Speak EV - Electric Car Forums banner

1 - 12 of 12 Posts

·
Registered
Joined
·
13 Posts
Discussion Starter #1
Just installed the UVO app to my Samsung S8 phone. On startup, I get:
"A security risk has been detected on your phone. UVO will be disabled. Contact customer support!!

I contacted customer support and they say that they cannot help, it's a phone problem. So much for that useful message above!

I've googled for this, and only found one hit in French. The guy had to reset and reinstall Android to fix it. That's a pain to do, so before I start, has anyone else seen this message? It's a standard Samsung install (not rooted).

I guess there could really be a security issue, but it would be nice to know what the above error is suggesting? e.g. Spyware? Virus? I've done some scans and not found anything yet.
 

·
Registered
2020 Renault Zoe R135 Iconic
Joined
·
1,285 Posts
Generally messages like this come up only if a phone is rooted, but it may be worth uninstalling the app, clearing your phone's cache, making sure that both the android system and Google play services are all up to date, and finally that you don't have anything like unknown source installations enabled.

If you try to install the app again and get the same error, then you're going to have to totally reset it to try again sadly.

(Just be sure to de-register your banking apps in the settings before you do reset it - Most banks have a similar sort of option and doing so can save you a lot of hassle when trying to set everything back up again)

If the error still shows at that point, my guess would be that a new exploit has been found in that version of Android, and Samsung probably aren't interested in patching it since its an old model now. In that case your only option is probably a new phone... But there's lots to try before even worrying about this being a possibility!
 

·
Registered
Joined
·
13 Posts
Discussion Starter #3
Generally messages like this come up only if a phone is rooted, but it may be worth uninstalling the app, clearing your phone's cache, making sure that both the android system and Google play services are all up to date, and finally that you don't have anything like unknown source installations enabled.

If you try to install the app again and get the same error, then you're going to have to totally reset it to try again sadly.

(Just be sure to de-register your banking apps in the settings before you do reset it - Most banks have a similar sort of option and doing so can save you a lot of hassle when trying to set everything back up again)

If the error still shows at that point, my guess would be that a new exploit has been found in that version of Android, and Samsung probably aren't interested in patching it since its an old model now. In that case your only option is probably a new phone... But there's lots to try before even worrying about this being a possibility!
Thanks for your reply. Tried another phone, same problem. Tried a fresh install, still no luck. Have cleared various caches, but that hasn't helped.

So, yeah, a reset may be what I'll have to try soon. The only problem is if there is an infected app somewhere, then a restore might bring it back. I've a few more things to try, but it's odd that another (slightly older) phone has the same issue, though I guess I had similar apps on that as well.

I'm trying to get some more information out of Kia. The software writers must know what kind of security issues their app is looking for, but maybe they'll be coy about telling me in the name of security. Of course, this report from Forbes last year (and many others since) wasn't encouraging: "Between 1 and 2 billion Android devices will have malicious code on their devices—code that provides a opening for an attack."

Let's see.
 

·
Registered
2020 Renault Zoe R135 Iconic
Joined
·
1,285 Posts
If you try on your phone (or the spare one) straight after a reset before adding any other apps you will know if it's an interaction with another app, or if your Android system is generally unsuitable for the app due to some sort of vulnerability or exploit. That will give you an idea on how to go forward.

Hopefully it doesn't come to this, but if you do need to replace your phone, I recommend you look for a recent phone from the Android One program. Most Nokias participate in this - It guarantees 3 years of regular Android updates.
 

·
Registered
Joined
·
13 Posts
Discussion Starter #5
Thought I would update readers on this. After some to-ing and fro-ing with customer support (after all, Kia's app tells me to contact them) I received this reply: "After speaking to the Kia Quality team, they wasn’t [sic] sure what the error message meant regarding a security risk ..." So the people who write the software don't know what their own error message means. I've worked in IT most of my life, and seen some pretty useless error messages in my time, but usually the people who write them have some idea what they mean. The words "teapot" and "chocolate" come to mind (though I suppose at least you could always eat the chocolate).

So, bye for now UVO, I'll continue to walk the 3 metres from my door to look at the SoC, etc.
 

