I’ve used to look for smaller Chinese brands that don’t bother removing factory test tools, but after discovering baked-in malware, I don’t really feel comfortable with that.

Examples

This is an example from MediaTek Engineer Mode:

And here’s an example of selection made with mmcli --set-current-bands (may work on Linux phone OSs like PostmarketOS):

(PostmarketOS may use ModemManager: https://wiki.postmarketos.org/wiki/Modem)

Use cases

Particularly the 800MHz LTE band (B20 and eutran-20 above) tends to be overloaded, and also typically has less allocated RF bandwidth.

Automatic selection may or may not work as desired. For example, I find 800MHz to be favored indoors in my location.
In worst-case scenario, I can use this to jump from B20 to B7, the latter of which does carrier aggregation (20+20MHz) with the carrier (provider) I use, boosting me from 15Mbps to 130Mbps.
This will cost some extra battery use, but meh.

Another is with carriers that have agreement for network sharing with another carrier as to provide coverage extension.
For example, when I used Swan Mobile (“4ka”) in Slovakia, the carrier had own base stations in B3 (and thus highly preferred) and coverage extension from Orange on B1 and B8. Since this was no longer implemented as roaming, this was the only method of manual control.

And they’re shitty enough to have FUP on something you typically can’t control.

Existing solution

There’s an app called Network Signal Guru: https://play.google.com/store/apps/details?id=com.qtrun.QuickTest

But I don’t know how trustworthy it is to give root access to.

TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.

Doing a scan without copying the apk:

As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.

Anyway:
VirusTotal report

Found 4 months ago by Kaspersky

And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.

From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.

Also something interesting from Kaspersky:

When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.

Now what?

I’ve been using it for nearly 2 years, so there’s that…

I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.

As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.

Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.