cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

A Concern about Latest Firmware - Nokia 1

ReedPR
8: Helper
8: Helper

I recently purchased myself a new phone last weekend from Argos which is a Vodafone locked Nokia 1 which came on Android Oreo 8.1. There was a software update when I first booted up the phone which was for Android Pie with Google's latest security update from June.

 

My last Vodafone locked device I purchased was a very cheap Alba 4 which was an Archos rebranded phone manufactured in China. Suffice to say, I found out the Alba 4 device ships direct from the factory with malware written on the phone. I discovered the malware was Triada which is a nasty virus which uploads personal data direct to China. After spending months having running battles with Archos insisting this phone was malware ridden and providing proof, they eventually sent me an upgraded phone as compensation for all the data I provided to them.

 

Suffice to say I am extremely careful with any phone I have and if necessary, I will go through the system files to see what is written on the phone.

 

After upgrading to Android Pie with my new Nokia phone, I started to go through some of the system folders you can access without rooting your phone. To my alarm there I found foreign apks designed for the Indonesian and Russian market that clearly do not have anything to do with system apps a Vodafone phone should have. One example was an APK I found called 'Babe' which I'm certain everyone will agree with me when I say it sounds like no system app I am aware of.

 

There is a topic in this very community called Firmware Explained which makes it very clear that Vodafone take out system files that are not part of the UK market.

 

I would like an explanation as to why there are Russian and Indonesian apks in the phone which have very alarming names. If you want me to provide screenshots proving these are on my phone, I am more than happy to do so.

 

Having one Vodafone phone that was bought with Malware already on is bad enough, I will not tolerate it a second time.

 

Thanks,

9 REPLIES 9

BandOfBrothers
17: Community Champion
17: Community Champion

It would be helpful if you could provide screenshots @ReedPR 

 

Along with stock apps there is always some apps on the phone which will have been put on when the firmware was uploaded onto it.

 

Most can be disabled or removed  / uninstalled etc.

 

I can understand your wanting to keep as secure as possible.

 

I can't say about Nokia phones but Samsung phones have the option to install unknown sources disabled out of the box. A person has to override this to download apk files away from the sanctity of Playstore which I wouldn't recommend.

 

I assume the phone had seals on the box too.

 

 

Current Phone  >

Samsung Galaxy s²³ Ultra 512gb Phantom Black.

 

 

AnnS
17: Community Champion
17: Community Champion

Hi @ReedPR 

 

If I purchased a new phone and it has those applications already installed, I would take it straight back to Argos and ask for an exchange or preferably, ask for a refund and go to a Vodafone store and purchase a phone.  At least then you can be guaranteed there will only applications on the phone promoted by the network.

 

If the phone is branded by Vodafone with the Vodafone logo, you shouldn't be seeing those applications.  I wouldn't be surprised if this was a returned phone and the first user downloaded those apps.

 

Please see the Vodafone Online Store @ReedPR  the same price as Argos and Vodafone have the 1 Plus for £9.00 extra.

I was trying to give you a link but the forum won't let me.

 

 

 

@BandofBrothers

 

Yes I know about installing apks outside Play Store and each app you have to give permission to before you can commence to do this. With that Alba 4 device again bought from Argos, I discovered it was written as part of the boot image for the phone to silently root itself not straight away but weeks after. Once this happens, the phone starts scanning Google Play Store looking for unpopular apps which the phone somehow clones with the same APK name as one in the play store and silently installs itself on your phone. It certainly isn't the same as you can find in the play store though. Mine was called Bible Study and it had the capability of connecting to Chinese servers and sending them data of everything you do on the phone. Passwords, banking details, text messages, sample screenshots and even camera footage. It bypassed Google's security of you having to give permission to install apks from off the internet by creating them itself. Very clever indeed. Have a look on Google for 'Triada' and you will see what I was up against.

I am going to put a few screenshots up here as you have requested seeing them and I'm afraid the news is not good. I uploaded one APK to Virus Total who even Google use as part of their Google Play Protect and the results came back the APK is malicious. I looked through the .xml files and checked the activities this APK has got. It gets network security configurations from Aptoide which is an unofficial alternative to the play store except this store knowingly uploads apks with viruses and malware on them and advertises them as such. This APK has an activity called 'Fake reciever' and the capability to download files and install them on your phone silently. It is Indonesian in origin so why on Earth Vodafone UK have not properly scanned this phone with their security Android update is beyond me. I found 6 folders full of apks including several ones which have multiple overlays on. Basically an overlay on your phone means you cannot see what is really happening in your screen and an overlay has been put on to show you what it wants you to see. This is very serious. Check out the screenshots for proof.

 

@Anns

 

It is good to hear from you again it has been too long. I wish I had researched this phone properly and bought it off the store here if the Nokia 1 plus is only a tenner more! Sadly Argos was not much help the last time I tried to take a malware ridden phone back. As I only noticed the malware after 30 days of purchasing it, they said it was out of their warranty. I might contact their head office to get them to withdraw the phone from sale until it's proven safe though. Thanks for the advice hope you're well!

Screenshot_20190701-164313.png

 

Screenshot_20190701-163342.png

 

Screenshot_20190701-163333.png

 

Screenshot_20190701-163328.png

 

Screenshot_20190701-163322.png

 

Screenshot_20190701-163304.png

 

Screenshot_20190701-163256.png

 

Screenshot_20190701-164313.png

 

BandOfBrothers
17: Community Champion
17: Community Champion

Not a good experience at all @ReedPR 

 

We'll be able to see your attachments once the Vodafone Social Media Teams here authorise them.

