this post was submitted on 18 Jun 2026
263 points (99.6% liked)

Mildly Infuriating

46371 readers
1070 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that. Please post actually infuriating posts to !actually_infuriating@lemmy.world

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...

4. No Porn/ExplicitContent

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...

5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

7. Content should match the theme of this community.

-Content should be Mildly infuriating. If your post better fits !Actually_Infuriating put it there.

-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.

...

8. Reposting of Reddit content is permitted, but attribution is not required in any way. No links to Reddit in post body

-If you would like to provide a source link, do so in the comments but not in the post body.

...

...

Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 3 years ago
MODERATORS
LillianVS@lemmy.world
Tenthrow@lemmy.world
Lasherz12@lemmy.world
263
I found pre-installed (unremovable) malware on my phone, and ESET doesn't seem to be checking system apps... (Ulefone Armor 24) (sh.itjust.works)
submitted 1 day ago by testaccount789@sh.itjust.works to c/mildlyinfuriating@lemmy.world
60 comments fedilink hide all child comments
 

TL;DR: If it's also integrated into firmware, it has full-device access. If it's just this specific app, per Kaspersky, it still has "elevated privileges" and can install crap. It cannot be disabled without breaking the UI.

Doing a scan without copying the apk:

As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.

Anyway:
VirusTotal report

Found 4 months ago by Kaspersky

And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects "nearly 50 models".

From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn't seem to resolve to anything at the moment.

Also something interesting from Kaspersky:

When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.

Now what?

I've been using it for nearly 2 years, so there's that...

I am thinking of contacting the retailer I bought this device from, as it's still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there's the chance of just getting a copy-pasted answer.

As for my particular unit, I'll probably try to update the software to newest version to see if it's still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I'll have to deal with that. I also hope it won't make me loose access to MediaTek EngineerMode band selection as that's something I quite want to keep using.
Or perhaps try to return it under warranty.

Since QuickStep also controls navigation (both gestures and 3-button) it can't even be disabled even if I used alternative launcher.

top 50 comments
sorted by: hot top controversial new old
[–] abc@suppo.fi 9 points 12 hours ago

Don't buy Chinese phones.

[–] Swedneck@discuss.tchncs.de 10 points 13 hours ago (1 children)

and this is why i make sure any phone i buy is supported by a reputable project like lineageos.

[–] testaccount789@sh.itjust.works 4 points 8 hours ago* (last edited 8 hours ago)

Yeah...
This time I specifically went with MediaTek to have access to band selection, but MediaTek is basically all of the nails in the coffin when it comes to custom ROMs.
Other option for this would be a closed-source app like NSG with root access (meh).
Or a full-fledged Linux phone so I could just use mmcli like a normal person. That seems to exist at least on PostmarketOS: https://wiki.postmarketos.org/wiki/Modem (unless it's limited in function somehow). I did test it with DWM-222 modem.

MTK Engineer Mode usually gets removed, which isn't surprising as it includes tools like TX-test (for both WiFi and cellular modem) and someone on XDA posted a screenshot of it having IMEI change option. Both of those are likely illegal (probably not for WiFi as that's in license-free band).

[–] possiblylinux127@lemmy.zip 18 points 17 hours ago* (last edited 17 hours ago) (1 children)

Can you post some more details such as device type and country of origin

Esit: I somehow skipped over the title. Is there a reason you went with ulefone? They seem to be shady Chinese company with poor reviews

[–] testaccount789@sh.itjust.works 3 points 8 hours ago

Is there a reason you went with ulefone?

Unique hardware, and manual band selection (within MTK Engineer Mode).
For the band selection my only options are basically some manufacturer who didn't bother to remove factory test tools (rare) or a Linux phone (e.g. PostmarketOS).

[–] WhyJiffie@sh.itjust.works 5 points 16 hours ago

From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn't seem to resolve to anything at the moment.

it could have other records, like TXT records or something else. It is usable as a channel for one way communication

[–] urheber@discuss.tchncs.de 27 points 1 day ago* (last edited 23 hours ago) (3 children)

Help I just bought an armor 21...

(You can contact ulefone, and ask for the firmware for your device, they will send it to you!) I did that, rooted my phoen and removed all google BS with an ADB tool. I hope I'm safe Edit:

LITERALLY CRASHED AND STOPPED WORKING AFTER WRITING THIS COMMENT.

Edit: Doesnt turn on

Edit: Bootloops.

