Open ghost opened 2 years ago
I disabled all packages listed above as user (disable-user) without issues, except for incar.update (seems legit?) and com.sprd.powersavemodelauncher (can't disable: "Shell cannot change component state for com.sprd.powersavemodelauncher")
Analysis:
com.guanhong.guanhongpcb (IncarPcbTest) includes a secret dialer code and has all sorts of permissions, including phone, camera, wifi, bt, gps, storage
com.incar.update (System Update) checks Build.FINGERPRINT, Build.SERIAL, SIM operator domains: fota5p.adups.cn, fota5p.adups.com (firmware updates)
com.sprd.systemupdate (also called "System update") domains: xmlpull.org, jabber.org, www.jivesoftware.com, etherx.jabber.org
com.sprd.autoslt (AutoSLT) permissions: phone, camera, gps, storage domains: www.baidu.com
Later I'll create a PR for this issue.
com.guanhong.guanhongpcb seems to make very suspicious connections in the background on my Blackview Oscal Tab device. Do you have any background on this package? I suspect its not actually a pcb tester, but some kind of disguised malware.
Since Bmax is becoming increasingly popular I bought one of their tablets. Full GApps was preinstalled (which I immediately debloated), and as for custom apps I only saw a popup from their firmware updater.
In adb shell, though, I saw the following packages:
I'm not sure about com.sprd.* - com.sprd.firewall could be this chinese app: https://github.com/wangjicong/Android-6.0-packages/blob/master/code/apps/CallFireWall/src/com/sprd/firewall/ui/BlackCallsListAddActivity.java
As for com.spreadtrum. and com.unisoc., since the manufacturer is Unisoc, and Spreadtrum is Unisoc's former name, I assume they're some kind of system apps.
com.incar.update -> maybe the firmware updater?
no idea about com.guanhong.guanhongpcb
If anyone has more information about these packages feel free to share :)