Was just wondering what peoples thoughts were on using the Android Licensing copy protection in their apps? Do you use it and do you spend a lot of time on it or have any creative ways to help enforce it?
As we all know any kind of drm will always be cracked but I just wanted to know if people found it worthwhile to have..
I'm using In-app-billing, because I found that even licensed apps can be copied.
And yes, all apps can be cracked eventually, but most of the publishers of cracked apps remove them if you ask to. So that's what I'm gonna do!
Sent from my Nexus 4 running Android 4.2 JB
I don't like license checks that force you to be online, but I do like to have 'something' in place...
Recently I started working with some OEMs in India who wanted to pre-load my apps on their devices. Very exciting obviously, but I didn't know if I could trust them as I'd never heard of them.
So what I did was get the app to load a web page on one of my servers off the screen (9000%x...) so that it couldn't be seen. The page it linked to was empty, but if I wanted to I could modify the code to include a redirect that would send it to another page. Then in my 'onPageOverride' event I just said if URL = 'stopapp.htm' then do whatever it was I wanted to do.
What I actually have it do in that event is to fill the entire screen with that web page. The user then can't interact with the app underneath, but they get a message that I can create at the time saying 'This app has been illegally distributed' or whatever else I want to say. I can even forward them on to the download page if I want this way.
This works well too because if the user isn't online, the page just doesn't load and nothing happens. But if I want to stop offline use as well I can save a file in File.DirInternal and have the app check for that. 'SwitchOff.txt'. They get caught once, then they can't use the app.
Obviously this doesn't work quite like a license check, but what you *could* do with it is to have the app pop up with a message to people using an old version that's not updated. That's probably downloaded off of some file sharing site, so you could then just keep pestering them to 'update' and send them to the Play Store to do so. You can also check how many of the users on that version of your app are legitimate by looking at your Play Developer Console.
One thing to note is that the redirect URLs you use will need to be different in every version of your app that you release.
Hope this helps someone! I wish I'd done it sooner, one of my apps is all over the web grrrr...
pretty much the same as what I'm doing atm except I just ping a server in the background and display a popup if the result meets certain conditions.. I don't disable the app either as I can't be 100% certain it's pirated, instead I display a "scary" popup saying if they're using a pirated copy this is illegal etc.. your average user won't know how the popup was generated so it should be enough to make them think "someone" is onto them and go the proper route.. With the added bonus a genuine user can just press ok and carry on using the app
Sent from my Nexus 4 using Tapatalk 4
Currently, none of my apps use licensing.
For one of my paid apps, about 5% of the downloads are from non-Google Play sources, meaning, I'm not seeing any revenue from those 5%.
There is an Android API, that allows developers to see which platform their app was downloaded from. So, I've been thinking about adding that hidden feature to my apps and maybe do something fun with it. But, haven't got around to it yet. My thinking has been that if somebody downloaded a pirated copy of my app, then they probably weren't going to pay for it in the first place. And, hopefully, they will tell their friends about it and maybe one of them will actually purchase it through Google Play.
I already have all my licensing code in place and commented out. Since my app is pretty new I want to see how it does before adding licensing. Since the app is free and income is from IAP its not too bad. I'd only turn on licensing in the next release if I see a pressing need for it.
Currently, none of my apps use licensing.
Hi all,
I'd like to share great news. Sicher, our free secure messenger finally comes to Windows Phone.
Sicher features true end-to-end encryption of both text messages and file attachments. With anonymous push notifications and the ability to set a timer for when messages will self-destruct, Sicher also includes password protection for the app itself.
Please try Sicher and share your feedback in this post.
FairyMary
Sicher Team
App is free, store link is here: EDIT: Removed because this thing looks like a scam and its description is a lie
I haven't been able to find a lot of info about how the app works (I'm talking about at a very technical level). My general advice regarding crypto code is to open it up for review, either publicly or by a professional security assessment firm (disclaimer: I work at one of those). If the code is already open for review somewhere, that would be awesome; if not, I recommend getting in touch with some external security experts (same disclaimer, but I can provide contact info if you want). The Internet is full of things that the developer claimed (and often even sincerely believed) were secure.
Aaaand just for fun, I decided to take a look at the app and see if there was anything obviously wrong. Let's start with the presence of no fewer than *three* advertisement networks, shall we? Begun Advertising is Russian and Google-owned, Google AdMob is self-explanatory, as is Microsoft Advertising Mobile. Your store description claims you
don’t use any advertising engines
Click to expand...
