Cell phone repair dangers

**adrianh** · 22-Mar-21, 12:22 PM

I used to give my phone upgrades to my daughters because they were very hard on their phones. When I eventually destroyed my Samsung Note 4 2 years ago while trying to fix the screen myself (Yes I broke it because I'm a dumb@$$) I went out and bought a cheap n nasty Samsung J4 Core. The phone screen eventually got smashed but the digitizer kept on working so I kept the phone going. Upgrade time came around last year so this time I thought I would treat myself to a Huawei Y9s. I simply pulled the sim and memory from the J4 and put it in a drawer as is. The Y9s is OK - it has strange problems with Whatsapp and Zoom - for some reason it can't hold the connection on Wifi (Maybe I caused the problems with all my faffing with its security settings) - anyway, I digress. So of course (as it goes with my stupid@$$) (screen protector and all) I drop the Y9 on its face so the glass and digitizer et al is totally smashed. I remove the sim and the memory card and shove them back in the J4. I haven't had the spare cash to have the Y9 repaired so I simply reverted all the software to the J4 (deactivated the Capitec app etc but of course all the common stuff remained on the phone because I couldn't even put the password in when I booted the Y9. Anyhow, I left the Y9 in a drawer for about 3 months and then yesterday I took it in to be repaired.

I hand the phone in (completely discharged without the sim). They replace the screen and charge the phone and when I return an hour later the phone is running and it still has elastic bands around it and traces of glue. They ask me to log in to see if the digitizer works. They then ask me to come back in an hour so that the glue can set and that they can clean off the excess glue. I have a kinda nagging feeling in the back of my mind about my having logged them into my phone so I make a remark and jokingly say to them that they mustn't copy the porn-stash off my phone (No I don't actually keep my porn-stash on my mobile devices for this very reason but again... I digress) I wonder off berating myself for letting them into the phone.

I collect the phone and I notice a couple of really weird things:
1. The date is really odd - I've never seen a totally flat phone be recharged and come up with a date that is just odd (July 2020)
2. There are 3 apps on the phone that I didn't install (AliExpress, Booking.Com and a face recognition app)
3. The phone seems to have automatically updated its firmware which means that they would have had the phone connected to a WiFi network.
4. It looks as if all this stuff happened but that they didn't have enough time to go through the motions of installing the software and agreeing to the terms and conditions and stuff because when I go into the apps they all ask me to do this.

Anyway, there isn't anything incriminating, nasty or dangerous on my phone - I don't use Facebook on the phone but of course I use Netflix, Spotify, Messenger, Whatsapp, email etc and the general Google account is there. With regards to the Google account I block all forms of tracking anyway.

I decided to do an entire re-install of the phone and to change every password that I can think of that may have been on that phone (which isn't a bad thing in itself). I can't see anything ultra suspicious on the phone (and I wanted to rebuild the phone software anyway due to the Whatsapp and Zoom issues)

These are the lessons I learned from this:
1. Keep the minimum amount of crucial / sensitive stuff on your daily phone.
2. Try to put as much of your phone stuff on the memory card so that you can pull it if the phone is destroyed.
3. DON'T GIVE THE REPAIR SHOP your password (like the dumb@$$ that I am).
4. If you do hand the phone in for repair then remove the sim, remove the memory card and deactivate sensitive software like the banking apps etc.
5. Run the battery flat and when it comes to testing time - test it yourself and don't let them see your password.
6. If the have to faff any further with the phone make sure you log out of the phone before handing it back to them.

Maybe I am just being paranoid - but that said - I don't want an AliExpress order being placed against my bank account by some peanut ordering a new flatscreen TV for himself.

**ians** · 23-Mar-21, 08:54 AM

I have an iphone 5 (screen damaged) and an iphone 5 s (dropped it ... it works but you have to press the power button then finger print other wise the screen doesnt work) ... the only reason I didnt leave them to be repaired was due to security concerns ... when they start asking for passwords and apple access ... maybe a full factory reset ... maybe some of the smart IT guys can advise.

I am am considering rather using the phones as target practise and just buying a new phone.

**tec0** · 23-Mar-21, 11:50 AM

Doing a full factory reset is really easy for most android devices.

However, here is a few things to keep in mind, when the phone is not in your hands it can be custom flashed. Now this is easy enough to see you just go to the OS description and see if it is legit by googling the identifiers.

Now what else can you do?

my answer is, how paranoid are you ?

This is what i do. Grab Virtual box and do a windows 8.1 or windows 10 install. Activate it using a key if you willing to fork out the cash. There places to get good legal keys on the cheap so just do a search and figure out what will work for you.

Create a virtual disk image on a external HDD when prompted put in a good size for it and install windows 10 and activate it. NOW... For me Samsung has nice software to backup your phone and you can just go to their website and download and install it ON the Virtual PC. Once installed, let it update and connect your phone. You will need to configure the USB devices on Virtual Box to do this but it easy enough to google on how to do that. Now use that VM to backup your phone. Once done shut it down properly and eject the drive and put it in a safe. Also i keep a copy of the image file as well so their is always 2 backups.

Why do this?

simple reality is your computer can be compromised and all the backups with it. Doing this on a VM means you can just always connect to the VM and do regular backups. This way you have isolated copy of WIN working with your phone. But always update the security of the VM and always check for viruses using antivirus on your phone. Doing all this means everything IS as safe. BUT this is where the repair thing comes in for me as well. In short i keep a insurance on my phone. So once my device dies "long after the contract" i can still get some money to replace it. The insurance is not much i think mine is like R70 or something like that.

