Bluebox Finds Malware on Xiaomi Mi 4 (China Version)

xiaomimi4review01

Before we jump the gun, let’s be clear on one thing. Bluebox runs a security check mobile app for Android that measures the security level of your phone. It can be downloaded here.

What the folks at Bluebox found was that their test device was, let’s say obtained, from third party sellers which may have compromised. They ran the security check app and found loads of malware.

The Xiaomi Mi4 phone itself was a Chinese version, this means it’s not the international version sold in Singapore, India or Malaysia that is at fault.

What they found on the phone is scary. The third party Chinese retailers have been busy installing stuff into the phone without you knowing about it.

One particularly nefarious app was Yt Service. Yt Service embeds an adware service called DarthPusher that delivers ads to the device among other things[2]. This was an interesting find because, though the app was named Yt Service, the developer package was named com.google.hfapservice (note this app is NOT from Google). Yt Service is highly suspicious because it disguised its package to look as if it came from Google; something an Android user would expect to find on their device. In other words, it tricks users into believing it’s a “safe” app vetted by Google.

Other risky apps of note included PhoneGuardService (com.egame.tonyCore.feicheng) classified as a Trojan, AppStats classified (org.zxl.appstats) as riskware and SMSreg classified as malware[3]

So how do you know if your device is safe? You can take the Bluebox challenge and find out yourself. All you need is to download the free software from Bluebox on the Google Playstore

BlueBox Android App

2015-03-08-11-01-30

What this app does is explain some of problems found on your OS. Most of these are not fixable on your own and require updates on the OS. For example the “Settings PendingIntent” vulnerability and ‘GraphicsBuffer Overflow’ are system based. You can’t change them on your own.

Apps with System Level Privilege

Another problem here is Bluebox will flag your device if  you have too many System Level Privilege mobile apps installed. This is something out of your control as the apps are on Google Playstore with these requirements. Developers will make use of these APIs in order to create a functioning app and in the process, needs to read your phone state. This makes it difficult for people to approve or deny the system privileges as should you deny them, the app won’t install.

What you can do is write to the developer to ask them for clarification on why they would require these privileges in the first place before installing. If they ignore you, you can flag them up as suspicious.

Beyond this, there is nothing much you can do. Even by having security software installed, you can only detect suspicious apps during installation and avoid them. Security problems inherent in KitKat can only be solved when the system is updated. In the past, at least for my Samsung device, security updates have been rolled out to address some of the problems but Android security problems are much deeper and can only be rectified by Google themselves.

AnyDo: Task manager on Steriods

I don’t use task manager because they are cumbersome and requires you to input your task via a keyboard. That is as simple as it gets.

Even when I had the iPhone, I didn’t find the use of task managers any more exciting than say ant farming or waxing my shoes. I loathed it.

Why can’t anyone design a task manager that is easy to use.

simple and clean interface

When Siri came along for the iPhone, people found it useful for taking notes and stuff with a push of a button and we all know that Siri has more entertainment value than Google Voice Actions.

So why not this? Make a Google Voice Action enabled task manager….and that’s the wining formula. What I like about it is that it works. Yes, you need to have an active data connection for Voice Actions to work (so does Siri) so let’s call it even on that.

I like using something that is simple and painless. Using a keyboard these days may only take a few stabs of the finger but it is the effort of behind it that scares me.

I like the concept where you press the MIC and speak your note into it, then set it up as a reminder for the day, or the week. You can even it set it months in advance too. This will show up on the user interface under, Tomorrow, This Week or Later.

Later often refers to agendas months ahead in time.

month view for future events

The reminders are just alarms which you can set ahead of the scheduled time and it is

intelligent enough to tell you that reminders won’t work if you key in a time that is in the past.

You can also preset the alerts to go off up to half an hour or at a custom time which you like to decide. This is all quite neat and because it is so easy to use, it makes you wonder why hasn’t anyone thought of this earlier. It also works with Google Sync and even has a reminder option to tell you to return missed calls. Cool.

Those of you who are on ICS and have NFC enabled on your phones, can also share task via Android Beam.

AnyDO is a great app, simple and neat. I highly recommend it.