Key2 TCL APP's loaded via "Preview" Chinese menu.
Arrived just now. Possibly TCL's own app store.
Since I knew nothing about it, I deleted it.
Printable View
Key2 TCL APP's loaded via "Preview" Chinese menu.
Arrived just now. Possibly TCL's own app store.
Since I knew nothing about it, I deleted it.
This is the mystery app shown in Blackberry Preview on the Key2 attached to updatesAttachment 447029
I deleted it as well. It showed up on my KEY2 device without any notice whatsoever. When it was "installed," it did not register on the DTEK app (which I have tracking all app installs), which is very suspicious. Apparently, the "Preview" app (which does not show up on DTEK's list of apps, and cannot be disabled) is indeed the culprit.
I only found out it was an app by TCL Communication Ltd., once I read the app's privacy policy. That the remaining lone hardware manufacturer of "The World's Most Secure Android Device" could install shady apps like these is worrisome.
What immediately tipped me off that this app is highly suspicious were the app recommendations, and the kind of shady marketing tactics (used to promote particular apps) that are reminiscent of malware. Plus, it has some kind of "battery cooler" feature often found in junk apps like Clean Master (pub:Cheetah Mobile).
In sum, I cannot possibly see any net positive that could be derived from installing and using this very suspicious app.
Same thing with KeyOne from Optiemus (https://forums.crackberry.com/blackb...ew-app-1151545)
This worries me beyond comprehension. And yes, DTEK was absolutely unaware of this, meaning that the "help" app has way more privileges and permissions than the security core of the device. I don't know if I want to keep using BlackBerry device anymore: I never had such blatant behavior of built-in apps in any other Android devices before.
How do you delete this. I have found it in the app drawer but when I touch and move it to the top it just goes to info about app.
Indeed worrisome... @wtigga can you confirm the following is Russian (Cryllic)?
It's hardly surprising, as the Preview app is designated a core component and gets an exception as a result.
So if somebody hacked into a TCL server.... ????
As opposed to a BlackBerry server?
Wouldn't a change to a core app have to be updated through a software update?
That too!
I'm still trying to figure out what's going on here. I'm assuming it's only going out to non Google devices.
Edit: I assumed incorrectly.
Both my Keyone's have it showing in the Preview app. I'm googled.
This is technically Russian, but I can guarantee that it is written by a Chinese person without language skills:
1. It lacks spaces between words (common mistake for Chinese who doesn't have spaces in their language)
2. It has Chinese comma ,
3. Grammar is close to nonexistent, probably translated by a bad MT.
I don't know what quality and/or security of the code (the one user can't see) can one expect when they have this kind of attitude to the things visible to the end user.
Mine had Google services from the box. BB100-7. I haven't got a single security update in 11 months yet I got this bloatware update somehow.
This Preview app has hidden permission to install things like Clean Master (Chinese app) and "App" store (no idea where did those came from). So you don't have to hack into TCL or BlackBerry service, just hack into any of the two aforementioned apps. I used to work in a Chinese company and I know that you can expect little to none privacy or security concerns from their developers.
Just force stop the preview app, and disable the "drawing over other apps" permission.
Then it can't do anything anyway.
I have a Rogers KEYone and I have been checking for this app since I saw a thread a few days ago. I didn't have it this morning and now it shows as an update available. WHAT??!!
It doesn't have permissions to install apps from third parties and yet I got "App" installed silently anyways.
I have notifications disabled and yet it pops up notifications suggesting install Clean Master; when long pressed, the system says I can't disable notifications for Preview.
At this point, I assume the whole system is compromised.
Doing it now.
That's not what I mentioned.
I understand what you said, but given that the Preview app ignores other settings and permissions, I doubt that disabling "drawing over other apps" would really help. So far only hiding it in the locker helps from unsolicited notifications and actions.
If an app is allowed to draw over others, it can pretty much do anything it wants. It doesn't need the other permission you refer to.
Wouldn't disabling background data access also be advised here?
FWIW: My Key2 LE BBE100-5 has not had the aforementioned icon appear. Will have to get home to check my old Key2.
Guys, don't use any Android device without at least two months old security patch.
You might lose very important things with such security breach.
When I tap on the "Data usage" of the Preview, it moves me to the data usage page of Android OS. In other words, I can't disable background data access for Preview.
Also the app restarts itself after force-stop after some time.
I don't even receive any security patches since January. As Optiemus support said,
([email protected])As per your below mentioned mail would like to inform you BlackBerry KeyOne updated build number in ABP244. If your handset on the same build number so it’s already updated, If we have any information for upcoming software update so we’ll let you know.