Long story short, i tend to work on high places a lot and "IF" my phone falls it doesn't survive, i find some pieces of it but never a lot but i am usually lucky with the sim card but not much else. Now i had it happen only once in 5 years so i am very careful BUT sadly construction areas is a problem most of the time.

**New Perspective studio** · 24-Mar-21, 07:18 AM

It's hardly an easy topic this. What's safe?

I can tell you now we don't even know half the connections running through our phones. You don't have Facebook... you have Whatsapp messenger and Google all tied to facebooks data gathering. Facebook as a shadow profile on you even if you don't have an account via other apps via other people's apps and via what they say about you on their phones. A lot of people who don't know how to set everything 100% which is most of us are feeding it information about those who hide from it.

On my android, I've even found a Facebook setting that lets it gather data from other apps like my banking app. Big corporates have everybody in their pocket and can do anything they want aside.

I think if you are going to fix your phone back it up externally wipe the thing remotely if the screen is busted as suggested above. ( If it's even a true wipe ) and then hand it to them. If you have a software issue then its wnother issue.

I would think phones would allow some kind of technical login - for these types of situations then again how much access would that give them to other sensitive data on the phone. Some bad guys will find ways to utilize that to hack phones. Like when you switch to developer mode.

There isn't enough transparency about what our phones do, and whilst we are provided some they put it forward in such ways that even with a decent understanding of the technology you still cant say anything for sure.

Thus it becomes impossible to really protect yourself fully, I agree steps can be taken to make it harder, but ultimately if they want to and have enough skill they can.

Now when they start chipping us how are we going to regulate that?

**tec0** · 24-Mar-21, 08:40 AM

It is not easy But...

You can divide your life into sections.

Here is how:
1>> if convenient use 2 or more devices. Isolate functions.

>> my phone is my office so, i flashed my phone and installed a good antivirus on it. It will alert me if a application collects data from my phone and can tell it not to do so. However, i do NOT USE GOOGLE as my primary email service. I have my own email service and it is easy enough to setup your android phone to get emails. Not hard at all. Secondly encrypt your phone this is really important BUT CAN BITE YOU if you do not do backups. You cannot get the data from the memory card once encrypted it must run trough the phone. My Tablet is linked to the SAME accounts so if my phone dies my tablet can easily stand in.

>> You MUST have a GOOGLE account to install and update applications from a trusted source such as Google play. However if you BUY the software it is less data hungry and also normally it will collect less data because there is no push for advertisements.

>> Look at the application you install. What data is collected and for whom. Every App does tell you what it access so read carefully.

>> Keep your phone updated. I is a pain in the behind but if you use Wifi and blue-tooth you really want those security updates on the android OS.

>> Will this protect your privacy? No... But it limits what they collect.

>> Will it help you on a phone repair? No... If the phone repair shop keep the phone ON after it unlocked and does not allow to lock they own your a$$ and can even custom flash your phone. Thus always check what OS is running on your phone. Google it, it is easy and if you feel unsafe factory reset it and then check. Normally it should allow you to update the OS once the reset is done and you can update it. You will lose all your data/settings on the phone.

>> The passwords you use on your phone should never be used for anything else.

>> Most important before you take your phone in for repair. Go to the bank let them release the phone on your bank account so even IF they get it unlocked the bank app will be blocked and useless. You can do the same with your gmail account.

>> IF convenient use two factor authentication on your Google accounts. Log into your Google account and release the device from it. That way Google will not push info to it and it cannot snoop on your account.

>> IF convenient after midnight let your phone backup to Google if you have the data. YES it is expensive if you using LTE BUT even with my crappy contract my phone backs up every night and so IF it dies my new phone can restore all my stuff from the Google account regardless of my physical backups. My business emails is mange from my provider so it will remain unaffected.

>> Always keep your phone numbers on a list. not just the Samsung app and google backup.

>> if convenient use a password manager. They are not that expensive.

>>Lastly OWN your device. Meaning if you are like me your phone needs proper protection. Mine is normally enclosed in a phone pouch. Also the phone itself has a flip cover. I like this as it really protects my screen and i NEVER had problems using it. The pouch is handy because i zip it close and once secured the chances of the phone dropping isn't high. i like to use a blue-tooth headset with controls to take calls and my watch "got mine on contract" can display messages and if it must take calls as well. But you do what is fits your needs. this works for me.

>> Also i do what i stated above with the VM

**Andromeda** · 25-Mar-21, 11:52 AM

Originally Posted by ians

I have an iphone 5 (screen damaged) and an iphone 5 s (dropped it ... it works but you have to press the power button then finger print other wise the screen doesnt work) ... the only reason I didnt leave them to be repaired was due to security concerns ... when they start asking for passwords and apple access ... maybe a full factory reset ... maybe some of the smart IT guys can advise.

I am am considering rather using the phones as target practise and just buying a new phone.

Perhaps take them to an iStore. They are trustworthy and if it can't be reliably fixed, they will say so.

**adrianh** · 25-Mar-21, 12:11 PM

Originally Posted by Andromeda

Perhaps take them to an iStore. They are trustworthy and if it can't be reliably fixed, they will say so.

...Hunter Biden might have a different opinion....

...so does Louis Rossmann of Rossmann Repair Group. He shows on his YouTube channel over and over how the iStores defraud people by lying about actual damage and repair costs.

**Andromeda** · 26-Mar-21, 06:50 AM

Originally Posted by adrianh

...Hunter Biden might have a different opinion....

...so does Louis Rossmann of Rossmann Repair Group. He shows on his YouTube channel over and over how the iStores defraud people by lying about actual damage and repair costs.

That was not an iStore and I really didn't think the FBI regard you as a person of interest.