0

In front of me I have an Android phone that has been infected with a malware installed as system service. I want to perform a factory reset on this phone, but first I need to make a backup, of course. The phone needs to stay in offline mode, due to the malware.

After making the backup, I want to selectively reinstall the apps and restore their data. For now, I'm assuming that I don't need the APKs, but having them wouldn't hurt.

One thing is that the malware has installed itself as a system service, so can I even trust my backup anymore?

How should I (as a software developer) proceed?

More importantly, how should an ordinary Android user deal with this situation? This means the only allowed tools are those that have a GUI and that have acceptable usability. And, of course, no root access to the phone. Shouldn't Google as the manufactorer of the Android operating system provide these very basic services?

Roland Illig
  • 111
  • 2
  • 1
    You can create an backup of all apps via adb backup (for those apps that allow it). For being able to selectively restore you need to backup every app on your own, preferably by a script like https://codeberg.org/izzy/Adebar. But you will recognize that may be 50% of the apps don't allow backup. – Robert Dec 17 '21 at 18:58
  • @Robert That's exactly the answer I didn't want to hear. I was more interested from the perspective of an ordinary Android user. An ordinary Android user should not have to use adb backup (which is deprecated, by the way) or the more modern adb shell bmgr. An ordinary Android user should not have to enable the developer mode just to do a regular backup. – Roland Illig Dec 17 '21 at 19:29
  • Shouldn't Google as the manufacturer of the Android operating system provide these very basic services? If something doesn't bring revenue to the table, then there is no point working on it from their perspective. Keeping Android users powerless and dumb is a design approach of Google and Android OEMs. Providing powerful backup tools means user can avoid using Google cloud services for backup, or can use a competing product (such as from Amazon, Microsoft, etc.) on their device. That's a loss in revenue. Hence, broken-by-design tools we have got. – Firelord Dec 17 '21 at 20:28
  • By the design of Google backup is uploaded to cloud. An offline backup is therefore deprecated from Googles perspective. Anyway ADB backup works and deprecated just means it will be removed some day in future. BTW: from an app developer perspective you can discuss if users should have the permission to make a backup. Having access to the data allows users to manipulate app data. – Robert Dec 17 '21 at 20:32
  • Also, this can get very technical but you need to dig more information on this malware. If a malware can compromise your phone and gain root access (assuming that's the case), then so can you, provided you find a trustworthy exploitation tool or have the skillset to design and deploy a payload to compromise your Android. If you can gain root acces (which you should because your malware probably has it anyway) you can get complete access to all the apps' private data you want. Restoring all of that would be impossible without root access though. – Firelord Dec 17 '21 at 20:33
  • You should tell us the Android device and Android version you are using. You might be having an Android version where Verified Boot is not enforced. Otherwise, a persistent malware should fail verified boot and the device ought to refuse to boot successfully. – Firelord Dec 17 '21 at 20:36
  • 1
    In addition to Firelord's comment, which I agree to, you have to keep in mind that even with root access keys from AndroidKeystore can't be exported (protected by TEE) and will be missing in any backup no matter what permissions you have. – Robert Dec 17 '21 at 20:40

0 Answers0