Ads, Ads, Ads...

[Mindovermaster Global Moderator]

7 hours ago, Nick H. said:

Nope. It's not within Android. There is an app somewhere that is giving the ads.

I meant that as an app. Some bloatware that they added to it.

[jnelsoninjax]

OK, could @Mindovermastergo through and remove every app (even though you will run into apps that can not be removed without using adb), sure. Will it likely help? Possibly, but as he has stated he did a factory reset and the issue came back, so that leads me to believe that the issue is an app that is installed with the phone (again it will be very troublesome to diagnose this 100%) So he is then left with 2 feasible options: 1)Look into a custom ROM, which may be a good solution, or 2) continue to use Ad Guard and be happy with the results. Me personally would choose option 2, without a very clear idea of what these ads are (if I could see them, I might be able to tell where they are coming from) I have only ever had a problem like is being described on a phone that was given to me free by the Government (low/no income or getting benefits from the state) and it took me weeks to find the culprit. 

[Mindovermaster Global Moderator]

Update for y'all.

 

I think I found the culprit here. It was the Google Play Store..

 

I originally thought it was, but couldn't find any way to disable the ads.

 

I just looked everywhere online, and found these two options:

 

This one I found on a normal "take ads off from Play Store"

 

1. Go to Apps > Google Play Store

2. Then click on Storage.

3. Clear data and cache.

 

That solved about 75% of my ads, but certain ones are still popping up, so...

 

THEN I saw another guide. Guy was quiet as F when he did his YT vid, but

 

1. Apps > Google Play Store

2. click on "Open supported links"

3. set it to "Don't open in this app"

 

BUT, That still did squat!

 

So, In another app, they suggest for you to factory reset your phone. I have actually done this in the past, but will that actually solve my issue?

 

Should just get a PinePhone... LOL

[aphanic]

So... I read through the whole thread, I thought the last post was going to be some sort of "I'm having the same situation" or something given the thread started at the end of last year, but it's the OP with an update!

 

Anyway, I don't think it has to do the Play Store (or Play Services), but I can't back that opinion up with anything concrete, it's just a hunch derived from my experience with different models from different manufacturers. I think @Nick H.was close if not on point when he mentioned the launcher.

 

If the ads you're seeing appear after unlocking, it's something backed in. Assuming you've gone through a factory reset at some point that is, if not that'd be the first thing you should try. Some manufacturers bundle sh¡t in their software, sometimes even on purpose through shady deals, but the G4 is a rather popular device (or was) so I don't think that's the case. At least not at the manufacturer level, it could have been done by Twigby if it's running custom software "tweaked" by the operator, but if I were to hazard a guess, I'd say it's the app that handles the lock screen or one able to know when you unlock the phone and that requires special permissions.

 

Xiaomi for example is a manufacturer that bundles ads pretty much everywhere they can (although I think you can disable them all): you install an app from the Store, ad, use the file manager, ad, use the music / video player, ad, go to the "Downloads" app to open something you downloaded from there, ad, the BS "Security" app with a bundled "Cleaner", ad; you get the gist. I bet they earn a pretty nice sum through all that plus data mining their users, but I'm going on a tangent haha.

 

Back to the point, ideas on how to ID who's pushing the ads after unlocking the phone if a factory reset doesn't do it:

• Post a list of installed packages to a pastebin-like site and post a link here, we could take a look and see if any rings a bell or is fishy. I think an easy way to get a list would be through a terminal, either on the phone itself or through ADB, "pm list packages" ( with a "| sort" maybe ) should do the trick.
• Track and correlate every network connection the phone makes to a package (read: app). It may be easier said than done if we think in terms of an HTTP(S) proxy like Fiddler, Burp, Charles, etc., but maybe you could use an ad-blocker like AdGuard (not the version in the Play Store, go to their site, it's a paid app, but there's a trial period and should be enough), AdClear or something else that implements filtering by creating a local VPN (I'm not really versed into the kinds of apps that do).

For that second option, whatever you use, you'd probably need to disable any ad-blocking filter and just log the connections (after all you want to know when to go to the app and look at the log). The program should feature logging though, this is an old pic that I could find from AdGuard:

 

 

Because you're running Android 7, depending on the app that is showing you that ad and whether it's being served via HTTPS or not you may not be able to see it clearly. I think it was around that time when developers were able to disregard certificates in the user store so intercepting HTTPS traffic via a user cert may not work, but it's worth a try anyway.

 

Again, just a hunch, I've seen similar things happen on different devices, although they were all from small-ish companies.

[PeRTeX]

Some phones purchased through Amazon are bundled with ads to have the price lower than when you buy it somewhere and unlocked... I have never purchased anything from Amazon but I have read this somewhere before...

[Mindovermaster Global Moderator]

@aphanic, I actually have AdGuard. I signed up fort some deal (think it was $50 for lifetime or something)

 

I still have it on my phone, and is currently running, but it does not block EVERY ad to mankind. No anti-virus can.