[–] WhyJiffie@sh.itjust.works 5 points 16 hours ago (1 children)

you can't just remove everything by google that way. the google mobile services package is intehrated to the system in such a way, that uninstalling or even just disabling some of the core google packages will make it bootloop. I don't know the specifics, but if you want to tinker, have a look at the opengapps installer. see what it is exactly doing in the package for your android version, and try to undo them manually with root. be aware though that its an unofficial project, manufacturers don't use it, but trying to remove opengapps results in the same situation, so its installer can help you make sense of how is it installed.

[–] urheber@discuss.tchncs.de 2 points 14 hours ago

Gid, it worked just fine for a week after removing an abundance of spyware!

(Works again, I'm currently on the device) It was just haunted, dotn worry

[–] x00z@lemmy.world 7 points 18 hours ago

I admire your honesty.

Good luck.

[–] diaphragmwp@discuss.tchncs.de 3 points 21 hours ago

Is it new enough for GSI? Try some GSI build, like this. Won't work if it's one of the "32-bit mode" bs phones.

[–] Zachariah@lemmy.world 58 points 1 day ago

~~mildly~~ infuriating

[–] Tollana1234567@lemmy.today 8 points 1 day ago

bloatware is very hard to remove from a phone.

[–] Agent641@lemmy.world 3 points 21 hours ago (1 children)

I have a Ulefone Armour 27T pro and it's really good except for the preindtalled bloatware and that fucking duraspeed thing which, even when disabled and uninstalled via adb, still seems to fuck up my WhatsApp and textra notifications. It's so infuriating that I don't use it as my everyday phone anymore. Very disappointed

[–] testaccount789@sh.itjust.works 1 points 18 hours ago (1 children)

Yeah, DuraSpeed. That even kills alarms if you try to use them.
To be fair, so did my previous Xiaomi Poco. And my Motorola also had a ton of bugs after its very last update (which almost feels intentional).

When did I not have issues? Custom ROM. Upgrading that phone from Android 8 to Android 11 (PixelExperience) even made it miles faster. Oh, and whoever ported it to that phone also made sure to include Moto actions.
There was just one problem. Due to some incompatibility, they couldn't get encryption to work. Trying to enable it would brick the phone.

But I guess it makes sense that someone who is fueled by passion rather than money does a better job.

[–] Agent641@lemmy.world 1 points 8 hours ago (1 children)

Did you use a custom ROM on the Ulefone? If so, which one?

[–] testaccount789@sh.itjust.works 1 points 8 hours ago (1 children)

No, sorry for the confusion, I was speaking about the Motorola. I can't find anything for Ulefone.

[–] Agent641@lemmy.world 2 points 8 hours ago

Damn, neither can I, and I've tried.

Guess it will just live in my lab as a thermal camera and microscope 🤷

[–] carrylex@lemmy.world 19 points 1 day ago (1 children)

Buying cheap stuff from some obscure company at the other end of the planet sounds like it will make situations like this inevitable...

[–] testaccount789@sh.itjust.works 15 points 1 day ago (3 children)

Eeeeh, some of these are far from cheap. For example, the Armor 34 Pro that I was interested in is EUR 750.
Unique hardware, that's why. Otherwise I'd have gotten Moto G54 5G. Actually, I tested both, I just liked the Armor 24 more hardware-wise.

Lots of modern electronics feels too boring as it's all the same. Phones, laptops, TVs, they especially feel like copied homework.

[–] carrylex@lemmy.world 4 points 18 hours ago (2 children)

Armor 34 Pro

Okay I just had a look at that and wtf is this smartphone, battery and projector abomination?

How about just buying projector instead? Because that thing will never fit into your pocket anyway...

Moto G54

Yeah that's at least a normal phone.

[–] Sylvartas@lemmy.dbzer0.com 4 points 16 hours ago

The first amazon listing I can find for the armor 34 pro has "andriod 15" on the back of the phone lmao

[–] testaccount789@sh.itjust.works 2 points 18 hours ago (1 children)

I daily drive the Armor 24 which is just a bit thinner. I am a man, so it does fit into most of my pockets (I hear women's clothing has chronic lack of pockets).

I am just that tiny bit of market who likes very unusual things. Unihertz also has some Blackberry-style phones (Titan series), but they don't sell around here, and it's not a brand trustworthy enough for me to import it with basically no warranty.
By the way, Unihertz seems to fund new models via Kickstarter, which I find a bit funny.

