I’ve noticed in “system/data/data/com.android.net.log” which MonkeyTest file folder uses session id which means has access in your internet or data connection. I think their main purpose to earn their money in ads without knowing it but I don’t have enough evidence and I just warned you. This Agingtest.apk which included in “update v1.6” has binded of this two malware. I tried to delete Agingtest.apk and successfully “TimeService doesn’t appeared anymore even on restart. One more problem is “Monkeytest.apk” which “pgk.apk” the real path file name (using luckypatcher to determine the file location).
I also deleted it using rootexplorer found in “system/mnt/asec” but still appeared in my recent app. Then I’ve checked again in luckypatcher but the new file name is “com.android.wp.net.log-1.apk”. I tried to delete it and change permissions but always failed to delete. Unfortunately my last sort is to flash again Stockrom V1.2 then I will make an update flash thru custom recovery. Which I will not include AgingTest.apk that binded the two malware. I believe this update can install even on rooted or unrooted Skk Lynx.
TINNO DRIVER/MTK DRIVER
Custom Recovery (Philz,CTR,CWM,TWRP)
Note: Before flashing make sure to clean your rom or wipe all via custom recovery
1. Flash Stockrom V1.2 via SPFT. If you already in V1.2 no need to flash it again. Just proceed to the next step.
2. After flashing download updatev1.6 then move to sd card folder. Go to Custom Recovery (philz touch/CTR) then navigate to mount system and mount data. Install updatev1.6.
For other device [TUT]Alternative way to remove Monkey test and Time Service Provider.
After all the studies, This is a malware called “Ghost Push Malware”. My opinion was right that the attacker want to earn money from Ads. This malware affect 80% of Android users mainly Kitkat (Android 4.4). The best way to remove this malware is to flash the original Firmware or Stockrom. Then update to Lollipop or new version if available.