I’m a sysadmin and security investigator who was brought a misbehaving phone under the belief that it had been infected by some kind of stealthy malware. It turns out is was AFWall+ as listed in F-Droid.
AFWall+ clears the contents of the linux kernel ring buffer/dmesg every one second. The code is literally “while true; do dmesg -c ; sleep 1 ; done”. This is apparently done as part of it’s log collection mechanism.
That has to violate some kind of policy against harming the rest of the system.
This is either some incredible negligence or malice given the number of alternatives to collect log data. Either way, this bug was reported, with a solution, over a year ago and the authors can’t be bothered to respond. Pulling the app from F-droid might get their attention.
Thanks.