Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification (theregister.co.uk) 42
An anonymous reader quotes a report from The Register: Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them. Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur.
Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."
Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."
notifications (Score:2)
Notifications are sent via google service, app just says google that it is subscribing, and if you disable app - you would still get notification.
Re:notifications (Score:5, Insightful)
Overall this shows that the preinstalled apps are a cause for concern - especially if they can't be uninstalled.
Re:notifications (Score:5, Insightful)
Pre-installed apps provide a value add that most people feel they've payed extra for
Nobody thinks that.
it's the occasional nitwit like you that makes a lot of noise and gives them a bad name.
No, actually everyone thinks they suck. If you need an app, it can be installed in seconds from the Play Store. There is no reason to preinstall anything but the Play Store itself and some very basic functionality like the phone dialer and a launcher.
Re: (Score:2)
Re: (Score:3)
No idea, I'd buy that! Just think of it, no wasted space on your phone and you can install anything you like right from the app store, what's not to like?
Re: (Score:2)
Buy a Pixel directly from Google. Still has some basic stuff installed (mail, maps, calendar, etc..), but you can delete anything you don't want without having to root the damn thing.
Re: (Score:2)
OK lets make a phone that has no preinstalled apps at all.
I'd buy that phone over any other. It'd sell.
Re: (Score:2)
Re: notifications (Score:2)
The best hardware? It's one of the crappiest phone design ever. The screen barely responds because the CPU is too weak, the infinity edges respond just by gripping the phone (literally a case of "you're holding it wrong"). The screen is supposed to be pressure sensitive but the edges between (3/4) actions are so thin you end up more aggravated and everything you brush at launches. The thing is slow has poor reception and doesn't even reliably connect through a device, cycling quickly through several USB mod
Re: (Score:2)
A better option would simply be icons that go directly to the app store. If you really need it then downloading is easy. If you don't then just remove the icon.
Re: (Score:2)
Re: (Score:1)
Pre-installed apps are only a value-add to the phone maker. It allows them to sell space to third parties that are willing to pay to get mass distribution of their apps.
Honestly, I'd buy a phone that comes with an empty slate, but only to a certain extent. For example, it probably should come with Google Play Store (and that's about it.)
As an aside: can you imagine if Windows doesn't come with Internet Explorer? How would you download Firefox or Chrome? :-D
Re: (Score:2)
OK lets make a phone that has no preinstalled apps at all. It's just a terminal. Gee, why isn't it selling???
Let's get the terminology figured out first. This isn't a case of "preinstalled" apps in the sense that they went through the installation process. These apps are for practical purposes compiled into the operating system. Thus "disable" is the only option, which one wonders just how disabled it really is. If they were pre-installed then the reverse, uninstall, could happen. But it cannot. So, better to suggest "OK, let's make a phone that has only preinstalled apps and no impossible to remove baked in apps
Re: (Score:2)
Re: (Score:1)
Re:notifications (Score:5, Insightful)
I can see the value of having pre-installed apps, apps that many people would like and probably even miss if they were not there. Lots of people want to access Facebook (I don't), organize their pictures (I don't) or watch their favorite Netflix shows while on the train (I don't).
I can not see the value of not being able to get rid of them (I indeed do!).
Re: (Score:1)
I can see the value of having pre-installed apps, apps that many people would like and probably even miss if they were not there. Lots of people want to access Facebook (I don't), organize their pictures (I don't) or watch their favorite Netflix shows while on the train (I don't).
I can not see the value of not being able to get rid of them (I indeed do!).
I bet you used the CDs that come in the box for installing your printer drivers too don't you?
The apps are obsolete before the image is even created. The only thing this does is give freshly-reset phones an additional unpatched attack vector. The companies publishing them just don't want to risk alienating any profit by practicing best security standards or (gasp) give users a choice in not having them forced in your face.
Re: (Score:2)
All true, but in the end, these apps are what makes the phone so cheap. So having them pre-installed is what makes phones more affordable. I wouldn't mind buying one without the crapware at a higher price, if that's what it takes, but if that's not available, what can I say?
The problem I have with it is that I can't even patch that attack vector by removing it.
Re: (Score:1)
Re: (Score:3)
Pre-installed apps provide a value add that most people feel they've payed extra for ... it's the occasional nitwit like you that makes a lot of noise and gives them a bad name.
In that case, why is it impossible to remove it? Answer, because no-one wants this crap and would immediately uninstall it if they could.
