

A: Depends - Android apps can either only exist on device OR serve as the front end of a cloud service. Android apps undoubtedly have their own bugs. On older devices apps could access the global logcat where poorly written apps may output username/passwords/other keys which while useful for debugging isn't good in a production app. https://android.stackexchange.com/a/7260/3573 .

The servers which the mobile apps depend upon is a different story as noted in the media.

Q: But what about Android Apps which use Log4j

A: On device a developer would really need to put in effort to add in Log4j separately. As seen https://stackoverflow.com/a/60407849/295004 Log4j out of the box needs Java classes which Android doesn't support. And while there is a https://stackoverflow.com/q/21307968/295004 it is based on Log4j version 1.x which is EOL, https://stackoverflow.com/a/41622168/295004 which would dissuade Android developers. Alternatively an Android developer may use http://www.slf4j.org/android/ or other https://github.com/JakeWharton/timber on top of Android framework's native logging facility.

References:

https://stackoverflow.com/a/4365766/295004

https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/

Comic strips by xkcd: https://xkcd.com/327/

I have a new Sony Xperia 5 III

The bluetooth on it acts really funny. For example, when I get into the car, the car often fails to pair up with it, and I often have to go into the phone and manually connect the bluetooth. (No other phone, Android or iPhone, has this issue in my car.)

When I paired up with a megaboom speaker today, it took two tries, which never happens with the megaboom.

What do we think is going on?

I've been asked if I can check some faulty behavior of a device, a cheap Chinese android smartphone.

I'm not really an android expert, usually I install a few apps to help me figure out few things about the device. These apps I've reported conflicting results compared to what was displayed in the main android settings area:

• With https://f-droid.org/en/packages/com.google.android.diskusage/ internal memory is reported as 3.9gb vs 16gb in system settings.
• https://play.google.com/store/apps/details?id=ru.andr7e.deviceinfohw (suggested by @alecxs) explicitly mark as fake the reported version 9.0, pointing Android 6 as correct with API level 23. Unfortunately the app reports the same storage size of 16gb as stated in system settings.
  Following another intuition of @alecxs, inspecting the partitions tab and looking at the displayed partitions sizes, it's possible to detect yet another forged spec. The total reported partitions size is around 8gb, the userdata partition is around 4gb which is corresponding to DiskUsage report. In my previous attempt I've https://f-droid.org/en/packages/com.kgurgul.cpuinfo/ .

This kinda reminds me of fake USB thumb drives scams with less memory than advertised.

So is there a way (preferably without root) to test/analyze common technical details of a device for possible tampering/spoofing?

Like

• Storage
• Android version
• RAM
• CPU
• Something else that can be faked?

FLOSS solutions are highly appreciated!

UPDATES

• Listed used apps and updated after suggestions in comments.
• Added considerations and further analysis of partitions memory size.

The command to disable app's components is pm disable /.

So, I ran this command:

~$ pm disable com.sbi.SBIFreedomPlus/com.sbi.rc.DetectMagisk
Component {com.sbi.SBIFreedomPlus/com.sbi.rc.DetectMagisk} new state: disabled

It was successful. But, the app refused to launch. In hindsight, this should have been obvious as the app is designed to work only after detecting device is not rooted and if the check itself is disabled, it logically shouldn't work.

This question can get better answers from developers than the end user community.

Android framework does have a class named https://android.googlesource.com/platform/frameworks/base/+/refs/tags/android-11.0.0_r1/core/java/android/content/UndoManager.java "for managing and interacting with the global undo state for a document or application. This class supports both undo and redo...". And Android's EditText view (which extends TextView, and is commonly used in apps to get text input from the user) does support Undo and Redo operations since Android 6 at least. In fact a ROM developer can show these options in long press context menu for every app, as we see Copy, Paste and Select All, which are displayed https://android.googlesource.com/platform/frameworks/base/+/refs/tags/android-11.0.0_r1/core/java/android/widget/TextView.java#12280 . But Undo / Redo always work if the virtual or physical keyboard can send CTRL-Z and CTRL-SHIFT-Z key events.

I https://github.com/AnySoftKeyboard/AnySoftKeyboard/pull/2407/commits CTRL- events support in AnySoftKeyboard for non-terminal apps. So anyone can. Why they don't is purely a matter of choice. There's no technical limitation.

How to root https://www.alibaba.com/product-detail/Qin-F21-pro-touch-screen-button_1600287560015.html ? (I have the firmware)

I've got a setup where two independent command blocks must be placed next to each other. How can I stop both of them from triggering? Shown below is a minimal example.