Click to collapse
. Did you really think nobody would check this?
WTF are you trying to pull here?!? I can't think of any way to faster burn trust in a "secure" app than to make a claim that is trivially disprovable in a way that benefits nobody except you.
I'll come right out and say it: Sicher looks like a scam!
Oh look, a Facebook library as well. Totally expected to see that, given that you
don’t integrate social network SDKs
Click to expand...
Click to collapse
Oh, and before anybody asks about responsible disclosure, that's for when there's an unintentional bug in somebody's code. This just looks like pure exploitation of your users! (I say "looks like" because I haven't actually decompiled the code to see if those libraries are being used, but it's hard to imagine why you'd have them otherwise...). The only responsible way to disclose malware is to do it publicly, and this looks malicious.
EDIT: I'll give you 24 hours to give me a good argument why I shouldn't report my findings to the stores themselves.
Time's up. You actually got over 48 hours because I was busy yesterday. Hope not too many people got scammed and tracked by your "secure" and "private" app...
Hey @GoodDayToDie, unfortunately I don't know where else to ask this, since you seem to be really interested (and skilled) in this topic, what messengers do you consider secure? WhatsApp is obvious, the only ones on Windows Phone I know of that come to my mind are Telegram and (soon) Threema.
What do you think about the two? I have basically no knowledge, but what seems odd to me about Threema is their faqs answer to "what about MITM?" they just say they use certs, hardcoded in the app. Aren't they with their servers in control then? How I understand this, the Threema servers could perfectly perform a MITM attack.
And Telegram has a completely confusing protocol.. So please share your thoughts!
I have no personal knowledge of one, sadly. Take anything I say here with a huge grain of salt (including the fact that Sicher looks like a scam; I haven't actually verified that it *uses* all those ad networks + Facebook that it integrates, just that it has them) as I'm not spending the time & effort for a full security review of these apps at this time.
Threema actually looks quite good.
Pros:
They don't try to implement the crypto themselves (they use NaCl, which is both written by people who know what they're doing, and well-reviewed).
The design of their end-to-end solution makes sense (it connects through the server since phone networks won't allow incoming/direct connections, but the messages are encrypted to only the recipient and doesn't require that the recipient be online to receive the message).
They are relatively open about how things work (although those *could* be lies; I haven't pulled the app apart).
It is possible for the user to verify the key of another user.
Cons:
They don't have Perfect Forward Secrecy on messages. PFS would require that the intended recipient be online at the start of any given conversation (to negotiate the ephemeral keys) so this isn't terribly surprising, but it is disappointing. An attacker (including a government agency) who gets access to your private key could decrypt historical traffic to you if they'd recorded it.
The app is proprietary; there's nothing stopping them from pushing a malicious update.
The server supplies the public keys of users; until such time as the user validates the other party's key (which is difficult to do except in person) the server could have sent a public key that the server has the private key for (instead of the user's own public key) and then MitM the user's traffic. This would break down when verified though, unless the app lied about the result of the verification process (you don't actually see the key itself).
To address your concern about MitM, the app says they use certificate pinning (a standard and very smart security measure, assuming they did it right) for app-to-server communication, so nobody (including third-party security engineers) can MitM the app traffic. They also claim to use PFS. However, if the server itself is untrusted (i.e. some government thugs show up to demand access, although bear in mind that apparently the servers are all in Switzerland) then the server could give you the wrong public key for a user you try and add, allowing the server to MitM you. Also, the company could push an update that is malicious.
The only protection against the server-sends-wrong-key threat is to either require that the user manually import all keys (think PGP minus keyservers and assuming trustworthy key exchanges) or exactly verify the key (i.e. personally ensure that it matches the other user's key by actually checking the bytes or at least the hash). The only protection against the malicious update is to make the source code available and have a method by which users can either compile it themselves (though see "Reflections on Trusting Trust") and/or have a way to verify the application binaries.
I'll look at Telegram later. For the moment, though, I would loosely recommend Threema once it's available. There's also Skype, of course, but while it was decompiled once long ago (and found to use secure encryption, although some non-crypto vulns were found) that was many versions ago (and, in particular, was before Microsoft bought them).
I originally posted a summary of these thoughts on my Play Store review of Greenify. But, since comments there soon get lost in the traffic, I thought I'd rewrite here.
Greenify seems to get a free pass from pretty much every Android-focussed site as a "must have app". I even saw an article on one site that said all RAM/Battery optimiser apps were a waste of time except for Greenify.
