Bluebox Finds Malware on Xiaomi Mi 4 (China Version)


Before we jump the gun, let’s be clear on one thing. Bluebox runs a security check mobile app for Android that measures the security level of your phone. It can be downloaded here.

What the folks at Bluebox found was that their test device was, let’s say obtained, from third party sellers which may have compromised. They ran the security check app and found loads of malware.

The Xiaomi Mi4 phone itself was a Chinese version, this means it’s not the international version sold in Singapore, India or Malaysia that is at fault.

What they found on the phone is scary. The third party Chinese retailers have been busy installing stuff into the phone without you knowing about it.

One particularly nefarious app was Yt Service. Yt Service embeds an adware service called DarthPusher that delivers ads to the device among other things[2]. This was an interesting find because, though the app was named Yt Service, the developer package was named (note this app is NOT from Google). Yt Service is highly suspicious because it disguised its package to look as if it came from Google; something an Android user would expect to find on their device. In other words, it tricks users into believing it’s a “safe” app vetted by Google.

Other risky apps of note included PhoneGuardService (com.egame.tonyCore.feicheng) classified as a Trojan, AppStats classified (org.zxl.appstats) as riskware and SMSreg classified as malware[3]

So how do you know if your device is safe? You can take the Bluebox challenge and find out yourself. All you need is to download the free software from Bluebox on the Google Playstore

BlueBox Android App


What this app does is explain some of problems found on your OS. Most of these are not fixable on your own and require updates on the OS. For example the “Settings PendingIntent” vulnerability and ‘GraphicsBuffer Overflow’ are system based. You can’t change them on your own.

Apps with System Level Privilege

Another problem here is Bluebox will flag your device if  you have too many System Level Privilege mobile apps installed. This is something out of your control as the apps are on Google Playstore with these requirements. Developers will make use of these APIs in order to create a functioning app and in the process, needs to read your phone state. This makes it difficult for people to approve or deny the system privileges as should you deny them, the app won’t install.

What you can do is write to the developer to ask them for clarification on why they would require these privileges in the first place before installing. If they ignore you, you can flag them up as suspicious.

Beyond this, there is nothing much you can do. Even by having security software installed, you can only detect suspicious apps during installation and avoid them. Security problems inherent in KitKat can only be solved when the system is updated. In the past, at least for my Samsung device, security updates have been rolled out to address some of the problems but Android security problems are much deeper and can only be rectified by Google themselves.


What Blue Box’s Android Security Flaw Means to You

Image Before you jump the gun and throw out your Android device, let me explain how best to approach this. This is a Google Android Problem How this problem came about is really about the open platform that Google prides itself on.  Google doesn’t really scan for malicious code in the first place and if you thought that Google will protect you from Trojans at any previous occasion, well think again. The Blue Box discovered flaw capitalizes on Master Key or  Security Certificate flaw which allows would be hackers to modify the code without ever tampering with the Security Certificate. The chances of you catching a bug like this and having it take over your whole device is actually quite remote if you have downloaded an app from a reputable company. If you only download programs from reputable gaming companies, like EA, Rovio, Gameloft and use apps from Yahoo, Google, Microsoft, etc, then you’re not going to be hit with a zombie code that takes total control of your device. The Rooted Problem Here is the greatest danger. Rooted phones. People love to tamper with the the versions of the OS and get new ROMs to replace that on a existing phone. You then play around with hacked apps, modified and claimed by hackers to do wonders for battery life, and with it, a rogue code is inserted into the modified app. You download it, and install it because your prefer to live dangerously and welcome the Trojan into your life. Good luck. Fix is available with Re-Key Image There is a third party app that can fix this, but it is only for ROOTED devices. You can look this up on the Play store. I won’t be bothered to post a link here as people who root their phones are asking for trouble in the first place. I don’t believe in rooting for one simple reason, the means outweigh the benefits. For one, many apps do not work well on rooted phones. They have niggling problems and having encountered a few, I decided that it wasn’t worth the problem. Android allows you to install apps from ‘unknown sources’, meaning if you want your device to catch herpes, you could easily do it by enabling this feature and downloading apps from various other sources. What you can do to protect yourself from Malware First, get your device sorted out with a anti-virus app like Avast, Kaspersky, Norton, AVG, etc. The free version will protect you from the usual culprits as it scans and detects a host of malware developed so far. I have downloaded viruses and Trojans type apps from the Google Playstore and had to remove them by using these virus busters. Even though Google is paying more attention to Malware found in Apps these days, I don’t think they are as aggressive in checking them as Apple does on its iOS platform. Be Safe than Sorry Just a few things to remember if you wanna stay safe. It’s simple and works for me.

  1. Do not ROOT your device unless you want to catch some app cooties.
  2. Download and use only apps from reputable companies and sources.
  3. Do not enable apps to be installed from “unknown sources”.