Groups | Search | Server Info | Login | Register
Groups > comp.mobile.android > #149084
| From | Marion <marion@facts.com> |
|---|---|
| Newsgroups | comp.mobile.android, alt.comp.os.windows-10, alt.os.linux |
| Subject | Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package |
| Date | 2025-06-19 22:23 +0000 |
| Organization | BWH Usenet Archive (https://usenet.blueworldhosting.com) |
| Message-ID | <10322li$2r04$1@nnrp.usenet.blueworldhosting.com> (permalink) |
Cross-posted to 3 groups.
Tutorial:
How to use a PC to find (& kill!) a rogue Android activity & its package
(even if it's clever in that it tries to hide its tracks!)
I just wrote this off the cuff, so if you have improvements, let us know.
The whole team learns from each other all this useful tribal knowledge.
Note: In simple terms, an "activity" is a single screen display.
Some are launchable (from outside the app), and most are not.
At any given moment, there is likely one and only one Activity displayed.
Who put it there?
For example, let's say an unknown app pops up an unwanted activity on your
phone, where what you want to know is the *name* of that unwanted activity.
Here's the situation that happened to me yesterday which drove this:
a. All of a sudden, a full page of "something" popped up on my phone
b. What is it? Who did it? Where did it come from? Why is it there?
c. I needed to know the current activity & the app that popped it up
But how do you find the "current" activity & app that put it there?
A. The damn screen was all to easy to get rid of
B. But it left no traces of itself in the "recently used" list
C. And when it came up again, it had no "Settings > About"
So you had no idea its provenance as it hid that cleverly.
If you know something about the PC and Android, you can find
the rouge app's name and the offending activity. Here's how...
For Android Q and newer these Linux/cmd/powershell commands will
unambiguously identify the current activity on the Android phone.
$ adb shell dumpsys activity activities | grep "ResumedActivity"
C:> adb shell dumpsys activity activities | findstr /C:"ResumedActivity"
PS> .\adb shell dumpsys activity activities | Select-String -Pattern "ResumedActivity"
For older versions of Android (and most newer versions), use this:
$ adb shell dumpsys window windows | grep -E 'mCurrentFocus|mFocusedApp'
C:> adb shell dumpsys window windows | findstr /C:"mCurrentFocus" /C:"mFocusedApp"
PS> .\adb shell dumpsys window windows | Select-String -Pattern "mCurrentFocus|mFocusedApp"
Try this on Android as an example:
1. Enable USB Debugging on your Android phone (if you haven't already).
2. Connect your phone to your PC via a USB cable.
3. Open the Android Settings app
Now, use adb on a PC to tell you the current activity & the app.
C:\> adb shell "dumpsys activity | grep -E 'mCurrentFocus|mFocusedActivity'"
This output, for me:
mCurrentFocus=Window{c8c628b u0 com.android.settings/com.android.settings.Settings}
Note: <com.android.settings> is the package name which contains the activity.
<com.android.settings.Settings> is the full activity name of the screen.
Why is this useful?
Take what happened yesterday, which is an offending activity popped up.
The offending activity was a "news story" with "advertisements".
It had clickable links (and it turns out, the app had "trackers" too).
<https://i.postimg.cc/vTrHTPB2/t-mobile-play.jpg>
But where'd it come from?
My phone never shows ads.
So how did a news story pop up with ads?
Impossible, right?
Ads never show up on Android (if you know how to set up Android).
But it happened.
Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).
But it could happen anytime to anyone with any other activity.
So you want to know how to find the current activity & the app that put it there.
*Warning: Check your phone for carrier-induced news popups with clickable ads*
<https://www.novabbs.com/computers/article-flat.php?id=59564&group=comp.mobile.android#59564>
For those who may be in the USA who have any of the four carriers that
signed up with "sliide", you might want to check your phone for it.
<com.sliide.content.MainActivity>
Note, you'd "think" you could "deduce" the app from that Activity
to be "com.sliide.content", but they're too sneaky for that to work.
