-
As for the issue at hand, you've been told: it appears just fine, but if you are paranoid, use NetGuard or remove it with adb. The end.Last edited by conite; 02-08-20 at 07:33 PM.
02-08-20 07:17 PMLike 0 - Paranoia does not come into to play. Verification that this app is not Malware is the goal of this thread. Personal opinions is all we have thus far and no concrete verification. Hopefully we can get there!
Posted via my Passport02-08-20 07:37 PMLike 0 -
I'm not alone! I assure you!
Posted via my Passport02-08-20 07:44 PMLike 0 -
https://github.com/M66B/NetGuard/releases
To me, everyone should be using it.chetmanley and Mecca EL like this.02-08-20 07:56 PMLike 2 -
- Mainly because, unlike you, I don't change a tire unless I know there is an issue, not a rumoured issue, a confirmed issue! That is the at the core of this thread! Hopefully someone in the know will comment!
Posted via my Passport02-08-20 08:06 PMLike 0 -
-
-
No one is going to provide a notarized letter from the Queen of England.02-08-20 08:15 PMLike 0 -
-
https://forums.crackberry.com/blackb...ethod-1168996/02-08-20 09:44 PMLike 0 -
In the case of TCL, they are a Chinese company who, by law, must retain all data on their servers and make it available to the Chinese government. In addition, they have shown a pattern of installing apps without user consent with aggressive and potentially dangerous permissions.
Even giving TCL the benefit of the doubt that they have no malicious intent, I could not justify allowing any of their apps on my phone. Their actions have increased the possibility that sensitive data could be exfiltrated from my phone and stored on servers available to a nation that has cyber theft of IP and personal data as a strategic policy, with huge resources devoted to the work.
As for the lack of evidence by a single person monitoring their phone carefully, that only proves that his phone wasn't selected for compromise. In today's world, the kinds of automated malware that run around autonomously trying to infect every device are just background noise. The serious threats include persistent threats that are only activated by people who select their targets and launch sustained, intentional attacks.
Nation states release thousands of innocent-looking apps every year, many of them mundane, with the goal of distributing them to as many devices as possible so that, when they choose a target to compromise, there is an increased likelihood that they already have a foothold.
My conclusion is that the TCL apps likely could be exploited either with or without TCL's knowledge or consent, and that the best mitigation is to remove them. Cybersecurity risk consists of many, many low likelihood events with high severity when they occur. We never wait for proof before mitigating them.
Every app increases the risk of compromise. There is no reason to take a chance with one that is over aggressive in its permission requests and which stores data in a country with a policy of cyber intrusion and theft.
Z10 = BB10 + VKB > iOS + Androidelfabio80 likes this.02-08-20 10:30 PMLike 1 - When it comes to mitigating cyber risks, the standard is not to wait for a problem to emerge then remove the offending app. The standard is to minimize potential threats as much as possible. One of the most important things to assess before installing or using any piece of hardware or software is its source and the motivations of those providing it.
In the case of TCL, they are a Chinese company who, by law, must retain all data on their servers and make it available to the Chinese government. In addition, they have shown a pattern of installing apps without user consent with aggressive and potentially dangerous permissions.
Even giving TCL the benefit of the doubt that they have no malicious intent, I could not justify allowing any of their apps on my phone. Their actions have increased the possibility that sensitive data could be exfiltrated from my phone and stored on servers available to a nation that has cyber theft of IP and personal data as a strategic policy, with huge resources devoted to the work.
As for the lack of evidence by a single person monitoring their phone carefully, that only proves that his phone wasn't selected for compromise. In today's world, the kinds of automated malware that run around autonomously trying to infect every device are just background noise. The serious threats include persistent threats that are only activated by people who select their targets and launch sustained, intentional attacks.
Nation states release thousands of innocent-looking apps every year, many of them mundane, with the goal of distributing them to as many devices as possible so that, when they choose a target to compromise, there is an increased likelihood that they already have a foothold.
My conclusion is that the TCL apps likely could be exploited either with or without TCL's knowledge or consent, and that the best mitigation is to remove them. Cybersecurity risk consists of many, many low likelihood events with high severity when they occur. We never wait for proof before mitigating them.
Every app increases the risk of compromise. There is no reason to take a chance with one that is over aggressive in its permission requests and which stores data in a country with a policy of cyber intrusion and theft.
Z10 = BB10 + VKB > iOS + Android02-08-20 10:35 PMLike 0 -
- When it comes to mitigating cyber risks, the standard is not to wait for a problem to emerge then remove the offending app. The standard is to minimize potential threats as much as possible. One of the most important things to assess before installing or using any piece of hardware or software is its source and the motivations of those providing it.
In the case of TCL, they are a Chinese company who, by law, must retain all data on their servers and make it available to the Chinese government. In addition, they have shown a pattern of installing apps without user consent with aggressive and potentially dangerous permissions.
Even giving TCL the benefit of the doubt that they have no malicious intent, I could not justify allowing any of their apps on my phone. Their actions have increased the possibility that sensitive data could be exfiltrated from my phone and stored on servers available to a nation that has cyber theft of IP and personal data as a strategic policy, with huge resources devoted to the work.
