On a throwaway Samsung Galaxy with American ROM, I installed some Chinese apps. When I uninstall them, the browser opens with a specific “uninstall survey”. How that is possible? Are they exploiting some os weakness or it’s permitted by the apk uninstall API?
The bad actors are:
- sogou keyboard
- Tencent video
Warning - precision guesswork ahead.
In computer programming there’s a concept of a hook - do something before or after an event. It very well might be that “uninstall” event has hooks and one of them is “open this website after it’s done”.
If you are running Android <11 then apps could see the list of apps installed on the device https://developer.android.com/training/package-visibility
Pure speculation (and how I would do it) is to have apps A, B, C check periodically the list of installed packages and if one of them disappeared from the list I would trigger this survey. Of course that requires that all apps are from the same developer, and it won’t trigger this survey on the last app uninstall
There seems to be some really old explanation for this but maybe there’s an updated version of this thread: https://stackoverflow.com/questions/19475765/listen-to-own-application-uninstall-event-on-android#22061900
I wonder if they have some sort of sister service that does the monitoring of the install status.
i have the feeling they had a permanent service running in memory like a virus just for this purpose, triggering the webpage launch when killed (maybe could listen the reason for kill?), because the device was ultraslow (old and just 1gb ram did not justifiy a 10 sec delay in screen rotation) until i uninstalled them.
edit: but it could be it was triggered by a sister service. For example, when i uninstalled wechat (still from tencent) it did not give me the uninstall survey like i got a few minutes earlier with tencent video.
Same for sogou keyboard, when i uninstalled sogou search i did not get the survey. So it could have been that sogou search detected that sogou keyboard was uninstalled and triggered the survey
What android version is that Samsung galaxy running? Does it happen in newer android versions like 12 and 13? The explanation and the stack link explain it for old devices. I’m not sure how it’s being done for newer smartphones, if at all.
no it’s like 8 years old, not recent
plus those apps has been sideloaded from apk
That explains it. Older android did not have the safeguards modern-day android does. Anyway, don’t sideload shady apps or use old smartphones that are not updated today. These webpage opening things used to happen in the old days, which was annoying.