Re: (Score:2)
Actually, I feel I paid for the memory these things take up that I don't get. In other words, these things steal my money.
Re: (Score:2)
Pre-installed apps provide a value add that most people feel they've payed extra for ... it's the occasional nitwit like you that makes a lot of noise and gives them a bad name.
These are the exact reasons I will NEVER buy Samsung phone. Google Pixel for me.
You can only disable the stock apps on samsung thr (Score:5, Informative)
You can only disable the stock apps on samsung through their enterprise licensing service(they keep changing the name of that whole scheme but it gives you elevated access to the os. if you have that you can disable built in samsung apps and firewall stuff.
by the way normally you will see even if you run a vpn the phone calling home in the logs specifically requesting non vpn access to some apps.
Also what the phone does is phone homes and if the imei matches on a list on pre-enrolled devices it automatically will install whatever mdm software was specified through that service into the phone - look let's just put it in real terms it has a built in backdoor accessible to samsung - much like it would need to have for theft prevention software and such - but the point is that samsung can use this service to push anything it wants on the phone without notifying the user.
Re: (Score:2)
And people wonder why I have more faith in a ROM I downloaded from xda-developers...
Re: (Score:2)
Good info, thanks! Here's a link to the enterprise licensing service sign-up [samsungknox.com].
You *can* disable the stock apps on samsung (Score:3, Interesting)
You can disable stock apps. Many stock apps don't let you disable them directly, but if you connect from a computer using ADB, you can issue commands to disable apps for a specific user (i.e., user 0). If you do that, the app doesn't run and is fully disabled.
I used that to disable the Bixby app so now that stupid button does nothing. I also killed off most of the other apps that I don't use. I didn't kill the one that sent the notification, though; I'll have to look into that.
Re: (Score:2)
you think so but no you cannot do that on currents through adb on unrooted phone, with earlier androids you could do it for most packages. the bixby hack functionality change through adb is kind of related, but not really. you can disable SOME built in apps but not all. to disable bixby from doing anything you don't need the adb connection hack even, you just need it to change the functionality to some of the possible other functions.
the point is that there's a bunch of packages that can't get disabled thro
Re: (Score:2)
At least on my Samsung S8 with Android 9, I can disable anything using the disable-user trick.
adb shell pm disable-user --user 0 [package_to_disable]
This is a separate mechanism from the general disable, which does not work on all apps, but the per-user version works on everything.
Re: (Score:2)
does it work on the gearvr, knox, etc?
Re: (Score:2)
This should be modded up. If open source developers want to overthrow M$ on the desktop, they need to do better than this. Yes, I have seen this kind of shit with both open source and closed source* software, but the Open Source community needs to be 'selling themselves well' (in a sense) to the general public to gain their trust. Weird .bat files and closing without any error message erodes that trust.
*Oh yeah, the commercial example I was talking about was a Dos game compilation CD which had Paperboy, amo
Not only is the app disabled (Score:2)
But I have no Samsung account. And I too got the notification.
I really wish Samsung would allow you to remove their apps. Some are decent but most are duplicative and useless.
Samsung should offer users a choice (Score:2)
Re: (Score:3)
The preinstalled Samsung crapware is one of the major reasons why I choose to not have a Samsung phone. When I had a Samsung phone, all the background processes spawned by all that crapware slowed my phone by about half.
My Honor 6x, on the other hand, came pretty bare, with only a minimum of unnecessary apps (Gallery, Themes, Music, Video, Calendar). Its performance two years later is the same as when I first bought it, and at only a third of the cost of my previous, over-priced Samsung). The Honor 6x's
Re: (Score:2)
I had a Samsung Galaxy Tab 7" that was so slow out-of-the-box that the on-screen keyboard lagged. Yeraas later I rooted it and found a process that was eating 100% of 1 CPU core. I deleted the file and the problem went away. Almost the same story on my Galaxy S5 - rooted it, and it was like a brand new phone.
Jesus is that headline a parsing trainwreck! (Score:2)
Now you know why punctuation and compound words were invented.
Re: (Score:2)
Use quotes, swap "cops" for "admits", remove "1/1" and it's much more legible.
From
"Samsung Cops To Data Breach After Unsolicited '1/1' Find My Mobile Push Notification"
to
"Samsung Admits To Data Breach After Unsolicited 'Find My Mobile' Push Notification"
A small number? (Score:2)
A small number like "100", or a small number like "10,000,000"?