Ads, Ads, Ads...


 Share

Recommended Posts

Mindovermaster
7 hours ago, Nick H. said:

Nope. It's not within Android. There is an app somewhere that is giving the ads.

I meant that as an app. Some bloatware that they added to it.

Link to post
Share on other sites

+jnelsoninjax

OK, could @Mindovermastergo through and remove every app (even though you will run into apps that can not be removed without using adb), sure. Will it likely help? Possibly, but as he has stated he did a factory reset and the issue came back, so that leads me to believe that the issue is an app that is installed with the phone (again it will be very troublesome to diagnose this 100%) So he is then left with 2 feasible options: 1)Look into a custom ROM, which may be a good solution, or 2) continue to use Ad Guard and be happy with the results. Me personally would choose option 2, without a very clear idea of what these ads are (if I could see them, I might be able to tell where they are coming from) I have only ever had a problem like is being described on a phone that was given to me free by the Government (low/no income or getting benefits from the state) and it took me weeks to find the culprit. 

  • Thanks 1
Link to post
Share on other sites

  • 5 months later...
Mindovermaster
Posted (edited)

Update for y'all.

 

I think I found the culprit here. It was the Google Play Store..

 

I originally thought it was, but couldn't find any way to disable the ads.

 

I just looked everywhere online, and found these two options:

 

This one I found on a normal "take ads off from Play Store"

 

1. Go to Apps > Google Play Store

2. Then click on Storage.

3. Clear data and cache.

 

That solved about 75% of my ads, but certain ones are still popping up, so...

 

THEN I saw another guide. Guy was quiet as F when he did his YT vid, but

 

1. Apps > Google Play Store

2. click on "Open supported links"

3. set it to "Don't open in this app"

 

BUT, That still did squat!

 

So, In another app, they suggest for you to factory reset your phone. I have actually done this in the past, but will that actually solve my issue?

 

Should just get a PinePhone... LOL

Link to post
Share on other sites

aphanic

So... I read through the whole thread, I thought the last post was going to be some sort of "I'm having the same situation" or something given the thread started at the end of last year, but it's the OP with an update! :)

 

Anyway, I don't think it has to do the Play Store (or Play Services), but I can't back that opinion up with anything concrete, it's just a hunch derived from my experience with different models from different manufacturers. I think @Nick H.was close if not on point when he mentioned the launcher.

 

If the ads you're seeing appear after unlocking, it's something backed in. Assuming you've gone through a factory reset at some point that is, if not that'd be the first thing you should try. Some manufacturers bundle sh¡t in their software, sometimes even on purpose through shady deals, but the G4 is a rather popular device (or was) so I don't think that's the case. At least not at the manufacturer level, it could have been done by Twigby if it's running custom software "tweaked" by the operator, but if I were to hazard a guess, I'd say it's the app that handles the lock screen or one able to know when you unlock the phone and that requires special permissions.

 

Xiaomi for example is a manufacturer that bundles ads pretty much everywhere they can (although I think you can disable them all): you install an app from the Store, ad, use the file manager, ad, use the music / video player, ad, go to the "Downloads" app to open something you downloaded from there, ad, the BS "Security" app with a bundled "Cleaner", ad; you get the gist. I bet they earn a pretty nice sum through all that plus data mining their users, but I'm going on a tangent haha.

 

Back to the point, ideas on how to ID who's pushing the ads after unlocking the phone if a factory reset doesn't do it:

  • Post a list of installed packages to a pastebin-like site and post a link here, we could take a look and see if any rings a bell or is fishy. I think an easy way to get a list would be through a terminal, either on the phone itself or through ADB, "pm list packages" ( with a "| sort" maybe ) should do the trick.
  • Track and correlate every network connection the phone makes to a package (read: app). It may be easier said than done if we think in terms of an HTTP(S) proxy like Fiddler, Burp, Charles, etc., but maybe you could use an ad-blocker like AdGuard (not the version in the Play Store, go to their site, it's a paid app, but there's a trial period and should be enough), AdClear or something else that implements filtering by creating a local VPN (I'm not really versed into the kinds of apps that do).

For that second option, whatever you use, you'd probably need to disable any ad-blocking filter and just log the connections (after all you want to know when to go to the app and look at the log). The program should feature logging though, this is an old pic that I could find from AdGuard:

 

log@2x.png?version=2901

 

Because you're running Android 7, depending on the app that is showing you that ad and whether it's being served via HTTPS or not you may not be able to see it clearly. I think it was around that time when developers were able to disregard certificates in the user store so intercepting HTTPS traffic via a user cert may not work, but it's worth a try anyway.

 

Again, just a hunch, I've seen similar things happen on different devices, although they were all from small-ish companies.

Link to post
Share on other sites

PeRTeX

Some phones purchased through Amazon are bundled with ads to have the price lower than when you buy it somewhere and unlocked... I have never purchased anything from Amazon but I have read this somewhere before...

Link to post
Share on other sites

Mindovermaster
Posted (edited)

@aphanic, I actually have AdGuard. I signed up fort some deal (think it was $50 for lifetime or something)

 

I still have it on my phone, and is currently running, but it does not block EVERY ad to mankind. No anti-virus can.

 

Motorola is actually owned by Lenovo, so they are a well known business.

 

Twigby is based off from Sprint. So I don't see that much bloatware from them. All I see is a lot of google crap.

