Alps T950S Android Tablet Adware/Malware Removal

This message was edited 1 time. Last update was at 12/29/2015 21:59:59

We discovered that there was manufacturer-installed adware on our new Alps T950S tablet. This adware does not run immediately from day 1 of tablet power-on and in our case it started showing ads a month or two after initial usage. The adware APK masquerades as a Google-supplied APK.

In Part 1, we show you what the adware looks like and how we traced it back to the specific Android package. The techniques used here may apply to other tablets with adware too. Rooting your tablet is NOT required if you want to check if this adware is present, but removal will require ROOTing your tablet.

In Part 2, we show you how to manually disable and remove the adware from your tablet.

Part 1 - Alps T950S Android Tablet Adware - Identification of the Adware/Malware APK
Part 2 - Alps T950S Android Tablet Adware - Removing the Adware/Malware

In addition to the GoogleSearch.apk mentioned in the video that was overlaying the tablet with ads, the following APK also needs to be either removed or disabled.

/system/priv-app/ztksdk.apk

This adware waits for the browser to launch and then triggers Chrome to open and automatically causes a page to load from adserver.kimia.es which redirects to a number of risky sites.

On your rooted tablet, type the following command to disable this from running.

As far as we know, this is the only remaining adware APK on the tablet.

One additional note... There is a weather widget that seems to also never show up in the UI but have a running process.
/system/app/MtkWeatherWidget.apk

It uses the following permissions.
android.permission.ACCESS_FINE_LOCATION
android.permission.VIBRATE
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET

If you are paranoid about privacy, you can also disable that one too. We have some suspicions, but at this time do not consider it malicious.

Run the following command to disable.