Chinese phone now opens add websites. Bloatware? Virus? Trojan? [DooGee S70 Lite] - Android Q&A, Help & Troubleshooting

Years ago I bought a cheap and powerful rugged phone to use it as a navigation tool on my motorcycle.
A view months ago it began that the phone sporadicly opens up add websites in the chrome browser. This happens about once a day.
I read that the manufacturer is not trustworthy and DooGee delivered some firmware updates with trojan sw. So I guess in the best case DooGee tries to do some extra money by showing me adds. They may installed a backdoor that now opens these websites.
I don't make security critical things on this device but still I want to get rid of these adds. It's annoying to drive with the bike and navigate and then the navigation software is hidden because of these useless adds.
I do have root on this device using an older version of magisk.
I have Titanium Backup and theoretically I would be able to disable all processes / apps if I would know the name of the app.
But I don't know how I can find out which process is the originator of these adds.
I disabled the chrome browser but I guess there is an other process that just shows the website in chrome. So it may not be chrome browser's fault?!
And the list of all apps is long because I have to suspect the system apps also.
I tried some virus scanners from play store but they all found nothing. Useless apps...
Hope someone here can help.
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Thanks.

Try Malwarebytes for your mobile device.

fpdragon said:
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Click to expand...
Click to collapse
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.

jwoegerbauer said:
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.
Click to expand...
Click to collapse
I am pretty sure that I don't downloaded any app that throws the adds. It must be something that comes from DooGee.

Bernal79 said:
mcafee will help to get rid of the malware
Click to expand...
Click to collapse
mcafee has not found anything
James_Watson said:
Try Malwarebytes for your mobile device.
Click to expand...
Click to collapse
malwarebytes has not found anything
However, thanks for the recommendation.

fpdragon said:
mcafee has not found anything
malwarebytes has not found anything
Click to expand...
Click to collapse
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.

jwoegerbauer said:
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.
Click to expand...
Click to collapse
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.

fpdragon said:
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.
Click to expand...
Click to collapse
It seems that you have turned on notification from a website in chrome. Clear chrome browsing data. Re-enable chrome. And check whether you receive any adds or not.

Related

[Q] Is anti virus a waste?

Is anti virus a waste or is it worth having it run on your phone?
waste......
MrGibbage said:
waste......
Click to expand...
Click to collapse
Why is that?
its a waste, when was the lest time u heard of someone getting a phone virus? lol, plus what are you downloading and running on your phone that might even pose a threat
I vote waste too, for current AV solutions. Like another poster said -- There really aren't any threats at the moment. It's real likely there will be at some point, but I see no reason to believe the current AV providers have any clue what these future hypothetical virii will look like. I'll trust an AV once it is written by a security researcher who has studied live Android virii. Until then they're just wasting resources.
I don't run AV software on my home computers or my phones. I am careful with the email that I open, and when I DL software, I try to be aware of where it is coming from. I am never the guy that that downloads something the day it comes out. If it is nefarious, I'll hear about it. Maybe I'm lucky, but I just don't see the need.
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
BTW when you install the "SMS Trojan" it asks for permission to send text messages that may cost money.
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
reuthermonkey said:
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
Click to expand...
Click to collapse
Aint that the truth. Idiots need to pay attention to the Android Permissions screen and ask themselves "Why does this flashlight app need to read my contacts, google account and access my dialer, data connection and send SMS??"
Like others have mentioned, threat levels right now are so low that it doesn't warrant the use of money or system resources.
Some apps in the market that are labeled as such are just spam btw.
And also, we are far from a mass infection ala PCs. Just be very careful with what you download. Pay close attention to the permissions and use your very good judgement. If a music player asks permission to read/send/receive text messages and make phone calls, it's probably some type of malware.
jblade1000 said:
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
Click to expand...
Click to collapse
WASTE ,..,.., hands down......
A virus that has to be manually installed by the user or creator on the host device ????? , and this is after all the warnings to the user before you press ok .,.,.,.,., never mind all the warnings telling you NOT TO DOWNLOAD outside of the market,unless you know what you are doing , download AT YOUR OWN RISK..... Not to mention the anti virus companies CREATING the need for you to install their app ... ever read some of the comments in the market about these "AV" apps ? > 'this app works great, protects my phone'<<<<<? protects it ? from what ???? WTF..
So yes I think it's a waste.....
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
hmmm lets see, would an app be able to slide in a permission without a warning? as in read contacts after installed but it never showed on the permission screen.
creglenn said:
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
Click to expand...
Click to collapse
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
reuthermonkey said:
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
Click to expand...
Click to collapse
Thats so true but im speaking on the basic users who dont need a dumbphone instead of a smartphone cause when/if a virus does come out those are the people who ill be flooding the forums. While we sit back and laugh.
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
jamesey10 said:
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
Click to expand...
Click to collapse
Sure, those are a few reasons to keep Lookout installed. But I don't need it scanning all my files for threats that don't exist yet and it probably wouldn't recognize anyway. Fortunately, the AV component is optional.

