How To Find Spyware On Your Android Device

To sketch the magnitude of the problem: potentially, the Chinese government can:



Read status and identity of your device



Make pictures and videos without your knowledge



Get your exact location



Read the contents of your USB memory



Read or edit accounts



Change security settings



Completely manage your network access



Couple with Bluetooth devices



Know what apps you are using



Prevent your device from entering sleep mode



Change audio settings



Change system settings

All of the above can potentially be monitored and managed remotely via internet WITHOUT YOUR KNOWLEDGE OR PERMISSION! To sketch the magnitude of the problem: potentially, the Chinese government can:All of the above can potentially be monitored and managed remotely via internet WITHOUT YOUR KNOWLEDGE OR PERMISSION!

To those that thought it *might* be ES File Explorer - I salute you. My research:



I deleted the directory and tried a bunch of apps to try and find the culprit. Then I did a root search of my phone for the word "baidu." I used CM11's file explorer rather than a 3rd party app. Here's what came up: In folder /data/data/com.estrongs.android.pop/shared_prefs is a file: __Baidu_Stat_SDK_SendRem.xml. When I look at the XML it's pretty simple. It's sending a logfile. I don't know what it's sending a log of-that bothers me.



I also did a little more background research. Apparently one of Baidu's founders is an angel investor in EStrongs. I hate to say it, but this might compel me to stop using ES File Explorer even though it's a great app... To those that thought it *might* be ES File Explorer - I salute you. My research:I deleted the directory and tried a bunch of apps to try and find the culprit. Then I did a root search of my phone for the word "baidu." I used CM11's file explorer rather than a 3rd party app. Here's what came up: In folder /data/data/com.estrongs.android.pop/shared_prefs is a file: __Baidu_Stat_SDK_SendRem.xml. When I look at the XML it's pretty simple. It's sending a logfile. I don't know what it's sending a log of-that bothers me.I also did a little more background research. Apparently one of Baidu's founders is an angel investor in EStrongs. I hate to say it, but this might compel me to stop using ES File Explorer even though it's a great app...

Code: <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <int name="timeinterval" value="24" /> <string name="cuid">|077024260485253</string> <long 3947ECD933FCB2F4F91AB27AEE2A348D name="lastsendtime" value="1415026434602" /> <string name="mtjsdkmacss">qU7242VmtgqdqpefypCliw==</string> <string name="cuidsec">WTUMQrCjbexVl0YepOKIUd7mCsyLmARNinh5Cm28RQCYwTvuRxLO51ktKMfZczzApSx3piqrtcuuN25IcN2bNA==</string> <boolean name="onlywifi" value="false" /> <boolean name="exceptionanalysisflag" value="false" /> <int name="sendLogtype" value="1" /> </map>

So how was your weekend? Good, good. Mine? Pretty uneventful, really. I did find out that an Android app that I've been using for years has been phoning home to China, but other than that...The app in question is ES File Explorer , currently boasting some 300 million downloads in its Play Store listing. I've been using it for its remote file manager abilities, which basically turns my phone into an FTP server so I can transfer large files wirelessly over my home network. Little did I know that the app was also transmitting data back to a Chinese server at the same time.But now I do, and it's all thanks to some forum threads and my new favourite app.This all started with a thread on the Sony Xperia Care Forums that I came across last week. Honestly, the original idea for this post was to warn prospective Sony buyers about potential spyware in the My Xperia app. From that thread Apparently the culprit is a folder in the internal (root) storage of Xperia devices called "baidu". If you didn't know, Baidu is the Chinese search giant that's widely rumoured to have close ties with the PRC government. Hold that thought...The proof that Sony was leaking data to Chinese servers was proved with a screen grab from an app I had never heard of,it's available on both the Play Store and F-Droid . Since F-Droid only hosts apps with some sort of open-source license, I figured it was legit. Best part of all? It doesn't require root.Back to Baidu, I had noticed a file in the internal storage of my Nexus 5 called "baidu.cuid". A bit of searching yielded a thread on XDA with other Nexus owners also in possession of this mystery file. The consensus seems to be that ES File Explorer is to blame. From that thread For your reference, here are the contents of the XML file on my device:Someone smarter than me will have to figure out exactly what's going on here. But thanks to OS Monitor I can at least confirm that ES File Explorer is indeed connecting to a server in Beijing:Again, I can't say exactly what is being shared here, but the fact that an app with access to everything on my devicemy home network is making a remote connectionmy express consent is enough for me to stop using it. Immediately.If you suspect that there may be spyware on your Android device then OS Monitor is your new best friend.----------