Link to post
Share on other sites

Mindovermaster

Edit: My dad is looking at it now. He found NOTHING after he turned about EVERYTHING off. So...

Link to post
Share on other sites

DJ-Light

Try changing your launcher.

Do you have a QR scanner in your app list? Uninstall and check.

 

Do a factory reset, download your apps one by one and check when the ads appear.

Link to post
Share on other sites

Mindovermaster

I have the default Android launcher.

 

I did have a QR scanner. And yes, I did remove it. I do not know if it got solved, as in it takes a few hours for ads to show up again.

 

I can look at it tomorrow. (checks watch) or.. umm, later today.. (12AM here)

 

If all else fails, yes, I will factory reset. But we're trying to get down to the nitty gritty.

 

(escuse me if I'm being mean) I just thought of this analogy.. "I don't want to kill the wolf, I want it's dick"

 

I should get to bed.. :laugh:

Link to post
Share on other sites

Nick H.

If the option to do a factory reset is back on the table, then most definitely go for that. It's been 6 months and you haven't been able to pinpoint the source of the issue, I'd say that means that it is time to nuke it.

 

But here's the thing: when you factory reset it, don't do anything with your device. First you want to be sure that the ads are gone. Then you want to install your applications slowly, checking each one to see if the ads start appearing again.

  • Like 1
Link to post
Share on other sites

aphanic
Posted (edited)
7 hours ago, Mindovermaster said:

I still have it on my phone, and is currently running, but it does not block EVERY ad to mankind. No anti-virus can.

It's not an antivirus to begin with, but you should not be interested in blocking the ads either at this point, you want to know what is showing them to you after unlocking (bold letters because it's bizarre, it's something I'd expect from a shady company). I knew Lenovo had bought Motorola at some point, but because that company changed hands so many times, I lost track of who had it at the point of the G4 being released.

 

Then again, blocking ads served through HTTPS requires breaking up the 'S' to intercept them, hence the CA some ad-blockers use (it'd be a man-in-the-middle attack if it were malicious). Because from Android 7 on developers can choose not to trust the user certificate store and only trust the ones in the system one, unless you had root access (and you don't), you wouldn't be able to install the certificate there. Even then, they could also choose not to trust that certificate anyway, e.g., banking apps can refuse to start when they use their own cert validation chain, even Google Play Services from what I've just seen (went ahead and installed AdGuard in a device to show you) already doesn't (see the attached screenshots).

 

So YouTube ads for instance is something that you wouldn't be able to block, or skip that easily (through ad-blocking); anything else... hell even basic DNS level blockers do an OK job because ads are served from a different (sub)domain.

 

7 hours ago, Mindovermaster said:

Twigby is based off from Sprint. So I don't see that much bloatware from them. All I see is a lot of google crap.

I could be wrong, of course, but I don't think Google would hijack the lock screen to show you an ad. It's something else in my opinion.

 

If you have AdGuard, go with it, you can use it to see everything (mostly) without the need to root the phone or tamper with it in any way. Disable every blocking rule it has, just set it up so it's a local VPN through which all traffic must go and that's it. When you unlock the phone and see an ad, go to its filtering log straight away and take a look at it, you'll see connections, write down the apps making them and you can go from there. Or take screenshots of those that seem off somehow.

 

But for the love of God, if you haven't already, factory reset the device before doing any other thing... 🤣 it could very well be malware and unrelated to the phone itself as well.

 

11 hours ago, PeRTeX said:

Some phones purchased through Amazon are bundled with ads to have the price lower than when you buy it somewhere and unlocked... I have never purchased anything from Amazon but I have read this somewhere before...

 You're correct, Amazon (used to?) sell subsidized phones by having you see ads during its use. It was an Amazon Edition or something version of the phone/firmware, but I don't think it's his case because he bought it straight from the operator; still, back in the day Spanish operators used to add plenty of unwanted stuff to the firmware of the device they sold. Nowadays I think they're just going with the regular versions of them.

 

EDIT: Apparently all attached images are placed in the post instead of being links, I'm going to hide them under a spoiler section not to create a crazy scroll kind of situation.

Spoiler

Google Play Services has AdGuard's certificate blacklisted already:

 

1. Google Play Services has AdGuard's certificate blacklisted already.jpg


Example of a filtering log:

 

2. Example of a filtering log.jpg

 

Tapping over an entry should tell you the app that made that connection:

 

3. Tapping over an entry should tell you the app that made that connection.jpg

 

And what kind of connection it is:

 

4. And what kind of connection it is.jpg

 

Even if it's a connection against an IP address directly:

 

5. Even if it's a connection against an IP address directly.jpg

 

Everything goes through the local VPN (that'd be accessing Neowin):

 

6. Everything goes through the local VPN (that'd be accessing Neowin).jpg

 

Even connections stemming from the OS itself:

 

7. Even connections stemming from the OS itself.jpg

 

Although without the CA you won't be able to see inside the tunnel, it doesn't matter much:

 

8. Although without the CA you won't be able to see inside the tunnel, it doesn't matter much.jpg

 

 

Edited by aphanic
Spoiler and description for the images.
Link to post
Share on other sites

+jnelsoninjax

^ I do not have https enabled for adguard, it caused too many problems with various apps, and I have never had any lock screen ads (or any other ads for that matter)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.