 

That said I would certainly try to get a refund and cease using that phone.

 

The Vodafone Social Media Teams here need to report this back to their Tech Teams for investigation.

 

Argos need to do the same so please do initiate a Complaint through their channels.

 

The problem you may encounter is the understanding and experience of the frontline Argos Staff.

 

I once bought a phone from Argos and had to have it repaired. It came back with the imei not marching the one printed under the battery to the one shown on screen. i.e. cloned.

 

Luckily the Store Manager understood and offered me a replacement or another model of phone. 

 

I wish you all the best with this situation. 

 

 

Current Phone  >

Samsung Galaxy s²³ Ultra 512gb Phantom Black.

 

 

Thanks @BandofBrothers I appreciate your support in this matter.

 

I have purposely discussed this in an open forum, including screenshots as Vodafone cannot ignore me then. I struggled with Archos with the Alba 4 as they refused to believe that a phone is capable of rooting itself. It wasn't until I sent Archos a PDF from a Google Play Protect conference detailing Triada and how it is shown on devices and me providing evidence it was on my phone that they could ignore me no more. 

 

Yes I shared a similar experience to you with regards to Argos' till staff. They are there to take your money and input numbers into a till to put orders through not answer technical questions!

 

I think I will have more luck with Vodafone as they are more techy. My photos aren't up yet! There isn't any personal stuff on the pics, just a screenshot from Virus Total saying APK is malicious and pictures of my system folders! 

BandOfBrothers
17: Community Champion
17: Community Champion

I'm sure Vodafone will want to help and advise.

 

Ultimately your route however will have to be through Argos as they are the seller as per the Consumer-rights-act-2015.

Current Phone  >

Samsung Galaxy s²³ Ultra 512gb Phantom Black.

 

 

AnnS
17: Community Champion
17: Community Champion

Hi @ReedPR 

 

If you are not happy with your Argos purchase, simply return the purchase, you can even make a return through your local Sainsburys store.  They may tell you that mobile phones are not covered by the 30 day return policy but if you let them know it's likely to already be a returned product and there are some apps installed which are not standard Vodafone apps and the phone is faulty they should take it back.

 

Your other alternative will be to do a factory reset, this will clear all unwanted apps from a previous user, you can then set up the phone from out of the box and carry on using the phone as normal.

 

The Nokia 1 is on clearance at Argos and Vodafone sell the phone for 1p more than Argos and the upgraded version for only £9.00 more.

 

I hope this will solve the problem for you.

@ReedPR 

 

Looking at those screenshots you definitely return that phone for a full refund, the phone does not even look like a UK version and the apps were added 2008.

 

Don't understand where the phone could have come from but the apps would not come with a Vodafone UK branded phone.

 

Vodafone will sell you a nice phone with only Vodafone apps.

 

The only thing I would suggest is to do a little research and read reviews on the internet, this will give an indication of whether the phone is right for you.  I always recommend this site for full phone specifications  GSM Arena

 

 

 

 

 

 

 

Josh
Moderator (Retired)
Moderator (Retired)

@ReedPR I'm sorry to see that you've had this happen with your newly purchased phone, looking at the apps pre-installed on the device it's very alarming for any customer to see that.

As the phone was purchased through Argos, I'd advise you to contact them further for refund/return. Only with Vodafone being the network the phone is locked to, we haven't supplied the phone ourselves. If that apps are showing as pre-installed since 2008, it's likely the phone is in refurbished condition and I'm sure Argos would want to investigate this matter further (as I believe all phones they sell are supposed to be in New condition only).

Please keep us posted on how you get on with this. If there's any element of it that's network related we'll be happy to help where we can.

Hi @Josh. Thanks for getting back to me so quickly.

 

There is a system app on all Nokia devices which is similar to My Vodafone whereby you can have live chats with Nokia staff. I past on all I know and provided them screenshots.

 

Actually the date of installation of these apps in 2008 isn't entirely correct. Usually phone manufacturers will put date of installation of system apps as 1/1/1970! I don't know how phone manufacturers manage it or the reason behind it, but putting a date that is much earlier than when they actually install system apps is very common indeed. For example all system apps, including the latest Android Pie additions on my phone were all apparently installed 31st December 2008. 

I have decided I cannot keep this phone any longer and will take it back to Argos. Before I do, I plan on going on Reddit and bring it up there as the people who use that site are extremely knowledgeable when it comes to tech. And also very vocal too ;o) 

I have a feeling some of these apps are for other countries around the world so instead of configuring each device for each country, Nokia have been lazy and just dumped everything together.

That doesn't explain the malicious APK I found though. I have sent the APK direct to Google Play Protect for them to analyze. Google are white hot when it comes to devices that come preinstalled with malware as I found out myself.

 

@AnnS as always you provide good advice and I will take it onboard. Unfortunately at the moment, my reasons for purchasing this device was not all my own choice. It was cheap and on sale in Argos and at the moment needs must. I will look at the phones on Vodafones site to see what they have on offer.

 

@BandofBrothers yes you are completely correct in saying this is Argos' responsibility and they have to take part accountability here along with Nokia. I do not know what the deal is with Vodafone and how it comes about that this device is locked to their network but you can be sure Vodafone will be getting a good deal out of it. Out the three companies involved - Nokia, Argos & Vodafobe, I think it's fair to say Vodafone are the lesser of evils to coin a phrase. Saying that though, if you sell a phone with packaging that has Vodafone all over it, they too must also take some responsibility for this. I hope Vodafone will be taking this up further, if anything to safeguard the customer base they already have.