Russian email application accidently installed on some Samsung devices
Yesterday a rather bizarre occurrence took place on many Samsung devices. We received several reports of users seeing a Russian application being installed on their devices without their consent or knowledge. Entitled “МТС Мобильная Почта” (MTS Mobile Mail), the installation of this application appears to be something of an accident.
The issue seems to be as follows: Samsung have several pieces of custom software which are installed on their devices at the factory, and not available on the Google Play store. However, the Android application naming convention (at the system level) of com.bob.test has turned up a slight flaw. The email application released by Samsung has the package identity of com.seven.Z7. It appears that Russian developer OJSC Mobile Telesystems also published their application with the same unique identifier and digital signature for it’s MTS Mobile Mail application. This means that Samsung devices have been tricked (by accident) into thinking there was an update available to Samsung’s email client on the Play Store.
The company behind the mail application for Samsung called ‘Seven’ operate as a white label, making applications for various other companies. It seems that Seven made a mistake in giving the same application identity and digital certificates to both Samsung and OJSC Mobile Telesystems. Google told The Verge that there was a bug in Google Play which caused the Russian version of the mail application to appear in ‘My Apps’ by mistake, and they disabled the app some time ago, so it was never actually installed on any devices. They also say they’re working on a fix for the ‘My Apps’ issue. The statement about not being installed on any devices doesn’t seem true however, as you can see from people upset on XDA.
Removing the application
The general consensus at XDA is that the application misnaming was a simple mistake and mostly down to Seven not renaming or signing their application. Although some people panicked about it, this is not the work of malware, nor done with malicious intent. Unfortunately, it has been reported that the misidentified updated can be tricky to remove. It would seem that Google Play may need to become a little more intelligent about issuing updates, especially when it comes to applications installed by carriers or manufacturers.
The most popular method of removing the application on rooted devices is to install Titanium Backup, and then use it to remove “Social Hub 7.52”, represented by a white mail icon with a blue ‘S’ in a circle.
Another method which requires root, is to use Root explorer, browse to /system/app and deleting or moving “SevenEngine.apk” to somewhere else.
Removing the application on un-rooted devices seems much harder, however success has been reported by clearing the Play Store’s data and cache from Settings>Applications – Afterwards, just launch the Android Market application to re-acquire the current market state and Google Play application.
Disabling automatic updates on all applications would help ensure accidents such as this don’t occur again. Hopefully they won’t anyway, if Google addresses the problem correctly. Remember, it’s never a good idea to blindly click ‘Update’ on the Play Store. It’s best to go to the applications page and check the “What’s New” section to see what the update includes.
Anyone out there experience this? How did you react?