My own findings are a bit less uncritical.
My findings are that Greenify is constantly trying to make internet connections behind your back. I have the excellent AFWall+ installed on all my gadgets and, after I installed Greenify and blocked it from making internet connections, I was having AFWall+ alert me that Greenify was trying to make connections, almost constantly.
I would be doing something on my phone and the alerts from AFWall+ would be popping up continually, telling me that Greenify was trying to connect to one IP address after another. This would literally go on for two or three minutes at a time. It got so distracting that I eventually turned off AFWall+'s alerts for Greenify, just so I could use my phone in peace!
Digging further into AFWall+'s logs I found that, in the couple of months I'd had Greenify installed, it had attempted to make over ten thousand internet connections!
To put that into perspective; during the same time period, the second most tenacious app on my phone, Google's Gboard keyboard [which you'd expect to be spying on you], had made around two thousand attempts to phone home – and the connection figures for all the other apps I'd blocked with AFWall+ were way down in the couple of hundreds.
So, what is Greenify doing, trying to connect to these myriad servers all the time?
Even if you believe it's benign [although I can't see any legitimate reason it should be making ANY online connections at all] you've got to wonder how much the app is saving your battery by shutting down other background processes, when it's pretty much constantly trying to make internet connections itself.
I realise this is just my unverified opinion. I've since uninstalled Greenify from all my devices and so no longer have the AFWall+ logs to back up what I'm saying. And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself. You might just get a nasty shock.
@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287
Oswald Boelcke said:
...I don't want to miss Greenify as it certainly enhances the duration of my battery...
...As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration....
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools....
Click to expand...
Click to collapse
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.
xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.
Click to expand...
Click to collapse
It's amazing the conclusions one draws when given a tool. Perhaps Greenify behaves differently on your device than the huge universe of other long time users, some of which share your concerns over excessive outreach. I do not see the aggressive characteristics you and a few others describe - perhaps because I permit *most* analytics to flow unimpeded.
The power saving potential of Greenify and similar tools has depreciated over time given native doze and more aggressive enforcement of app background behaviors via Google policy. That said, Greenify remains an essential tool in my arsenal for performing selective tasks without manual intervention. It certainly is not malware/spyware as your click-bait thread title suggests.
Oswald Boelcke said:
@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287
Click to expand...
Click to collapse
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
First, set up your hosts file.
Second, use MyAndroidTools and XPrivacyLua to lock Greenify down.
In MyAndroidTools, disable:
Content Provider > Greenify > com.crashlytics.android.CrashlyticsInitProvider
In XPrivacyLua, disable everything for Greenify except:
Determine activity
Get applications
Read identifiers
In Settings > Apps > Gear Icon > App permissions, go through and ensure Greenify isn't enabled for anything.
Greenify, being root, will still try to connect, but it won't be able to because of the hosts file.
---------- Post added at 06:25 AM ---------- Previous post was at 06:15 AM ----------
xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
Click to expand...
Click to collapse
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone, along with nearly every other Google app (16 Google apps removed, 3 disabled in case I need them in the future)... and what remains is so locked down that the only thing that works is Google Play Store... for the rest of Google Play Services and Google Services Framework functionality, I've used MyAndroidTools and .xml file hacks to disable. I have no location tracking from Google, no logging from any Google components, no aGPS phone-homes to anywhere (aGPS is completely disabled)... in fact, Google can't even see when I'm online unless I change to my 'Google Enabled' AFWall+ profile to visit Google Play Store. In fact, I've recently disabled all Google Ads functionality... I found out that Google is presenting to the user a fake_adid_key that the user could change but which otherwise did nothing, yet they also have an adid_key which never changes, which they use as a GUID to track users.
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you.
For me, I set Portrait keyboard height to 45%, landscape keyboard height to 55%, Keyboard mode in portrait and landscape as 'Full 5-row layout', Gingerbread keyboard theme, Auto-capitalization, Double-tap Shift mode, Apply Shift Lock to modifier keys, no Ctrl-A override, no Ctrl key code, no Alt key code, no Meta key code and ignore slide-typing.
It does everything I need, I can type pretty quickly, and it doesn't log keystrokes. I especially like the little arrow keys which let me navigate around in a text file, and the fact that I can Ctrl-A (select all), Ctrl-C (copy) and Ctrl-V (paste) just like a regular keyboard.
Pro-tip: If you want to select a few lines of text, hold the shift key, and tap the down arrow key, just as you'd do on a regular keyboard.
Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics...
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone....
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you....
Click to expand...
Click to collapse
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.
Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
...
Click to expand...
Click to collapse
I'm glad to see that we both have nearly the same setup to protect our privacy.:good:
xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.
Click to expand...
Click to collapse
I'm surprised that you quoted me but with statements in the quotation, which I've never made. As far as I see they are by @Lusty Rugnuts. If you click the quotation you're referred to post #2 with a totally different content. May I politely ask you to edit your post in regard to the quotation.
Sorry about that. The multiple nested quotes, when replying, gets a bit unweildy. I deleted the wrong bit when trimming then.
xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
Click to expand...
Click to collapse
I wish there were a way to do away with it on Nougat... I take the Lotus approach, add speed by taking away. The less installed, the better. The stock ROM backup I took when the phone was brand-new is 4.74 GB in size. My latest backup is 2.29 GB. Yeah, I've stripped out a lot of Google-stuff.
xxxmadraxxx said:
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
Click to expand...
Click to collapse
The Hacker's Keyboard options does have an "ignore slide-typing" option, so I'm assuming it supports slide-typing / glide-typing / swipe-to-type. I've never tried it... I'm a creature of habit, and regular typing suits me. I watched my sister-in-law doing slide-typing, and it seems like one would need very good word correction to get readable text. Besides, I'm a mechanical engineer, I use my hands as hammers, pliers, etc. all day... they're not exactly "tuned" for the finesse I think slide-typing would require.
I came across this thread because in the past year, three times I have been notified by Xposed that a module has been updated. SuperSU also asks me to grant root access again so I'm wondering what the app is doing self updating?
Version 4.5.1 (donate)
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
Oswald Boelcke said:
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
Click to expand...
Click to collapse
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
xxxmadraxxx said:
I realise this is just my unverified opinion... And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself...
Click to expand...
Click to collapse
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
xxxmadraxxx said:
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
Click to expand...
Click to collapse
---------- Post added at 09:59 AM ---------- Previous post was at 09:47 AM ----------
Oswald Boelcke said:
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
Click to expand...
Click to collapse
"Sheesh" (forgot the second ''e') is a mild expression of exasperation generally uttered as a final remark. Not entirely dismissive but leaning in that direction. Akin to 'geez'.
As for the other, any and all acknowledgements go back to the XDA community who support each other like a well designed house of cards. Each depends on the other for support but removing one (or many) does not lead to collapse but the subtle shifting of another 'card' to share the load.
Davey126 said:
Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
Click to expand...
Click to collapse
In other words:
I'm not a millennial and just to show how mature I am –because I disagree with what you're saying, I'm going to stick my fingers in my ears and go "Na! Na!Na! I can't hear you!"
M'lud. The defence rests its case.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I have to disagree with you, and I applaud the original poster for making this thread. No closed source project should be immune from scrutiny.
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Though OP could have probably not used such a click-baity and sensational title. Even if it's not malware, the bug would mean that Greenify is not getting root access unless I manually grant it again.
htr5 said:
Though OP could have probably not used such a click-baity and sensational title...
Click to expand...
Click to collapse
The title wasn't intended to be either click-baity or sensational but, with hindsight, I can see how it might read it that way. Mea culpa.
However, given that no third party has been able to offer any justifiable reason as to why Greenify behaves as it does and the developer has never responded to the oft-expressed concerns of users –I don't think it unreasonable to infer that Greenify may be behaving; at best, irresponsibly and at worst, nefariously.
In which case, maybe the headline wasn't that click-baity, after all.
htr5 said:
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Click to expand...
Click to collapse
Yes, that would be a fair question (sans other baggage).
xxxmadraxxx said:
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device.
Click to expand...
Click to collapse
I've quieted Greenify. I used MyAndroidTools to disable the following for Greenify:
Content Provider:
com.crashlytics.android.CrashlyticsInitProvider
com.google.firebase.provider.FirebaseInitProvider
Activity:
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.tagmanager.TagManagerPreviewActivity
Broadcast Receiver:
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
Service:
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.gms.measurement.AppMeasurementService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.iid.FirebaseInstanceIdService
com.google.android.gms.tagmanager.TagManagerService
That Tag Manager Service and Tag Manager Preview Activity are worrisome...
https://support.google.com/tagmanager/answer/6102821?hl=en
Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app. Once the small segment of Tag Manager code has been added to your project, you can safely and easily deploy analytics and measurement tag configurations from a web-based user interface.