Avast Mobile security

Have you guys tried this one? I use it on my PC, but wow the Android version is intense!
From the market:
Full-featured Antivirus and Anti-Theft security for your Android phone. Protect personal data with automatic virus scans and infected-URL alerts. Stop hackers by adding a firewall (rooted phones). Control anti-theft features with remote SMS commands for: history wipe, phone lock, siren activation, GPS tracking, audio monitoring, and many other useful tools. Your ‘invisible’ app hides itself, making it extremely hard for thieves to find and disable. A standalone yet tightly integrated component of avast! Mobile Security, avast! Anti-Theft is the slyest component on the market. Formerly known as Theft Aware, the Anti-Theft portion of avast! Mobile Security has been recommended by leading industry experts that include T-Mobile, N-TV, AndroidPIT, and Android Police.
avast! Mobile Security
Antivirus
Performs on-demand scans of all installed apps and memory card content, as well as on-access scans of apps upon first execution. Options for scheduling scans, virus definition updates, uninstalling apps, deleting files, or reporting a false-positive to our virus lab.
Privacy Report
Scans and displays (grid) access rights and intents of installed apps, identifying potential privacy risks, so you know how much info you are really providing to each app.
SMS/Call Filtering
Filter calls and/or messages from contact list using set parameters based on day(s) of the week, start time, and end time. Blocked calls redirect to voicemail, while blocked messages are stored via filter log. Also possible to block outgoing calls.
App Manager
Similar to Windows Task Manager, it shows a list of running apps and their size (MB), CPU load, used memory, and number of threads and services – with an option to stop or uninstall.
Web Shield
Part of the avast! WebRep cloud, the avast! Web Shield for Android scans each URL that loads and warns you if the browser loads a malware-infected URL.
Firewall
Add a firewall to stop hackers. Disable an app’s internet access when on WiFi and 3G and roaming mobile networks. (Works only on rooted phones.)
avast! Anti-Theft
App Disguiser
After downloading avast! Anti-Theft, user can choose a custom name that disguises the app (e.g. call it “Pinocchio game”) so that it is even harder for thieves to find and remove.
Stealth Mode
Once anti-theft is enabled, the app icon is hidden in the app tray, leaving no audio or other trace on the target phone – the app is ‘invisible’, making it difficult for thieves to detect or remove.
Self-Protection
Extremely difficult for thieves to remove (especially on rooted phones), Anti-Theft protects itself from uninstall by disguising its components with various self-preservation techniques. On rooted phones it is able to survive hard-resets and can even disable the phone’s USB port.
Battery Save
Anti-Theft only launches itself and runs when it needs to perform tasks. This preserves battery life and makes it very difficult for thieves to shut it down.
SIM-Card-Change Notification
If stolen and a different (unauthorized) SIM card inserted, the phone can lock, activate siren, and send you notification (to remote device) of the phone’s new number and geo-location.
Trusted SIM Cards List
Establish a ‘white list’ of approved SIM cards that can be used in the phone without triggering a theft alert. You can also easily clear the trusted SIM cards list, to leave the one present in the phone as the only trusted one.
Remote Settings Change
A setup wizard guides the user through the installation process on rooted phones. No command-line knowledge is necessary to install Anti-Theft rooted. Also supports upgrading.
Remote Features
SMS commands provide you the following REMOTE options for your ‘lost’ (or stolen) phone: Siren, Lock, custom Display properties, Locate, Memory Wipe, covert Calling, Forwarding, “Lost” Notification, SMS Sending, History, Restart, and more.
Took forever to set up, and this thing pretty much owns your phone. Not sure if you can ever get it off, lol.
Sent from my Dell Streak using Tapatalk
I wonder how it is on battery life. I like the SIM protection / anti theft bits so might try it on my Streak while waiting for the Sammy Note to arrive...
Hogs battery on my S2, stock XWLA4 rooted. Wonder what's wrong. Uninstalled until update arrives.
One problem I encountered: it blocked all my attempts to root my phone (LG Optima Q) until I uninstalled it. Probably part of it security protection. Once it was uninstalled the phone was rooted with no difficulty.
well, that makes perfect sense; the "rooting" process is just a security exploitation even if with legitimate aims. However it was detected, good for the SW.

