The article shows how to uninstall it. How does that make it unremovable? The uninstall procedure is fully stock, just a slightly different path than most are used to. Most people hold the icon and drag it to the uninstall text. This goes into the app's info screen from where you can click uninstall.
The article definitely a little confusing. It starts with an edit that gives new info about how to remove "Android/Trojan.HiddenAds.WRACT" which is auto-installed by the Settings app replacement they call "Android/Trojan.Dropper.Agent.UMX" preinstalled on the phone.
> But uninstall the Settings app, and you just made yourself a pricey paper weight.
What intelligence would be gained from the poorest 10% of the US? I'd imagine it is more useful to marketers than actual intelligence agencies (which is in fact who is doing it).
These seem like imaginings based on too little thought and too much paranoia. But whenever "China" comes up, even if it is just a company located there, we get these exact same popular statements without justification.
The scenarios are obvious and virtually limitless. For example:
This low-income person drives to Langley, VA every night at 11pm. He might be a janitor at the CIA. We already know he's poor because he has this phone. Can we find out more and potentially bribe him to leave this ordinary-looking pen in a conference room?
Seems like a stretch. If you really want to find the CIA's janitor just drive a passive cellular monitor near it and grab everyone's IMEI and cross-check it. Plus if someone has a full time job with security clearance working for the USG they likely aren't getting a free phone anyway.
I'm not a spy or imaginative enough to lay out a scenario, but remember if someone has a security clearance, then someone, who is assumed to be the Chinese government, likely has their entire file (clearance investigation, fingerprints, you name it) due to the Office of Personnel Management having everything stolen. So this could be used in synergy with any other tactics applied to CIA agents who aren't compromised by the OPM or people without clearances.
The only evidence to classify this as “Chinese malware” (unless I missed something) is this:
> The more discernible variant of this malware uses Chinese characters for variable names. Therefore, we can assume the origin of this malware is China.
But the screenshot showing “Chinese characters for variable names” clearly displays gibberish; some of those “characters” aren’t even valid characters. Anyone who can read some Chinese can confirm this. Therefore, it’s more likely an obfuscation technique designed to trick people who don’t bother to verify anything and quickly jump to conclusions.
Edit: Or just an obfuscating technique that replaces variable names with random code points. Otherwise non-gibberish would be used, presumably.
If the devices have Bluetooth or similar, couldn’t they function as some distributed monitoring network for other Bluetooth devices, building a database over time of devices?
In California there’s at least one major program which straight up gives phones to the homesless. I imagine it could also be fore low income households.
A computer program knowingly installed by the owner of the device, functioning to the expected specifications of the owner of the device, is just called software.
Defining low privacy software as malware is to redefine malware. I also don’t really understand the issue with MDM at work. Aside from the fact that MDM is not necessarily a privacy infringing feature (depending on how you configure it), why would expect privacy on a work device? You should be conducting your personal business on your own devices (and not just because of MDM).
I don't know how you feel about somebody else secretly watching your screen without telling you, but I think that's something I would not be ok with, even if I don't conduct personal business on the device.
Apart from that, there are plenty of companies requiring you to install their MDM profile on your personal device if you want to read corporate emails on it (guess how I know).
Click fraud doesn't fuck over online advertising platforms, if it goes undetected it fucks over advertisers who use the platform. If it's detected, no one pays for it.
On the off chance you're interested in the distinction... Uncaught click fraud is paid for by advertisers (including small businesses and startups who can't easily absorb that cost). The platform (Google Ads for instance) pays nothing. In fact they make a profit.
It only hurts them if there is enough of it that it pushes advertisers elsewhere, which is why so much of it is caught (in which case no one pays for it).
> The only difference between the two codes are their variable names. The more discernible variant of this malware uses Chinese characters for variable names. Therefore, we can assume the origin of this malware is China.
I mean... that’s possible and not an unlikely scenario - I guess. But it’s hardly anything but an anecdote. If I was a Russian or American hacker, I would have Chinese variable names swapped out with mine before I released the code.
For what it's worth, if the image they used is representative of the other variable names they found, then that line of reasoning doesn't make sense - the names are just gibberish characters in Chinese, and some even have random radicals and other characters thrown in. This seems more like the type of strings you get when you take a bunch of random valid UCS-2 code points.