 

Motorola is actually owned by Lenovo, so they are a well known business.

 

Twigby is based off from Sprint. So I don't see that much bloatware from them. All I see is a lot of google crap.

[Mindovermaster Global Moderator]

Edit: My dad is looking at it now. He found NOTHING after he turned about EVERYTHING off. So...

[DJ-Light]

Try changing your launcher.

Do you have a QR scanner in your app list? Uninstall and check.

 

Do a factory reset, download your apps one by one and check when the ads appear.

[Mindovermaster Global Moderator]

I have the default Android launcher.

 

I did have a QR scanner. And yes, I did remove it. I do not know if it got solved, as in it takes a few hours for ads to show up again.

 

I can look at it tomorrow. (checks watch) or.. umm, later today.. (12AM here)

 

If all else fails, yes, I will factory reset. But we're trying to get down to the nitty gritty.

 

(escuse me if I'm being mean) I just thought of this analogy.. "I don't want to kill the wolf, I want it's dick"

 

I should get to bed..

[Nick H. Supervisor]

If the option to do a factory reset is back on the table, then most definitely go for that. It's been 6 months and you haven't been able to pinpoint the source of the issue, I'd say that means that it is time to nuke it.

 

But here's the thing: when you factory reset it, don't do anything with your device. First you want to be sure that the ads are gone. Then you want to install your applications slowly, checking each one to see if the ads start appearing again.

[aphanic]

7 hours ago, Mindovermaster said:

I still have it on my phone, and is currently running, but it does not block EVERY ad to mankind. No anti-virus can.

It's not an antivirus to begin with, but you should not be interested in blocking the ads either at this point, you want to know what is showing them to you after unlocking (bold letters because it's bizarre, it's something I'd expect from a shady company). I knew Lenovo had bought Motorola at some point, but because that company changed hands so many times, I lost track of who had it at the point of the G4 being released.

 

Then again, blocking ads served through HTTPS requires breaking up the 'S' to intercept them, hence the CA some ad-blockers use (it'd be a man-in-the-middle attack if it were malicious). Because from Android 7 on developers can choose not to trust the user certificate store and only trust the ones in the system one, unless you had root access (and you don't), you wouldn't be able to install the certificate there. Even then, they could also choose not to trust that certificate anyway, e.g., banking apps can refuse to start when they use their own cert validation chain, even Google Play Services from what I've just seen (went ahead and installed AdGuard in a device to show you) already doesn't (see the attached screenshots).

 

So YouTube ads for instance is something that you wouldn't be able to block, or skip that easily (through ad-blocking); anything else... hell even basic DNS level blockers do an OK job because ads are served from a different (sub)domain.

 

7 hours ago, Mindovermaster said:

Twigby is based off from Sprint. So I don't see that much bloatware from them. All I see is a lot of google crap.

I could be wrong, of course, but I don't think Google would hijack the lock screen to show you an ad. It's something else in my opinion.

 

If you have AdGuard, go with it, you can use it to see everything (mostly) without the need to root the phone or tamper with it in any way. Disable every blocking rule it has, just set it up so it's a local VPN through which all traffic must go and that's it. When you unlock the phone and see an ad, go to its filtering log straight away and take a look at it, you'll see connections, write down the apps making them and you can go from there. Or take screenshots of those that seem off somehow.

 

But for the love of God, if you haven't already, factory reset the device before doing any other thing... _🤣 it could very well be malware and unrelated to the phone itself as well.

 

11 hours ago, PeRTeX said:

Some phones purchased through Amazon are bundled with ads to have the price lower than when you buy it somewhere and unlocked... I have never purchased anything from Amazon but I have read this somewhere before...

 You're correct, Amazon (used to?) sell subsidized phones by having you see ads during its use. It was an Amazon Edition or something version of the phone/firmware, but I don't think it's his case because he bought it straight from the operator; still, back in the day Spanish operators used to add plenty of unwanted stuff to the firmware of the device they sold. Nowadays I think they're just going with the regular versions of them.

 

EDIT: Apparently all attached images are placed in the post instead of being links, I'm going to hide them under a spoiler section not to create a crazy scroll kind of situation.

Spoiler

Google Play Services has AdGuard's certificate blacklisted already:

 

Example of a filtering log:

 

 

Tapping over an entry should tell you the app that made that connection:

 

 

And what kind of connection it is:

 

 

Even if it's a connection against an IP address directly:

 

 

Everything goes through the local VPN (that'd be accessing Neowin):

 

 

Even connections stemming from the OS itself:

 

 

Although without the CA you won't be able to see inside the tunnel, it doesn't matter much:

 

 

 

Edited June 9, 2021 by aphanic
Spoiler and description for the images.

[jnelsoninjax]

^ I do not have https enabled for adguard, it caused too many problems with various apps, and I have never had any lock screen ads (or any other ads for that matter)