Sick of it too. I think that Google's customer service tends to be worse or non-existent when it comes to users who care about their privacy. Not sure if this will be resolved before they assume your consent to their "privacy" policy and your device is conveniently auto-enrolled.

This would not have anything to do with phishing texts or spam, especially if you did not succumb to these. From what you describe, it seems your bootloader is locked, so there is most likely not a malicious ROM installed. We have eliminated:

1. The bootloader unlocked suggesting a malicious ROM installed.
2. The phone fell into the possession of a malicious party for a period of time leading to a remote access app being installed.
3. ADB over WiFi allowed remote access for a period of time after an initial period of physical access

In my opinion, that this is due to a threat actor is seemingly far less likely than it having other, more banal, reasons. Remember Occam's razor. Can you tell me what kind of phone you have (Motorola, Pixel, Samsung, something else)? I would guess it is an older model device, since Android 11 is itself pretty old. I'd put my bets on this being some software glitch causing screen lag, or some damage to the screen via liquid ingress. I've experienced my phone screen seeming to do things on its own on some of my older devices, but usually it was something I was trying to make it do only moments before.

As for damage, do you have a habit of taking your phone into the bathroom while you shower (not necessarily into the shower, but simply setting it on the bathroom counter)? The high humidity can actually permeate into your phone. While it is impossible to confirm that this is the cause of your issue, it is not possible to rule it out. Did you drop it into sand (e.g. at the beach or outside in some dirt)? Ingress of solids can also cause issues, not just liquids. Perhaps check the IP rating (ingress protection rating) for your device. If it's low, then it's possibly related. Have you left it in hot enviroments like the car, or just simply on your window sill where the sun shines? This can also conceivably damage the screen.

While I cannot fully rule out a threat actor gaining remote access to your device through other means, I can tell you that it is unlikely. This is because it is almost certainly not the result of some malicious app or software on your device, as we have ruled out a custom ROM being installed, and the issue persists even after a factory reset. At this point, it would need to rely on system-level exploits (as in, some sort of backdoor at the level of the actual code running on your device). These more sophisticated ways of gaining access to individuals' devices are usually targeted toward high-profile figures (think of people working at big tech companies in any position, CEOs, senators, congressmen, or journalists). If these do not apply to you, or someone in your vicinity, then I would say it is extremely unlikely to be related to hacking. I'd suggest seeking guidance on r/techsupport if this continues. It simply might be time to get a new phone...or perhaps you could try flashing a new ROM onto your phone (e.g. GrapheneOS) if you're up for a challenge and you don't want to buy a new phone. Keep in mind this task can be difficult and risky, so only do that if you're desperate. Can't promise it'll solve the problem, especially if it's a hardware issue.

Well this is a vague question...

In many cases, you can't. Particularly if you're talking about arbitrary executables. To be 100% certain that such a file is not malicious, you would need access to the source code and audit it yourself. If you do not have access to the source code, then you are taking a great risk any time you run a program like that.

For things like PDFs, you can examine the file directly and look for anything obfuscated or suspicious. PDFs are not a common vector, however. If it's a script (an executable text file) then you can simply read the contents and assuming you know enough about such things, determine if its likely to mess up your system.

In context of closed-source software on closed-source systems (e.g., Windows or MacOS) unfortunately by design most legitimate programs are indistinguishable from malicious programs. The most you can do is install a good antivirus software and scan every file you execute. Practicing common sense is the better way to go about this. Only download software from sources you trust. Ensure the site does not raise alarm bells already (is it http or https? are there tons of ads?). Depending on what you have downloaded, ask yourself the question: Is it too good to be true? It most likely is.

If you're torrenting, using private trackers or trusted sources for torrents is the best way to avoid getting screwed over.

In the end, it's a risk assessment you have to do yourself. It's impossible to be certain about it, without a lot of work.

If you do not know what a custom ROM is, then I think it is unlikely you have installed one onto this device. You would definitely know if USB debugging was enabled, as this involves enabling "developer options" by clicking build number 5 times in the settings. If there is no damage to the screen, and the problem persists after performing a full factory reset, then one must be sure that the device has not been physically compromised.

