Removing Chinese Smartphone Spyware

If you have read a newspaper recently or watched the news on TV you will probably have heard of the recent discovery of Spyware embedded into the Star N9500 Chinese Smartphone. Needless to say it has got the internet buzzing, especially amongst those who like to spread rumours about purchasing Chinese Smartphones and who will use any opportunity to rubbish them or scaremonger.

Yes, the thought of spyware embedded into your mobile phone, monitoring and reporting your text messages and uploading your contacts list is a frightening thought, however you have to use some prospective. First of all, the discovery regarding the spyware on the Star N9500 is not new and nor has it just been discovered. It was the topic of conversation on one Android forum right back to August 2013, however it took until June 2014, before the press got hold of the story, and dare I say, hyped it up.

The fact that millions of Chinese smartphones are sold all over the world, and the fact that there are only a handful of discussions on the various forums, shows in real terms just how limited the issue is. I’m sure that if every Chinese Smartphone was embedded with spyware, that the experts on every Android and Mobile Phone forum would have discovered it before now, especially if their personal information was falling into the wrong hands. Currently, the spyware issue is limited to just one model and make of phone and that is the Star N9500.

The press have also reported that the spyware is impossible to remove, and once again this appears to be incorrect. Whilst it may be impossible to access in a non rooted mobile phone, it is perfectly possible to root the phone, access the android internal system app files and then disable / delete the APP from running = no more spyware

So in order to remove spyware from your Star N9500 Chinese Smartphone, or indeed any Chinese Mobile Smartphone, you will need to follow the steps below.

1) First you will need to root your mobile phone, in order to access the ‘hidden’ system files. This will require you to connect your mobile smartphone to your PC / Laptop via a USB cable, you will also need to put your mobile phone into USB debugging mode (settings > developer options > debugging)

2) Download rooting software for your phone from this link and follow the instruction on the link – this software will root the Star N9500 and many other Chinese Smartphones which use the MKT6589 chipset.

3) Once your phone has been rooted, download Rom Toolbox Lite directly to your phone

4) Start Rom toolbox lite and select ‘root browser’ from the options

5) Use the root browser to locate and browse to the folder – system / app

6) You will now see a list of installed apps which are part of the running internal android system, and not accessible under a normal non rooted phone. If your phone has spyware, it will be located in this folder amongst genuine system apps.

The spyware trojan which infects the Star N9500 is called Uupay.A/Uupay.D so the first task is to look through the files to see if any have names with uupay or uuplay within them, one such known spyware file is UUPLAY.APK – which should be immediately deleted if it is present.

To delete files simply press and hold the file name, and then select ‘delete’ from the menu which pops up. Alternatively, if you are nervous about deleting files, or you get an error that the file cannot be deleted, then you can block access to it by changing the permissions. To change the file permissions, simply press and hold the file, select ‘permissions’ from the menu pop up, and then untick all of the boxes which are ticked, followed by ‘ok’. This will effectively prevent the file from running.

I have listed below, all of the files in the system / app folder which are known to be linked to Chinese Spyware applications, and so the files can all be safely deleted (or have their running permissions blocked) if you find them present.

GoogleUpdate[3738].apk
GoogleService[3738].apk
SystemThread[3738].apk
Backup_File[3738]
projectmkmassags.apk
smsreg.apk
smsreg.odex
galaxy4.apk
galaxy4.odex
PinyinIME.apk
PinyinIME.odex
MobileLog.apk
ModemLog.apk
ModemLog.odex
uuwldh_1263.apk
uuplaykk.apk
uuairpush.apk
projectmkmassags.apk
SilentClient.apk
shurufa_01.apk
BaiduBrowser_Android_2-3-28-6_1000934d.apk
caivs.apk
com.mediatek.smsreg

Also check your SD card to see if you have any folders which are called LogicDownloads or datang_gaohong if either of these folders appear on the SD card, then their contents should be deleted.

5 Responses to Removing Chinese Smartphone Spyware

  1. chrismcl says:

    Thanks a lot finally i got that spy stuff under controlled and deleted from my phone

  2. herry says:

    Is MTKlogger.apk spyware ?

  3. admin says:

    I’m not aware that MTKlogger.apk is a spyware file. However if you are in any doubt as to whether any file is bloatware or malware, instead of deleting it outright, first try disabling (unticking) all of the permissions boxes for the file to ‘0’ – this will effectively stop it from running or performing any malicious process in the background, as it will no longer be accessible to any other hidden processes. By doing this, if any problems should occur you can simply solve them by resetting the file permissions back to the number it was before (rather than risk deleting what may be a genuine file).

  4. Mike says:

    My phone had several of these files but not all of them….is that normal?
    Thanks for the informative and well written article!!!!

    Cheers,

    Mike.

  5. admin says:

    Yes Mike, a phone may have any number of these files depending on the malware / adware / spyware which has been preloaded onto it. Some phones may have one or two of the rogue files, another may have them all – there is no set rule.

Leave a Reply

Your email address will not be published. Required fields are marked *

*