·
Registered
Joined
·
35 Posts
"A security risk has been detected on your phone. UVO will be disabled. Contact customer support!!
I had this message when I tried to install UVO on a Galaxy S5+ on which I was running the popular 'custom ROM' LineageOS.
Whilst the phone hadn't been Rooted, Knox had been (knowingly) tripped and I presumed this was panicking UVO.

Could your phone have had Knox tripped - you should be able to check in the Recovery or Download startup screens (can't remember which but Google will know).
 
  • Like
Reactions: 80698

·
Registered
Joined
·
13 Posts
Discussion Starter #7
Thanks for the suggestion. I've checked the warranty bit and it is 0, so that's not the issue. Worth a try though.
 

·
Registered
Kia e-Niro MY20 64 kWh - Gravity Blue
Joined
·
448 Posts
There are apps that can sandbox an app, to make it think it is in a default Android environment. I do not remember the name, but you should be able to find something using Google. It's very strange, especially on a Samsung phone but we all know Android is a nightmare (and I prefer Android over Apple).
 

·
Registered
Kia e-Soul MY 2021
Joined
·
1 Posts
I ran into the same issue after installing the UVO app on my Xiaomi Mi Mix 2s running LineageOS. I wasn't really looking forward to using a different phone just for the app or not being able to use the services at all, so I started investigating, disassembled the APK file and took a deeper look at its contents.

Key insight: The app uses a third-party library called RootBeer for checking for root access. If it thinks that the phone might be rooted, it shows the error message. The app seems to be a bit paranoid about root, so the root check will be run twice (!) every time it switches to a new screen - this might possibly contribute to the apparent sluggishness of the app, especially since the second check is completely obsolete.

To check what is actually going on, you can run RootBeer's demo app from the Play Store. It shows you why exactly it thinks your phone might be rooted. Unfortunately, the app itself only provides limited information about the specific checks, so I still had to resort to reading the library's source code.

In my specific case, a setting in the device's build.prop file (ro.debuggable=1) triggered the alarm. I managed to change it using the recovery, now the app is working! I'm aware though that this is not a solution for the average user, so Kia should seriously reconsider if this extra bit of perceived security is actually worth locking out legitimate users.
 

·
Registered
Joined
·
13 Posts
Discussion Starter #10
There are apps that can sandbox an app, to make it think it is in a default Android environment. I do not remember the name, but you should be able to find something using Google. It's very strange, especially on a Samsung phone but we all know Android is a nightmare (and I prefer Android over Apple).
Is this "Island"? Might be worth a try.
 

·
Registered
Joined
·
13 Posts
Discussion Starter #11
I ran into the same issue after installing the UVO app on my Xiaomi Mi Mix 2s running LineageOS. I wasn't really looking forward to using a different phone just for the app or not being able to use the services at all, so I started investigating, disassembled the APK file and took a deeper look at its contents.
...[snip]

In my specific case, a setting in the device's build.prop file (ro.debuggable=1) triggered the alarm. I managed to change it using the recovery, now the app is working! I'm aware though that this is not a solution for the average user, so Kia should seriously reconsider if this extra bit of perceived security is actually worth locking out legitimate users.
Very interesting. Might take a look myself (in IT for many years). But as you say, it's not really for the average user. For the time being I'll content myself with the short walk to the car.
 

·
Registered
Joined
·
13 Posts
Discussion Starter #12
Very interesting. Might take a look myself (in IT for many years). But as you say, it's not really for the average user. For the time being I'll content myself with the short walk to the car.
Later: Well, thanks to 404 for the pointer. The Rootbeer Sample app indeed hinted at the problem. Apparently I had an SU management tool installed. Not sure when or why as the phone is definitely not rooted. I may have brought the app over from an old phone which was, though. So, after removing that app, UVO is now getting to the login stage. I do wonder though. After all this hassle, and given the poor reviews in the Play Store, is it worth it?

That apart, many thanks to those who took an interest in this thread. Your interest is much appreciated and sure beats Kia's own customer service.
 
1 - 12 of 12 Posts
Top