Buying a budget tablet can feel like a bargain for a dedicated marine chart plotter or Wakespeed monitor, but there is a hidden cost built into the hardware. Based on your device details (G10_US), you are dealing with a classic case of firmware-embedded adware.
Below is a comprehensive summary
⚓ The "Budget Tablet" Adware Trap: What Every Wakespeed User Should Know
If you have purchased a generic Android tablet (often labeled as G10, G12, Pro11, or iPlay) from Amazon or AliExpress to use in your cockpit, you may have noticed suspicious apps like "Lock & Hide" or "QuickText Extractor" appearing—and reappearing—even after you delete them.
1. The Financials: How the Scam Works
These tablets are often sold for $60 – $120, prices that barely cover the cost of the screen and battery.
-
The "Subsidy": To make a profit, manufacturers sell "slots" in the device's firmware to adware brokers.
-
The Payout: Reports suggest manufacturers can earn anywhere from $2 to $10 per device for pre-installing these malicious "droppers." Over a production run of 100,000 tablets, this is a significant secondary revenue stream.
2. The Delayed Trigger (The 30-Day Trap)
A common tactic is the Delayed Payload. The malware is programmed to stay dormant for 30 to 45 days. This is timed specifically to ensure the Amazon return window has closed before the user notices the pop-ups, background data drain, or random app installations. By the time your tablet starts acting up, you can no longer get an easy refund.
3. Notorious Brands & Affected Models
The "brands" change names weekly to avoid Amazon bans, but they often share the same firmware DNA.
-
Notorious Brands: Goodtel, Alldocube (specifically the iPlay series), Fusion5, Coopers, and generic "Pro11" clones.
-
Technical Identifiers: If your "About Tablet" screen lists a Build Number like G10_US, G12, or TH10, you are likely affected.
4. Technical Description: The "System Lite" Dropper
This is not just a "bad app." It is a Supply Chain Attack.
The manufacturer bakes a "dropper" (often a package named com.android.system.lite or com.adups.fota) into the read-only system partition. This service monitors the device; if it sees you have deleted the adware, it silently re-installs it from a hidden internal folder. This is why a Factory Reset fails—the "virus" is actually part of the factory's own software.
🛠️ How to Kill the Adware Permanently
Since the malware has system-level privileges, you must use developer tools to revoke its power.
Method A: Using a Computer (ADB) — Most Reliable
This "forces" the uninstall for the current user so the dropper can't find the app to "update" it.
-
Enable Developer Options (Tap 'Build Number' 7 times in Settings).
-
Enable USB Debugging.
-
Connect to a PC/Mac with ADB installed and run these commands:
Bash# Remove the visible adware adb shell pm uninstall -k --user 0 com.mumu.lockhide adb shell pm uninstall -k --user 0 com.simple.text.extractor # Kill the hidden installer (The "Dropper") adb shell pm uninstall -k --user 0 com.android.system.lite
Method B: Device-Only (Shizuku + Canta)
If you don't have a computer handy, you can use Shizuku (from the Play Store) to grant system permissions to an uninstaller app called Canta (available on GitHub/F-Droid). Use Canta to search for the package names above and remove them.
🔗 Evidence & Further Reading
-
PCMag (2026): Preinstalled 'Keenadu' Malware Found on Alldocube and Generic Tablets
-
Malwarebytes: The persistent threat of pre-installed mobile malware
-
Reddit (r/Android): The reality of $100 Amazon tablets
Bottom Line: For critical marine navigation where a crash or data-drain could be a safety issue, it is worth spending the extra $50 for a refurbished Samsung Galaxy Tab or Lenovo device, which do not utilize these malicious revenue models.