When Tag Manager is installed, your website or app will be able to communicate with the Tag Manager servers. You can then use Tag Manager's web-based user interface to set up tags, establish triggers that cause your tag to fire when certain events occur, and create variables that can be used to simplify and automate your tag configurations.
Click to expand...
Click to collapse
https://blog.hubspot.com/marketing/google-tag-manager-guide
Collecting data using tools like Google Analytics is critical for expanding your business’s online reach, converting leads into customers, and optimizing a digital marketing strategy to create stronger relationships with your audience.
However, collecting data is easier said than done. Google Analytics and other similar analytics tools aid the process, but they work more effectively with the addition of tags.
Tags, in a general sense, are bits of code you embed in your website’s javascript or HTML to extract certain information.
Click to expand...
Click to collapse
So Tag Manager is yet another way for Google to track your every move... in apps and on web pages. It's almost a backdoor to your device, since Tag Manager can be used to remotely change what it tracks and when. Google is getting awfully malware-y, which is why I've worked so hard to make it so I can completely kill all Google components on my phone and the phone still works... and the Google components stay killed until I start them (without the necessary modifications, Google Persistence kicks in and restarts the Google components, which is also very malware-y... Google is a service provider, they shouldn't run unless the user wants to use their services, and there should be an interface to disable (or uninstall) any functionality the user doesn't want.). Further, the user shouldn't have to rely upon changing settings on Google's servers, while leaving the Google components running on their phone... that means we have to trust that Google is abiding by those settings... does anyone believe they are?
I've uncovered instances on this very phone where Google is less than honest in abiding by settings... another is their GoogleOtaBinder, which disregards the Developer Options setting to disable Automatic System Updates... the only way to turn off Google pushing a new ROM (without consent, without notification) and rebooting the phone (at midnight each night, without consent, without notification) is to edit a file such that GoogleOtaBinder can't authenticate with Google's servers.
You'll probably also find an app in Settings > Apps called 'Tag Manager'... I got rid of it long ago.
Google Tag Manager / Tracking Pixels and Tags
package:/system/priv-app/TagGoogle/TagGoogle.apk=com.google.android.tag
To get a list of packages installed on your system, in an Administrator-privilege command prompt on your computer, with your phone plugged into your computer via USB and set to 'File Transfer' USB mode, type:
adb shell pm list packages -f
Here's the list of packages I've removed.
{UPDATE}
I've also found the following:
The file:
/data/user/0/com.oasisfeng.greenify/app_google_tagmanager/resource_GTM-KN73P2
contains the following:
Component Display Name:
com.xiaomi.mipush.sdk.PushMessageHandler
alibaba.sdk.android.push.AliyunPushIntentService
com.igexin.sdk.PushService
com.tencent.android.tpush.service.XGPushServiceV3
org.android.agoo.client.MessageRecieverService
com.baidu.sapi2.share.ShareService
"MessageReceiverService"? PushMessageHandler? What is being pushed to our phones?
Further down, because I've completely neutered Google Analytics, it reads:
.analytics.disabled.exception.NoSuchMethodError true
{/UPDATE}
Greenify is also using the real 'adid_key' content in /data/data/com.google.android.gms/shared_prefs/adid_settings.xml, although I doubt they're in on Google's nefarious scheme to trick users into thinking they can reset their Advertising ID, while tracking them with a non-changing GUID (Globally Unique ID).
There are two keys in adid_settings.xml... 'adid_key' and 'fake_adid_key'... pushing the "Reset Advertising ID" button in Settings > Google > Ads changes 'fake_adid_key', but 'adid_key' never changes and is propagated to many other apps.
https://forum.xda-developers.com/showpost.php?p=79521903
Further, I tried to uninstall Greenify (I'll manually set up device_idle_constants to mimic what Greenify did)... it's never had Device Administrator privileges, I disabled Usage Access, uninstalled the XPosed Framework 'Greenify Experimental Features', then went into Greenify's settings and disabled all that was there... but when I went into Settings > Apps > Greenify, there isn't an "uninstall" button, just "Force Stop" and "Disable" buttons. There's no way to uninstall it from within Greenify itself, either.
I booted into TWRP Recovery Mode, went to /data/adb/modules, deleted the module for Greenify, and when I rebooted, Greenify was gone. All that remained was to wipe it from the Dalvik cache.