There's a Zombie-like Security Flaw in Almost Every Android Phone

Nice article to read.. Just thought I would share.. MODS PLEASE DELETE IN CASE THIS IS A DUPLICATE.
http://news.yahoo.com/theres-zombie-...013019842.html
There's a Zombie-like Security Flaw in Almost Every Android Phone
LikeDislike
Abby Ohlheiser 56 minutes ago
Technology & Electronics
.
View gallery
There's a Zombie-like Security Flaw in Almost Every Android Phone
Almost every Android phone has a big, gaping security weakness, according to the security startup who discovered the vulnerability. Essentially, according to BlueBox, almost every Android phone made in the past four years (or, since Android "Donut," version 1.6) is just a few steps away from becoming a virtual George Romero film, thanks to a weakness that can "turn any legitimate application into a malicious Trojan."
While news of a security vulnerability in Android might not exactly be surprising to users, the scope of the vulnerability does give one pause: "99 percent" of Android mobiles, or just under 900 million phones, are potentially vulnerable, according to the company. All hackers have to do to get in is modify an existing, legitimate app, which they're apparently able to do without breaking the application's security signature. Then, distribute the app and convince users to install it.
Google, who hasn't commented on the vulnerability yet, has known about the weakness since February, and they've already patched the Samsung Galaxy S4, according to CIO. And they've also made it impossible for the malicious apps to to install through Google Play. But the evil apps could still get onto a device via email, a third-party store, or basically any website. Here's the worst-case scenario for exploitation of the vulnerability, or what could potentially happen to an infected phone accessed via an application developed by a device manufacturer, which generally come with elevated access, according to BlueBox:
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The company recommends users of basically every Android phone double check the source of any apps they install, keep their devices updated, and take their own precautions to protect their data. But as TechCrunch notes, Android users really should be doing this anyway, as the devices tend to come with a " general low-level risk" from malware. That risk, however, is elevated for users who venture outside of the Google Play store for their apps.
So while the actual impact of the vulnerability is not known, neither is the timeline for fixing it. Manufacturers will have to release their own patches for the problem in order to fix it, something that happens notoriously slowly among Android devices.
Mr_Jay_jay said:
/snip
Click to expand...
Click to collapse
As always, this really boils down to the same thing: don't be a fool in the most non-pejorative way possible. With the exception of the Syrian Electronic Army fiasco awhile back, secured and verified app vendors like Google Play (or Apple's App Store) continue to provide all the services most users will need without exposing the end-user to this kind of vulnerability. If you don't expose yourself, you're not at risk.
That said, this all relies on the notion of the end-user being at least somewhat vigilant, which can be quite dangerous.
Rirere said:
As always, this really boils down to the same thing: don't be a fool in the most non-pejorative way possible. With the exception of the Syrian Electronic Army fiasco awhile back, secured and verified app vendors like Google Play (or Apple's App Store) continue to provide all the services most users will need without exposing the end-user to this kind of vulnerability. If you don't expose yourself, you're not at risk.
That said, this all relies on the notion of the end-user being at least somewhat vigilant, which can be quite dangerous.
Click to expand...
Click to collapse
Not every Android device has access to Play Store though, by-default. I have a tablet now that doesn't have access. If a normal user had such a device, they wouldn't likely go through the process needed to get Play Store, and would just deal with whatever marketplace app existed.
This exploit will likely only ever affect users that by default use devices that do not have Google support. Many of these are distributed among 3rd world nations and are typically a hot bed of illicit activities anyways. Of the first worlders that would be affected, it would be those using black market apps without knowing the risks involved in doing so. Most black market users are knowledgeable enough to know to check their sources and compare file sizes before installing apk's.
Also the notion that 99% of devices being affected has nothing with the OS being flawed (Google reportedly fixed the flaw in March), but rather the OEMs being slow in pushing out (or not pushing out at all) the patched hole.
Also I would be weary of a security outfit that has been around since 'mid-2012' and continues to pride themselves as a start-up mobile security firm.
espionage724 said:
Not every Android device has access to Play Store though, by-default. I have a tablet now that doesn't have access. If a normal user had such a device, they wouldn't likely go through the process needed to get Play Store, and would just deal with whatever marketplace app existed.
Click to expand...
Click to collapse
Granted, but the Play Store reduces the attack surface by a considerable margin. Right now, I consider non-Google blessed Android to be something akin to stock Windows 7 with Defender and Firewall turned off-- you can do just about anything with it, but you're running at a risk by not deploying some vendor-based add-ons (in this case, choosing to use the unit available).
I do understand that many devices sell outside of the Google world, before anyone jumps on me, but it doesn't change how the vulnerabilities play out.
This boils down to:
If users install a virus then they get a virus!!! This affects all Android phones!!!!!!!! Oh Nos!
Sucks that this is being patched. Guess there will be no more modding games for me.

