Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Samsung non-removable spyware #1117

Closed
DavidCWGA opened this issue Jan 7, 2020 · 10 comments
Closed

Samsung non-removable spyware #1117

DavidCWGA opened this issue Jan 7, 2020 · 10 comments

Comments

@DavidCWGA
Copy link

DavidCWGA commented Jan 7, 2020
edited

Details: https://www.reddit.com/r/Android/comments/ektg8u/chinese_spyware_preinstalled_on_all_samsung/

List of hosts:

aicleaner.shouji.360.cn
care.help.360.cn
eul.s.360.cn
g.s.360.cn
mclean.cloud.360safe.com
mclean.f.360.cn
mclean.lato.cloud.360safe.com
mclean.uk.cloud.360safe.com
mvconf.cloud.360safe.com
mvconf.f.360.cn
mvconf.lato.cloud.360safe.com
mvconf.uk.cloud.360safe.com
p.s.360.cn
@StevenBlack
Copy link
Owner

David @DavidCWGA thank you. This is good!

StevenBlack added a commit that referenced this issue Jan 7, 2020
@StevenBlack
Add domains from Issue #1117.
f0b543e
@StevenBlack
Copy link
Owner

Done! Closing!

@XhmikosR
Copy link
Contributor

XhmikosR commented Jan 9, 2020

@StevenBlack are you sure about this addition? Won't this prevent the Device Cleaner from updating its definitions?

@StevenBlack
Copy link
Owner

StevenBlack commented Jan 9, 2020
edited

Hi @XhmikosR I can't evaluate what you are saying. What do you mean when you say, "Device Cleaner"?

@Laicure
Copy link
Contributor

Laicure commented Jan 9, 2020
edited

Hi @StevenBlack, the Device Cleaner is the one installed on Samsung devices that connects through those listed domains.
It's a system app with lots of default permission requests and resides inside the Settings menu of the phones. (according to the reddit link above)

edit:
It's so BS that I don't want Samsung phones anymore..

the so-called Device Cleaner acts as an optimizer and upon disabling it (via adb; no means of stock disabling), significant issues occur as reported.

@XhmikosR
Copy link
Contributor

XhmikosR commented Jan 9, 2020

Don't get me wrong, I'm all for blocking stuff. I'm just trying to figure out if there's a definitive answer as to what those packets contain. Because blocking these domains will make the Device Cleaner not be able to update, right?

@StevenBlack
Copy link
Owner

Thank you Laicurè @Laicure.

I suppose we'll need a Samsung device owner to check.

I'd also like to know, why would anyone need Device Cleaner? In the MacOS space, and the Windows Space too (usually), that sort of thing is scam.

@XhmikosR
Copy link
Contributor

XhmikosR commented Jan 9, 2020

I'd also like to know, why would anyone need Device Cleaner? In the MacOS space, and the Windows Space too (usually), that sort of thing is scam.

Well, that's not for us to decide :)

All I wanted to say is that unless someone analyzes the packets sent, we can't just assume it's bad. Although I'd rather err on the safe side, I don't think we should break this feature unless it's confirmed.

@StevenBlack
Copy link
Owner

@XhmikosR I understand what you're saying. I'm prone to agree, except I'm more prone to distrust .cn domains that appear unrelated to the corporations we're discussing. Like Samsung, for example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@StevenBlack @XhmikosR @DavidCWGA @Laicure and others