I'm a long time developer but brand new to Android, with my having past experience developing in Unix systems as well as a lot using Cygwin in Windows. I have a newly-installed App that seems popular called 'C Locker'. So far, I've just got the Free version because I'm trying it out to see if it does what I need. Unfortunately, it's now crashing with the Settings that I've enabled, and as a general developer, I'm interested in seeing if I can glean information from the Bugreport (or whatever else I can use...perhaps even gdb on the device itself?) to help me know what specific Settings might be the problem being that there are so many of them and I would prefer to gain some type of help from my phone in figuring out what the bad settings might be that I've enabled that are causing the problem rather than to spend all day flipping them around. I've already scanned through the Bugreport after uploading it to my computer, examining all of the references it makes in there to "com.ccs.lockscreen" with this apparently being the process name for the C-Locker program. I've seen indications in there where it indeed shows that it has crashed, but I couldn't yet discern if it is able to give me pointers as to what the cause of the crashes might have been. Is that possible to gain such information out of these Bugreport files? Or is there a way to run it directly in gdb on my device to perhaps see the stack at the time that it crashes, for which the names provided might help to discern what specifically it was trying but failing to do at the time? If it helps, as an intended future Android developer, I've already gotten Android SDK set up on my computer, although I haven't yet really used it much to speak of for anything. I also have adb working from my computer to the smartphone and even have rooted it using a rare method being that I have an older phone purchased years ago via Amazon that I didn't activate until about a month ago. (It's an LG G4 VS986 version 13B so I couldn't use the popular rooting method for version 11A but instead had to use the "Injection" method which took me FOREVER although I finally got it to work!) And just in case it helps perhaps even to bypass a direct answer to this question (although it will still of course be appreciated), my Settings within C Locker involve having set it to be a Device Admin and to bring it up as the first App upon Reboot as well as I've selected within the Root category to make it a System App as well as my then having Disabled ALL things that typically show on the screen (such as 9-1-1, camera, Etc). I had left it set to the default "Gesture" Unlock method, but whenever I bring up the App again and go into "Unlock Methods", it now immediately crashes each time (as well as upon Restarting the phone!). So this covers the majority of the most significant of the Settings that I've made on it so far to the best of my recollection. And I feel that if I could get some indications from the system as to what the specific errors may be when its crashing (or from a stack trace or whatever else), then it might help me to discern what specific Settings are creating the problem being that perhaps I just have an odd (rare) combination of Settings on it that I can tweak to get it working. My goal is to ultimately get a lockscreen App that I can use a Pattern type Unlock with that allows an UNLIMITED number of Failed Attempts (so that it won't ever Factory Reset my phone after the 10th or ANY number of failures!!!). I also--as mentioned above--don't want ANY shortcuts whatsoever being accessible BEFORE the phone is unlocked...not even 9-1-1. Anyway, so if there's a way to glean information from the Bugreport (or from whatever other methods available) to find the specific cause (involved errors) of this or any other App that's crashing that I do NOT have the source code for (being that I of course am not its developer) then it will be greatly appreciated to know how to best find this information. (And I promise that I've already searched extensively on Google but couldn't filter out its replies all being based on the idea that I'm the developer of the App that's crashing, with my even trying adding phrases such as "not my app" and "not the developer of" Etc to no avail...lol). Thanks.
By the way, if I shouldn't have combined the 'C Locker' Settings details into this post, then please just let me know because I'm new to posting here. Also, unfortunately, if I don't receive any help with this right away, then I'll be forced to start testing different Setting combinations anyway, which would then of course solve this problem but without knowing truly what exactly was causing the issue. Even if so, it will still be helpful in the long run with other potential App crashes to get the answer to this general question.
Unless not disabled by user, all runtime activities in Android are logged, so app crashes and their reason also. You can view this log by means of Android's logcat command-line tool or by means of a LogCat Viewer app. My POV: logcat is essential for determining what an app and the Android OS are doing while the app is running on a device.
BTW: Android's log can be filtered per package, too.
Thanks!
jwoegerbauer said:
Unless not disabled by user, all runtime activities in Android are logged, so app crashes and their reason also. You can view this log by means of Android's logcat command-line tool or by means of a LogCat Viewer app. My POV: logcat is essential for determining what an app and the Android OS are doing while the app is running on a device.
BTW: Android's log can be filtered per package, too.
Click to expand...
Click to collapse
Thank you, and since posting this, I've been learning more about Android Studio and have used it to actually see the stack trace within the "Android Monitor" pane there in order to find the instant reason why the/ANY (meaning 3rd party as well) App is crashing at the time! Thanks again for the help!