Need help with verifying this as malware.

OK, I know, some of you would tell my friend to just root the phone, delete the offending APK, and get on with it. Problem is it's under warranty, and he just isn't confident with hacking the device for now. He stumbled upon what appears to be an SMS malware app in /system, and while a few virus scanners flagged it as malicious, Kphone's customer support apparently shrugs it off in a (automated) reply to my friend's inquiry.
My friend bought it off QVC, and so far we haven't succeded in convincing either the manufacturer or QVC in recalling the device and/or issuing an OTA zip to rectify the issue in some way. To put it another way, we need confirmation that the app is of malicious nature, regardless of how the manufacturer tries to downplay or cover things up. I could more or less dechiper the code, but I'm no Java expert so any help would be appreciated.
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
wb8976 said:
Hello. I am the OP's friend here. I'm here to share some more details about the APK file and what programs detect it.
First off, this phone piqued my interest when it was actually shown on air late one night on the QVC network, which I don't usually watch much. I got the phone, and upon the recommendation of Blake and another friend, the first thing I did was run Malwarebytes on the Kphone. It initially picked up the APK as a generic SMSSend trojan variant, but after sending in the APK to Malwarebytes for a more detailed analysis, they reclassified it a not-as-severe PUP/Riskware. Another mobile antivirus app, AVG, also detected this APK as an SMSSend variant, but upon rescanning the device a few days ago, it no longer flags this APK. No other AV app I tried flags it, and I have tried ESET, 360 Security, Avast, Kaspersky, Sophos, and Avira. For the AV apps that detected the APK, removal is impossible since it's installed in the system folder. The phone isn't rooted out of the box.
I did initially email QVC about this potential problem, and they claimed to forward my concern to the proper department. I haven't heard from them since and the phone is still listed for sale. I also contacted Kphone's support site. After a few days, they replied back and stated that the file is meant for "international use" and it's a false positive. While the CSR could just be trying to cover up malicious activity, the fact that AVG seems to have removed the file from it's definition files seems to indicate a bit of truth behind their explanation. Even so, we do need a second opinion, which is why my friend put the file up here for further analysis.
It would be a shame too if the file is indeed malicious since the Kphone itself is rather great for the price. The performance and screen are great overall and it would actually make a good Android-based media player if you don't plan on using it as a phone.
Click to expand...
Click to collapse
And it's just as much of a disappointment when similar low-cost Android devices end up being tainted OOB, as what you mentioned on our forum some time ago, and when a friend of mine recalled a tablet belonging to a kid whose parent or relative is a friend of his, to which they had a rather hard time due to the sheer amount of popup ads being shoved up their throats, all thanks to the malware that's present in /system.
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
BatDroid said:
Mobile virus scanner apps are ****.
(Atleast most of them.)
I saw 360 security flaged share it.apk as a malware and deleted all my files.
So,I recommend u to get d help of a pc and run a anti-v test.
If it still shows as a malware then disable it from system.
For rooted user's, there's some easy solution like,
delete/freeze/denying permissions.
good luck
Click to expand...
Click to collapse
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
blakegriplingph said:
The desktop edition of Avast flagged the APK as malicious, so that's one red flag for me.
Click to expand...
Click to collapse
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
wb8976 said:
The mobile version of Avast seemed to just scan a handful of apps and did not detect the APK.
The only AV apps on my PC are Windows Defender and the PC version of Malwarebytes. Both don't flag the APK.
If one could take a look at the code and determine what it does, that could give us a better picture as to what the APK does. We did glance at some of the source code and found what appear to be various Chinese phone numbers and a server URL that seems to belong to the manufacturer of the Kphone K5, K-Touch. These can be red flags on their own, and if the rest of the APK code could be better analyzed, the meanings of these strings could be clearer.
Click to expand...
Click to collapse
I could barely understand what the code does apart from a few functions, but it's still perturbing given the malware my friends and I encountered with no-name tabs previously.

