What's going on here? [Samsung Galaxy S24]

britechguy

britechguy

Well-Known Member
Reaction score
4,880
Location
Staunton, VA
I had a client today with multiple problems, including what appeared to be an infected Samsung Galaxy S24. I went through here Google Account, which seemed to be uncompromised in any way, and then did a factory reset on the phone, deleting everything but the e-SIM.

When setting the device up again, and using the same Google Account, I intentionally did NOT restore from the cloud backup of the device, as I've seen that just pull all the crap back down. It insisted that we set up Samsung Cloud, though, and I don't have intimate familiarity with that or if it could be another channel for re-downloading, but I did not specifically select anything in relation to restoration using Samsung Cloud.

Upon the factory reset being completed, I turned off the Google News page on the device. There were very few apps and the only ones we installed afterward were for Verizon, her service provider, and Vicohome, for their security camera (and which would not get connected to their WiFi, which had a password change as part of the circus that's been ongoing).

She just sent me the following two screenshots:
Galaxy-S24_Screen2.jpeg

Galaxy-S24_Screen1.jpeg

I know that immediately after setup we did not have Disney+, Tik Tok, Facebook, Gaming Hub, Global Goals, Spotify,Wallet,Wearable, YT Music, ONE store, Glance.. ., 1Weather, or any of the games that showed up.

I have seen the occasional Samsung or Google app or two spring up unbidden, but nothing like this. I honestly have no idea what may be going on and am wondering if anything about this might seem familiar to others here.

The client just sent me these three screenshots while I was typing. All three just popped-up, unbidden:
Screen3.jpeg

Screen4.jpeg

Screen5.jpeg

Something's profoundly wrong, but I have no idea what, or if it can be solved with anything short of new hardware. This device is only 8 months old!
 
@GTP

That's what I did: A factory reset. Wiped everything except the eSIM.

This is all occurring post factory reset and a simple reconfiguration of the Google Account, no restoration from cloud backup (or at least not where I made the choice - I explicitly declined), reconfiguration of the Samsung account, and reinstallation of the security camera app and Verizon app.

Everything else shown has occurred spontaneously and unbidden after that. That's what makes this so very, very weird.
 
  • Like
Reactions: GTP
It is a Samsung thing. My phone does it occasionally. Have to track down what it is doing but Samsung is pushing it from the Galaxy Store I think.
 
@mmerry

What, specifically, is "a Samsung thing?"

I can believe pushing out their own apps, but not third party apps (e.g. Tik Tok, Facebook) or touching anything Google, which is what this morning's bit clearly is.

I've got multiple Android powered devices in my own household, but there's never been even the suggestion of creating a Google Device Group, let alone an auto-setup, which is what appears to have happened here.

I'm quite certain this client is not misrepresenting what's going on, as I saw the state of affairs prior to the factory reset of the device.
 
@mmerry,

Thanks, but I can say that nothing like this as far as Samsung disclosures and Accept/Reject options came up. I did get one for the Samsung Cloud account, but nothing of the nature of those two (and I do read these, not every letter, but enough to know that I didn't see something like this).
 
Every time there is an OS update, I get at least 3 unwanted apps. This last update which just installed this morning, I got something called "All Document Reader" that locked up my phone when I tried to find out what it was. I also got "Royal Kingdom" and the TikTok app. I don't know if this is a Google thing, a Verizon thing, or a Samsung thing, but you have to watch those $*(@#ers like a hawk to keep things like you want.
 
@HCHTech

Thanks for the input. Good to know. The scale and scope of what's going on seems to me to be well outside the range of "normal sneaky per agreements you didn't read."

The thing that's shocked me most in the "after I left" batch is the reappearance of the Samsung "Getting your phone ready" notice, which I'd definitely gone through before and where we were already far past that (the phone was booting fine, able to make and receive calls, and the same for text messages).

Then this Google cross-device services group, which has been set up on its own with no specific permission granted.

I'm advising the client to pursue this with Verizon and, possibly, Samsung. She purchased two S24 devices last October, one for her, and one for her husband, and hers is the only one that's "gone totally insane" and is doing so again almost immediately after a full factory reset.
 
P.S.: We're going to try another factory reset, except for eSIM, and use a purpose-created (on another device) Google Account just for diagnostic purposes. I am honestly expecting the same wild end results.
 
It almost sounds like the firmware as been overwritten with some type of custom firmware. As soon as a connection is established it auto launches the install/setup process. I've never seen or heard of this happening.
Yes, the Telco will have a custom firmware on the phone but it would never display this behaviour.

What about trying a non google setup after a factory reset? Just give any email address - sex@myplace.now.ok - or something and see if it happens?
Try a factory reset without the eSim, just connect to wifi if you need the umbilical cord to set it up.

I know it's highly unlikely, but, would it be worth acquiring a $10 prepaid eSim just to rule out eSim shenanigans?
 
@GTP,

Thanks. I agree that this is likely a firmware level thing. As much as I'd love to know exactly what's going on, it's not my device nor is it economically feasible for this client (or any client, really) to have me pursue this "as far as I can go" with a very strong probability of no good outcome.

Luckily, this is not an unsophisticated client. She understood the concept of a factory reset and watched me perform it, step-by-step, and also understands NOT to allow restoration from any cloud backup, but to set the device up manually as though new. She should be able to confirm the firmware theory by using a completely new Google account, so that the process is as "close to typical" as it can be. If things behave as they have been behaving, we know that there is a "deep infection."

This is the first and only Android device I've ever encountered that's this bizarrely hosed. I'm also kinda-sorta shocked it's a Samsung device, as you'd expect Samsung to have very robust defenses against firmware level modifications (and other infection vectors, too).

Since the device is only 9 months old, and is Verizon supplied, it's still under warranty by Samsung, for certain, and quite possibly by Verizon, too. I'm encouraging the client to pursue replacement from Verizon or Samsung if a second factory reset and setup with a clean Google account causes no change in the issues that are occurring.
 
  • Like
Reactions: GTP
You must log in or register to reply here.

Similar threads

thecomputerguy
Client can't login to Google account using their own email.
Replies
8
Views
535
timeshifter
timeshifter
InitOrNot
Cannot move Samsung Notes from Galaxy J3 (2016; Android 5.1.1) to Galaxy A33 G5 (Android 13)
Replies
4
Views
2K
InitOrNot
InitOrNot
thecomputerguy
Can I use a UDM-Pro as a controller ONLY?
Replies
1
Views
279
phaZed
phaZed
britechguy
iPhone: Anyone ever encountered one that's infected?
Replies
11
Views
388
Markverhyden
Markverhyden
britechguy
Today's BSOD, Code BAD_SYSTEM_CONFIG_INFO - What's actually going on here?
Replies
13
Views
2K
fincoder
fincoder
Back
Top