As for the lack of evidence by a single person monitoring their phone carefully, that only proves that his phone wasn't selected for compromise. In today's world, the kinds of automated malware that run around autonomously trying to infect every device are just background noise. The serious threats include persistent threats that are only activated by people who select their targets and launch sustained, intentional attacks.
Nation states release thousands of innocent-looking apps every year, many of them mundane, with the goal of distributing them to as many devices as possible so that, when they choose a target to compromise, there is an increased likelihood that they already have a foothold.
My conclusion is that the TCL apps likely could be exploited either with or without TCL's knowledge or consent, and that the best mitigation is to remove them. Cybersecurity risk consists of many, many low likelihood events with high severity when they occur. We never wait for proof before mitigating them.
Every app increases the risk of compromise. There is no reason to take a chance with one that is over aggressive in its permission requests and which stores data in a country with a policy of cyber intrusion and theft.
Z10 = BB10 + VKB > iOS + Android02-09-20 01:15 AMLike 0 - I am not sure we're all talking about the same app. There was an app on my phone called "Sound Recorder" from mie-alcaltel.support. That's the one I'm referring to that I removed.
I have no knowledge that it has ever misbehaved on any phone, but the fact that its permissions were overly aggressive and that its servers are in China gave me enough pause that I removed it.
Z10 = BB10 + VKB > iOS + Android02-09-20 07:17 AMLike 0 - I am not sure we're all talking about the same app. There was an app on my phone called "Sound Recorder" from mie-alcaltel.support. That's the one I'm referring to that I removed.
I have no knowledge that it has ever misbehaved on any phone, but the fact that its permissions were overly aggressive and that its servers are in China gave me enough pause that I removed it.
Z10 = BB10 + VKB > iOS + Android
The app we are discussing is different and is signed by Blackberry LTD, although it is clearly a TCL app. The BB version also cannot be uninstalled or disabled (except disabled for the user via ADB).02-09-20 11:02 AMLike 0 -
- That doesn't sound normal. Which PRD do you have? I tried installing the mie-alcatel.support version of the Sound recorder app from apkmirror.com, and it wouldn't even install.
The app we are discussing is different and is signed by Blackberry LTD, although it is clearly a TCL app. The BB version also cannot be uninstalled or disabled (except disabled for the user via ADB).02-09-20 02:20 PMLike 0 - Now I am confused. I have the AT&T Space Black KEYone. I had the app (yellow icon, if I remember it) on my phone. After reading the article on VPNPro's blog, I searched for it on my phone and dragged it to the uninstall bar, where it uninstalled. I now can find no app on my phone with either the word "sound" or "recorder" in the name.
My Silver Keyone and Key2 both have the BB/TCL Sound Recorder app called com.tct.soundrecorder.bb.
On both, it's a system app. In fact, when starting it for the first time, it even goes through a very "blackberry hub+" like sequence of intro slides describing how to use it, just like we see in any other BB Hub+ app (even though it's clearly a TCL app).
These are definitely not the same applications.
I'm curious how that Alcatel version ended up on your device. Maybe it was installed via the Preview App?
Which security patch are you on? Maybe the AT&T patches include different default applications?02-09-20 02:25 PMLike 0 - Very strange.
My Silver Keyone and Key2 both have the BB/TCL Sound Recorder app called com.tct.soundrecorder.bb.
On both, it's a system app. In fact, when starting it for the first time, it even goes through a very "blackberry hub+" like sequence of intro slides describing how to use it, just like we see in any other BB Hub+ app (even though it's clearly a TCL app).
These are definitely not the same applications.
I'm curious how that Alcatel version ended up on your device. Maybe it was installed via the Preview App?
I'm pretty sure that was the app.
Z10 = BB10 + VKB > iOS + Android02-09-20 02:28 PMLike 0 -
- Forum
- Android BlackBerry Phones & OS
- BlackBerry KEY2
Sounder Recorder (System App)
« Question regarding car audio connectivity
|
Goodbye BlackBerry KEY2, hello Samsung Galaxy Note 10+ »
Similar Threads
-
BlackBerry suite of apps future?
By gebco in forum General BlackBerry News, Discussion & RumorsReplies: 28Last Post: 02-10-20, 03:56 PM -
24 Suspect Apps from TCL Removed from Google Play Store
By bb10adopter111 in forum General BlackBerry News, Discussion & RumorsReplies: 5Last Post: 02-05-20, 02:10 PM -
KEY2 LE - Microphone Key worked until I installed a bitmoji app
By vstack in forum General BlackBerry News, Discussion & RumorsReplies: 2Last Post: 02-05-20, 12:07 PM -
Boost your productivity with these 5 reading apps, on sale now
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 02-02-20, 10:40 AM -
Norton Mobile Security reports those apps' behaviour as unusual
By Kuba JKR in forum Ask a QuestionReplies: 2Last Post: 02-01-20, 04:54 PM
LINK TO POST COPIED TO CLIPBOARD