• Have you ever lost your phone, or have you ever given it to somebody (i.e., your friends or parents)? What's most important here is that they were able to get into the device by either knowing your password or by you typing it in for them.
  • If yes, how long did they have access to the device? If it was only for a few seconds (say, less than minute) then its unlikely (but still possible) they put anything malicious on your phone. If they had the phone for a long time (anything longer than a minute or two), then they could have installed a parental controls app without your knowing.. If they had it for an hour or longer, then a malicious custom ROM could have been installed.
• Tied into the previous bullet point, are there any apps on your phone that you don't recognize and that do not seem like system apps? You can see a list of all installed .apks by going to Settings > Apps > See all [some number] apps. If you did in fact perform a factory reset (Settings > System > Reset Options > Erase all data (factory reset)), then any apps that would provide remote access to your phone would have been wiped. I find this scenario unlikely, since you said the behavior persisted after the factory reset. Unless somebody got physical access to your device after you reset and they installed such an app, there is no way for someone to have remote access to your device that I am aware of (again, assuming you properly performed a factory reset wiping all data).

If you have reviewed every app on your device and made sure none of them are a remote access app (or possibly a parental control app), then there is still one scenario to rule out. This is entirely hypothetical: if someone got remote access to your device and installed their own custom ROM with their own custom default apps, or altered the source code in such a way to allow them remote access, then the factory reset would not stop them from accessing your phone after the wipe. The factory reset simply restores the phone to the default state determined by whatever ROM is installed. If the ROM is malicious, then a factory reset cannot help.

If your device has been physically compromised, then a malicious threat actor could have conceivably (by guessing your password or gaining access to it by social engineering) installed a custom ROM without you knowing.

You can pretty easily rule out whether or not you have a malicious custom ROM installed. In order for this to happen, your device's bootloader must be unlocked (info). You can find out if your bootloader has been unlocked by the following methods:

• Method 1: Turn off your device and turn it back on. Is there a (usually scary/alarming) screen saying "your bootloader has been unlocked"?
• Method 2: Some phones may not tell you so obviously. Here is another method. Turn off your phone. Turn it on by pressing and holding the power button and volume down key simultaneously. You should be presented with a scary looking screen. You might have to fiddle around with those key combinations to get this screen to open. Does it say "Device state: Unlocked" or "Lock state: Unlocked"? If so, then your bootloader has been unlocked. Your can turn off your phone by holding the power button and power it on normally. On my device I can start it right from this screen by just pressing the power button once.
• Method 3 (does not work on all devices): Go to your phone app and go to the place where you dial numbers. Type in exactly: *#*#7378423#*#* and you may (or may not, in which case refer to the other methods) have a window automatically open. In this window, go to Service Info > Configuration. If you see "Bootloader unlock allowed - Yes" then your bootloader is locked we have eliminated a malicious ROM. If you see "Bootloader Unlocked - Yes" then your bootloader is unlocked, and given what you have said here, it is then likely someone has gained remote access to your device.

If your bootloader is locked, then I'm afraid I do not know of any way someone could retain access to your phone after a full reset. This is assuming you have ruled out someone getting on your phone after you reset it and installing some parental control app, as mentioned above.

The factory reset should have you covered. There is a chance an attacker is involved, but only if the answer to either of the following questions is yes:

• Did you at any point enable USB debugging?

• Are you using a custom ROM?

I could see how ADB over WiFi (only possible if USB debugging was enabled at some point) could have allowed someone with network access to mess with your phone. The "Live View is on" thing is from Google maps being opened.

Does it appear haphazard? Or is it truly "as if someone was reading [your] messages"? Think about how you interact with your device, likely scrolling through it and accessing successive conversations in an ordered way. But if it seems random and haphazard, it's also possible this is due to damage to your touch screen. Is your screen cracked? Have you dropped your phone, or has it suffered water exposure?

If you care about your privacy, only use free and open source software. Avast is not that.