[–] punchmesan@lemmy.dbzer0.com 1 points 11 hours ago (1 children)

Not that I care, but there's a funny contradiction here. You don't consider Unihertz a trustworthy brand, but you do (or did) consider Ulefone a trustworthy brand? Even a cursory, 30-second search for Ulefone doesn't find anything good to say about them aside for the novel hardware. Did they have a better reputation at the time?

[–] testaccount789@sh.itjust.works 1 points 8 hours ago* (last edited 8 hours ago)

I didn't say I consider either trustworthy/untrustworthy.
It's just that I don't trust the devices enough to keep working (or even do so well) to basically waive my warranty (by purchasing it from wherever they sell it).

Otherwise, it seems Unihertz has a better record (I didn't find mentions of embedded malware) than Ulefone.

If I can buy it here, I have 14 days to return it and 2 years of warranty. When I was choosing a phone, an employee of the store just told me to buy all of which I am interested in, test them, keep 1, return the rest. So I bought 3 phones and returned 2.
Not something I could do if importing a device.

load more comments (2 replies)
[–] semperverus@lemmy.world 10 points 1 day ago (1 children)

Develop a root method for your phone, gain sudo access, and remove it via command line

[–] MonkderVierte@lemmy.zip 3 points 23 hours ago (4 children)

There's no sudo on Android.

[–] xep@discuss.online 2 points 9 hours ago

Yes, you must root first.

[–] Swedneck@discuss.tchncs.de 3 points 13 hours ago

what? are you being pedantic because it's actually "su"?

[–] testaccount789@sh.itjust.works 5 points 18 hours ago

There is if you use Termux (on a rooted device).

Termux has been the most important app on my phone. I just get the familiar CLI for everything. For example, MTP has been unreliable in my experience, there's probably lots of apps in Play Store to send/receive files of questionable quality.
And then with Termux I can just rsync over SSH as usual.
Or browse files with SSHFS.

[–] semperverus@lemmy.world 3 points 18 hours ago

There is with tools like magisk and some others that have popped up.

[–] Waterpumpee@lemmus.org 25 points 1 day ago (1 children)

change all your passwords you used with that device. then depends, can you afford a new phone? Go with a more known brand. If you can't, start learning mandarin 😅

[–] testaccount789@sh.itjust.works 17 points 1 day ago (1 children)

Yeah.
It sucks as usual manufacturers don't make such crazy devices. This thing has a 22,000mAh battery and quite strong light at the back. And yes, it's a quite heavy brick (647g or 1.43lbs).

I didn't find anything better to compare the thickness to, so here it is next to a 1RU switch and a dumphone:

They have even larger phones, but this is already a second time they've had malware, so I don't know about that...

[–] socsa@piefed.social 22 points 1 day ago* (last edited 1 day ago) (2 children)

If it makes you feel any better, that's probably not a 22AH battery either. Stop buying phone on Temu.

[–] Agent641@lemmy.world 5 points 21 hours ago (1 children)

The battery life on Ulefone devices is one thing they don't actually skimp on. I have one and it will go days without a charge. Performs as advertised. And switched off, left in a drawer for 6 months, it didn't drop a single percentage of battery charge.

[–] socsa@piefed.social 2 points 19 hours ago (1 children)

I don't doubt the battery is big, but a 20AH 1S battery pack is still somewhat larger than the phone in that picture .

[–] Agent641@lemmy.world 8 points 19 hours ago* (last edited 19 hours ago) (1 children)

Ah... The phone in question is not the black thing in the foreground. It's the silver thing with the gold button at the rear right. They are chonky, and yet still surprisingly heavy.

[–] socsa@piefed.social 3 points 12 hours ago

Oh lmao

[–] testaccount789@sh.itjust.works 9 points 1 day ago

There's quite a few devices like this (from other brands as wall). On a full charge with heavy use it lasts me 5 days. The capacity also checked out with a USB tester, although I only tested it during charging from something like 5%.

I could also try a discharge test, but that's going to take around 8 hours (10W max output). If you trust whoever did this test, they got 57 hours of screen on time for video streaming: https://www.devicespecifications.com/en/editor-review/c8a7ef/9
That has to fit somewhere.

Anyway, I got it on Alza. I wouldn't trust shops like that with anything above, say, EUR 50. Especially not Temu, though I haven't used them personally. The most expensive stuff I got on Aliexpress was around that sum. Two Heltec ESP32 boards with LoRa and RTL-SDR v3 (with the antenna kit).

load more comments
view more: next ›