Skip Navigation
Ask Android @lemdro.id
limerod @reddthat.com

Remove uninstallable malware with device admin permissions

So, an ac​quain​tance of mine has a malware which shows an ad every once a while especially when you install apps.

It's hiding in settings with an icon and name called "Settings". It has no icon in the launcher. It cannot be uninstalled. It has acquired device admin settings and even that cannot be revoked. Google play protect warns of this malware but even play protect does not have enough permissions to actually remove it for good.

I tried to enable developer options to nuke it via adb. Unfortunately, developer options are blocked with a pop-up saying Device managed by your organization.

Outside of official service center visit. Or reflashing the stock firmware. Are there any ways the malware can be deleted?

I have advised to get it fixed from the place he bought.

Show Context
14 comments

  • Why being MDM'ed would make it stolen?

    Because companies that have already implemented MDM on a device (which your friend has) will be the first to remove any trace of them on it (data protection/GDPR etc) and if it's being sold still with the credentials of said company (with bonus malware?) you might want to poke around it a little.

    As the page above states - someone is in charge of that device still and can manipulate it as per the policies they introduced when locking the phone down to an entity.

    tldr: most thieves ask for FRP exploits etc to get around a MDM secured device.

    • He had bought the phone on loan. Loaned phones nowadays install this device management software and block dev options and adb so I have observed.

      He has paid off the loan. So, there's a possibility the lock was not removed. Unless, this malware somehow managed to get more privileges than it should..

      It would be comical if he bought a new stolen phone.

      • You've got me more curious about the device itself and a rough geographical area it was bought in. Care to share?

        • Its a low end realme. I think Realme 12+ or something. It was bought in india. Not that I think it should make much of a difference.

          • Some of us love seeing dodgy devices and their nooks and crannies. If you wanna share them here, or even over on our TG * where there're many nerds from that region still ;)

            t.me/randroidtg

            • Lol, its not mine. I make sure to keep mine updated and secure. Never browse the web naked without an adblocker. But, thanks for the recommendation. I'm present in that channel, just by a different name.

14 comments