Malicious software (Trojan?) on Utopia M802/IMX515

Hello,

I purchased a Utopia M802/IMX515 from aliexpress. It came with a build dated 2011.01.01. I immediately installed the XAUMOD firmware on it, but I'm not sure which of these firmwares is responsible for the following program...

There is a program that hides from all task managers, but is visible in Settings -> Applications -> Manage Applications -> All.

At the very bottom is a strange chinese app:



It has some fairly intrusive permissions:




Does anyone have any idea what this program is? The 'uninstall' option is greyed out - how would I go about finding this program and uninstalling it?

Many thanks,
Dr Matt

 

Ahhhh... thanks for that! I can rest easy now.

Thanks for a great firmware - it runs very well.

 

I gotta say - there is still something quite weird about that app. It says version 2.2, but Google Pinyin IME has only reached 1.3.2

I installed Google Pinyin IME from the market... The installed size for that app is around 5.5 meg. The installed size for this weird app is only 149 kb.

Most worrying of all, the permissions of this weird app don't match the official Market app. This weird app has access to "Your accounts" which the official Market app doesn't.

Sorry to harp on about this, but anyone care to lay my concerns to rest? Are these permissions sufficient to send my gmail password to some chinese server?

 

No matter. I figured out how to remove this from the image and reflash.

If anyone else would like to remove pinyin (or any other app for that matter) you can mount the system.img file in ubuntu using;

sudo mount -o loop system.img /mnt/SDCARD

(make the SDCARD directory first)

remove what ever apps you want (pinyin is in /apps/PinYinIME.apk and /lib/libjni_pinyinime.so) and then umount;

sudo umount /mnt/SDCARD

create a new md5sum;

md5sum system.img

(paste the result into a new text file called system.md5)

Proceed with flashing as per the original XAUMOD instructions.