Is Greenify Malware?... or Spyware?

I originally posted a summary of these thoughts on my Play Store review of Greenify. But, since comments there soon get lost in the traffic, I thought I'd rewrite here.
Greenify seems to get a free pass from pretty much every Android-focussed site as a "must have app". I even saw an article on one site that said all RAM/Battery optimiser apps were a waste of time except for Greenify.
My own findings are a bit less uncritical.
My findings are that Greenify is constantly trying to make internet connections behind your back. I have the excellent AFWall+ installed on all my gadgets and, after I installed Greenify and blocked it from making internet connections, I was having AFWall+ alert me that Greenify was trying to make connections, almost constantly.
I would be doing something on my phone and the alerts from AFWall+ would be popping up continually, telling me that Greenify was trying to connect to one IP address after another. This would literally go on for two or three minutes at a time. It got so distracting that I eventually turned off AFWall+'s alerts for Greenify, just so I could use my phone in peace!
Digging further into AFWall+'s logs I found that, in the couple of months I'd had Greenify installed, it had attempted to make over ten thousand internet connections!
To put that into perspective; during the same time period, the second most tenacious app on my phone, Google's Gboard keyboard [which you'd expect to be spying on you], had made around two thousand attempts to phone home – and the connection figures for all the other apps I'd blocked with AFWall+ were way down in the couple of hundreds.
So, what is Greenify doing, trying to connect to these myriad servers all the time?
Even if you believe it's benign [although I can't see any legitimate reason it should be making ANY online connections at all] you've got to wonder how much the app is saving your battery by shutting down other background processes, when it's pretty much constantly trying to make internet connections itself.
I realise this is just my unverified opinion. I've since uninstalled Greenify from all my devices and so no longer have the AFWall+ logs to back up what I'm saying. And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself. You might just get a nasty shock.
@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287
Oswald Boelcke said:
...I don't want to miss Greenify as it certainly enhances the duration of my battery...
...As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration....
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools....
Click to expand...
Click to collapse
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.
xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.
Click to expand...
Click to collapse
It's amazing the conclusions one draws when given a tool. Perhaps Greenify behaves differently on your device than the huge universe of other long time users, some of which share your concerns over excessive outreach. I do not see the aggressive characteristics you and a few others describe - perhaps because I permit *most* analytics to flow unimpeded.
The power saving potential of Greenify and similar tools has depreciated over time given native doze and more aggressive enforcement of app background behaviors via Google policy. That said, Greenify remains an essential tool in my arsenal for performing selective tasks without manual intervention. It certainly is not malware/spyware as your click-bait thread title suggests.
Oswald Boelcke said:
@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287
Click to expand...
Click to collapse
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
First, set up your hosts file.
Second, use MyAndroidTools and XPrivacyLua to lock Greenify down.
In MyAndroidTools, disable:
Content Provider > Greenify > com.crashlytics.android.CrashlyticsInitProvider
In XPrivacyLua, disable everything for Greenify except:
Determine activity
Get applications
