Eric456

Trying to determine if Android system app is pre-installed malware

Recommended Posts

Hello,

I've been a longtime user of Emsisoft anti-malware software on my laptop, and I trust Emsisoft as a company, which is why I am coming to you for help. After I installed the McAfee Mobile Security app (the pro version came included free when I bought my new laptop) on my old Alcatel POP 4S phone (which runs Android 6.0), I ran a scan, which reported that a pre-installed system app made by Mediatek, called "Device Management," was in fact malware. (The "package name" of the app is “com.mediatek.dm”.) McAfee described it as a "high threat risk" which was "designed to secretly access your device and personal data."

I then installed a number of other mobile security apps (including Emsisoft's) onto my phone to see if they could confirm that this system app was indeed malware. None of them did, with the single exception of the Sophos Intercept X app, which described the “Device Management” app as a “malicious object,” which has the ability to do just about anything it wants to on my phone without my ever knowing about it.

I'm thinking that there's a pretty good chance that this threat identification is a false positive, since most of the anti-malware apps that scanned my phone did not identify it as malware. In addition, I did internet searches to see what others were saying about this "Device Management" app, and could find hardly anything. There were a number of articles talking about the problem of pre-installed system app malware in general, but not about this particular system app.

So I was hoping you could let me know--so I can put this matter to rest once and for all--whether this particular Mediatek system app is in fact pre-installed malware that I should be worried about, or if a false alarm was issued by these two mobile security apps.

I wish to emphasize that I am not looking for help removing this system app from the phone. (In fact, I'm worried that if I tried to remove it, it would render the phone completely inoperable.) I no longer use the Alcatel as my primary phone (I transferred its SIM card to my new phone), and I no longer enter any sensitive data, such as passwords, while using it. My only concern is knowing whether I need to change the passwords that I have entered on that phone in the past. And since I have a lot of passwords, that would be a big job for me, so it's not something I want to do unless I can know with adequate certainty that this system app has indeed functioned as malware in the past.

In essence, my real question is this: Is there any actual evidence that anyone's passwords and other sensitive information have ever been remotely transmitted by this “Device Management” (com.mediatek.dm) system app without their knowledge? Or were the McAfee and Sophos apps merely speculating about the danger that might be posed by this system app?

I really appreciate your help with finding a definitive answer to these questions so that I can put my mind at ease.

Share this post


Link to post
Share on other sites

Hello,

Thank you for reporting this issue. Without an actual file there is nothing we can do to check this. My recommendation would be though to contact McAfee and ask them to check if this is a false-positive since it is their application detecting it.

Share this post


Link to post
Share on other sites

@Eric456  - can you plug the phone into a pc and see the app's apk (?) file?  Or if there's a file-manager app on the phone can it see it (and maybe copy it elsewhere)?

Share this post


Link to post
Share on other sites

I tried using several file manager apps and was unable to locate the file.  I saw other com.mediatek.* apps, but not com.mediatek.dm in particular.  I don't know what the file path is, and searches in those file manager apps didn't turn up any results.  I can see the app information for the Device Management app displayed in Settings/Apps (when system apps are not hidden), but I don't know how to access the actual file.  I read that all pre-installed apps are located somewhere in the "system" folder, but beyond that I'm not sure where to look.

Share this post


Link to post
Share on other sites

Okay, I think I found the file.  It turned out to be in the "System storage\system\priv-app\dm" folder.  Please let me know if I did something wrong in the process of saving and/or uploading the file.

dm.apk

Share this post


Link to post
Share on other sites
39 minutes ago, Eric456 said:

Okay, I think I found the file.  It turned out to be in the "System storage\system\priv-app\dm" folder.  Please let me know if I did something wrong in the process of saving and/or uploading the file.

dm.apk 264.56 kB · 1 download

You say EAM has no issue with this file, did you ask McAfee why they flagged it?

Perhaps just change your passwords anyway and it will set your mind at rest as you say that is what concerns you.

Share this post


Link to post
Share on other sites

It's a legitimate file,  created by TLC (the owner of Alcatel). The McAfee detection is a false-positive.

Share this post


Link to post
Share on other sites
On 7/30/2020 at 1:42 AM, Elise said:

It's a legitimate file,  created by TLC (the owner of Alcatel). The McAfee detection is a false-positive.

Thank you.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.