I just bought a "new" Galaxy S7, but the box was already open when it arrived.
Condition of the phone was perfect, so I don't mind if it's used/refurbished. What I worry about is whether the device has a keylogger installed or some other malware.
It successfully accepted an over-the-air update. This gives it some credibility (I don't know how indicative this is, but I believe OTA updates are only offered to stock firmware).
Samsung KNOX is enabled, and hasn't complained yet.
I've rebooted into recovery, and see the following text:
Android Recovery
MMB29K.G930FXXU1BPHJ
samsung/heroltexx/herolte
6.0.1/MMB29K/G930FXXU1BPHJ
user/release-keys
Those are real build numbers for stock firmware I have been able to find online.
I've rebooted into ODIN mode, and see the following text:
ODIN MODE
Download speed: fast
Product name: SM-G930F
Current binary: Samsung official
System status: official
FAP lock: ON
Secure download: enabled
Warranty void: 0 (0x0000)
RP SWREV: B:1 K:0 S:0
The KNOX counter (warranty void) is still set to 0. This suggests further that it has not been tampered with.
Are the checks that I have performed already sufficient? There are some further checks I would like to know how to do:
I expect anybody can just type a build number in. I would like to compare the checksum of the firmware with the real build. I also would like to check if it has been signed with a Samsung certificate.
There are no custom User certificates in its security section. But I would appreciate some way to compare my System certificates to confirm they are genuine.