JUMP TO SOLUTION Solved

Original topic:

How can I check if my system is compromised by some 3rd party app?

(Topic created: 02-09-2024 04:21 PM)
4237 Views
askingquestion
Cosmic Ray
Options
Samsung Apps and Services

Hi! Sorry if this post seems paranoid, it probably is but I still came here to hopefully get an answer to some questions. Take in mind that I'm a newbie to security so I need guidance. 

 

A while ago I gave some third party app downloaded from Google Play Store Accessibility permissions, they had complete access to my phone, they could see and control my screen.

1000022826.jpg

It took some time for me to actually process the mistake I made, when I took notice I uninstalled the app and did a factory reset to my phone.

I did some digging in User Certificates and there isn't a trace of that app but I'm still kinda paranoid that they see what I do. I scanned the device with an antivirus and apparently there is no malware. I looked at some things (very surface level, Settings app surface level) to see if they had somehow rooted my system but, apparently, there is nothing either.

1000022809.jpg

1000022813.jpg

1000022814.jpg

Is there any way this application could have gotten under the radar of antivirus, Knox and so on? Can it still be present in my system and spying on me? Is there any way to check it?

The only thing I have left of the phone before the factory reset are photos saved on my SD card. 

 

I sense that the possibility of these paranoias happening is not very high but I still choose to ask since I don't trust my technology skills very much. Thank you for your time if you made it here!

9 Replies
userHSRnOBBTGv
Asteroid
Options
Samsung Apps and Services
Wish I had an answer. Scarry part is these people move very quickly when they have access. Hopefully your safe.
KiwiBird97
Red Giant
Options
Samsung Apps and Services
I think you may have an accessibility service turned on based on your screenshot. If you need to turn it off, perform these steps. Since your phone is set to Spanish, I've put the icons in parentheses for your reference.
1. Go to Settings (gear icon) > Accessibility (green man icon, 5th one from the bottom) > Installed Apps (blue download icon, 3rd one from the bottom). Beneath Installed Apps, you will see how many apps are using accessibility services.
2. After selecting Installed Apps, go to the app with an ON label and tap on it.
3. A brief description of the accessibility service will be displayed. If you don't want to continue using that service, tap the toggle to turn it OFF.

I hope this helps.Screenshot_20240209_160641_Settings_1000051399_1707523601.pngScreenshot_20240209_160648_Settings_1000051400_1707523608.pngScreenshot_20240209_160652_Settings_1000051401_1707523613.png
Solution
KiwiBird97
Red Giant
Options
Samsung Apps and Services
If an accessibility service is turned OFF, tapping the toggle will show you the accessibility permissions before you make your decision on whether or not to enable it. In your case, it seems like the following permissions are used (translated from Spanish):
• View and control screen
• View and perform actions

Remote support services (such as those provided by your carrier) usually have those accessibility permissions, which are used when running remote diagnostics.Screenshot_20240209_161344_Settings_1000051403_1707524024.pngScreenshot_20240209_161348_Settings_1000051404_1707524028.pngScreenshot_20240209_161404_Settings_1000051406_1707524044.png
userello
Red Giant
Options
Samsung Apps and Services
I read that apps you give full permission could create overlays over other apps and could get your login and passwords. Samsung article said to not allow apps to appear on top which is under app settings. Even QR codes and fitness apps are dangerous i read. I wouldn't be paranoid but I've gone through that feeling before. are you able to verify the app is not fake? the heading in your photo has a big space between the title of the words-- that normal? looking at running services, could tell you what is going on, but you would have to go in developer mode And that isn't recommended i heard. But it looks like you have Knox, which I read it fully protects your data and attacks. Read it is a good defense security but doesn't cater to budget phones. if you read about Knox it might give you reassuring thoughts. Wish they said that in the specs of phones what security it has.
0 Likes
Reply
KiwiBird97
Red Giant
Options
Samsung Apps and Services
A problem I faced when using Good Lock is when the NavStar module is enabled (used to show and hide the nav bar). In that case, Chrome treats that nav bar as a screen overlay, throwing the "This site can't ask for your permission" error. Unlike other apps, this error only occurs in Chrome, not anywhere else.1707532612887_1707532612878_0.png
0 Likes
Reply
Loyd Koon
Galaxy
Options
Samsung Apps and Services
As far as rooting your phone....you cannot do it over the air. You have to first unlock the bootloader which is kinda complicated and then get all the files and stuff you need to accomplish root. All of it requires the charge cable and a very strong knowledge of what your doing plus a stout pc. Most malware type apps only phish for accounts and passwords. The main place you really gotta worry about phasing is on apps from Meta.... i.e Facebook and Instagram
askingquestion
Cosmic Ray
Options
Samsung Apps and Services

Thank you for your reply! I have a very limited notion about technology and so on, as you can see, so although I sensed that the application had probably not infiltrated my system that much but I still chose to ask. — Fortunately I didn't notice any fraudulent login attempts on Meta accounts but I still went and tried to delete the ones I could. Thank you for your time!

Loyd Koon
Galaxy
Options
Samsung Apps and Services
Welcome
BillyCircles
Constellation
Options
Samsung Apps and Services
Great
0 Likes
Reply