This is perhaps the best single command to use to find that "activity"
(where linux comes first, and then the Windows cmd & powershell).
$ adb shell dumpsys package | grep -B 2 -A 5 "com.sliide.content.MainActivity"
C:\> adb shell dumpsys package | findstr /B /C:"com.sliide.content.MainActivity" /S
PS> .\adb shell dumpsys package | Select-String -Pattern "com.sliide.content.MainActivity" -Context 2,5
Just in case the activity has a different name, we can shorten that to:
$ adb shell dumpsys package | grep -B 2 -A 5 "sliide"
C:\> adb shell dumpsys package | findstr /B /C:"sliide" /S
PS> .\adb shell dumpsys package | Select-String -Pattern "sliide" -Context 2,5
Just in case you do not have this Android activity, this command below
will find launcher activities on almost every Android device out there.
$ adb shell dumpsys package | grep -B 2 -A 5 "com.android.launcher3.Launcher"
C:\> adb shell dumpsys package | findstr /B /C:"com.android.launcher3.Launcher" /S
PS> .\adb shell dumpsys package | Select-String -Pattern "com.android.launcher3.Launcher" -Context 2,5
When you run the commands above, let the rest of the team know if you found
Sliide activities. After I deleted the offending package, no more came up.
$ adb shell pm uninstall --user 0 com.tmobile.m1
C:> adb shell pm uninstall --user 0 com.tmobile.m1
PS> .\adb shell pm uninstall --user 0 com.tmobile.m1
I just wrote this off the cuff, so if you have improvements, let us know.
The whole team learns from each other all this useful tribal knowledge.
--
Note I tested with adb not in the path but in the current working directory.
Back to comp.mobile.android | Previous | Next — Next in thread | Find similar
Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Marion <marion@facts.com> - 2025-06-19 22:23 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-06-20 00:49 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Marion <marion@facts.com> - 2025-06-20 06:49 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Jeff Layman <Jeff@invalid.invalid> - 2025-06-20 10:39 +0100
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Marion <marion@facts.com> - 2025-06-20 18:57 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Carlos E.R." <robin_listas@es.invalid> - 2025-06-20 11:34 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Dan Purgert <dan@djph.net> - 2025-06-20 11:06 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Carlos E.R." <robin_listas@es.invalid> - 2025-06-20 18:58 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Dan Purgert <dan@djph.net> - 2025-06-20 11:09 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Ivano Rossi <Ivano.Rossi@nospam.tin.it> - 2025-06-20 20:53 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Jan K." <janicekoziol@nie.ma.spamu.prosze.com> - 2025-06-20 19:00 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Carlos E.R." <robin_listas@es.invalid> - 2025-06-20 21:39 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Jan K." <janicekoziol@nie.ma.spamu.prosze.com> - 2025-06-20 20:34 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Carlos E.R." <robin_listas@es.invalid> - 2025-06-21 00:43 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Jan K." <janicekoziol@nie.ma.spamu.prosze.com> - 2025-06-21 02:20 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "J. P. Gilliver" <G6JPG@255soft.uk> - 2025-06-21 14:23 +0100
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Jan K." <janicekoziol@nie.ma.spamu.prosze.com> - 2025-06-22 14:00 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Victor <victorheyne@notreal.org> - 2025-06-22 09:07 -0500
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "J. P. Gilliver" <G6JPG@255soft.uk> - 2025-06-22 20:50 +0100
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Victor <victorheyne@notreal.org> - 2025-06-23 10:39 -0500
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "J. P. Gilliver" <G6JPG@255soft.uk> - 2025-06-23 23:26 +0100
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Victor <victorheyne@notreal.org> - 2025-06-23 21:50 -0500
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Carlos E.R." <robin_listas@es.invalid> - 2025-06-22 19:41 +0200
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package "Jan K." <janicekoziol@nie.ma.spamu.prosze.com> - 2025-06-23 16:08 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-06-20 23:46 +0000
Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package Java Jive <java@evij.com.invalid> - 2025-06-21 10:49 +0100
csiph-web