Read identifiers
In Settings > Apps > Gear Icon > App permissions, go through and ensure Greenify isn't enabled for anything.
Greenify, being root, will still try to connect, but it won't be able to because of the hosts file.
---------- Post added at 06:25 AM ---------- Previous post was at 06:15 AM ----------
xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
Click to expand...
Click to collapse
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone, along with nearly every other Google app (16 Google apps removed, 3 disabled in case I need them in the future)... and what remains is so locked down that the only thing that works is Google Play Store... for the rest of Google Play Services and Google Services Framework functionality, I've used MyAndroidTools and .xml file hacks to disable. I have no location tracking from Google, no logging from any Google components, no aGPS phone-homes to anywhere (aGPS is completely disabled)... in fact, Google can't even see when I'm online unless I change to my 'Google Enabled' AFWall+ profile to visit Google Play Store. In fact, I've recently disabled all Google Ads functionality... I found out that Google is presenting to the user a fake_adid_key that the user could change but which otherwise did nothing, yet they also have an adid_key which never changes, which they use as a GUID to track users.
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you.
For me, I set Portrait keyboard height to 45%, landscape keyboard height to 55%, Keyboard mode in portrait and landscape as 'Full 5-row layout', Gingerbread keyboard theme, Auto-capitalization, Double-tap Shift mode, Apply Shift Lock to modifier keys, no Ctrl-A override, no Ctrl key code, no Alt key code, no Meta key code and ignore slide-typing.
It does everything I need, I can type pretty quickly, and it doesn't log keystrokes. I especially like the little arrow keys which let me navigate around in a text file, and the fact that I can Ctrl-A (select all), Ctrl-C (copy) and Ctrl-V (paste) just like a regular keyboard.
Pro-tip: If you want to select a few lines of text, hold the shift key, and tap the down arrow key, just as you'd do on a regular keyboard.
Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics...
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone....
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you....
Click to expand...
Click to collapse
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.
Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
...
Click to expand...
Click to collapse
I'm glad to see that we both have nearly the same setup to protect our privacy.:good:
xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.
Click to expand...
Click to collapse
I'm surprised that you quoted me but with statements in the quotation, which I've never made. As far as I see they are by @Lusty Rugnuts. If you click the quotation you're referred to post #2 with a totally different content. May I politely ask you to edit your post in regard to the quotation.
Sorry about that. The multiple nested quotes, when replying, gets a bit unweildy. I deleted the wrong bit when trimming then.
xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
Click to expand...
Click to collapse
I wish there were a way to do away with it on Nougat... I take the Lotus approach, add speed by taking away. The less installed, the better. The stock ROM backup I took when the phone was brand-new is 4.74 GB in size. My latest backup is 2.29 GB. Yeah, I've stripped out a lot of Google-stuff.
xxxmadraxxx said:
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
Click to expand...
Click to collapse
The Hacker's Keyboard options does have an "ignore slide-typing" option, so I'm assuming it supports slide-typing / glide-typing / swipe-to-type. I've never tried it... I'm a creature of habit, and regular typing suits me. I watched my sister-in-law doing slide-typing, and it seems like one would need very good word correction to get readable text. Besides, I'm a mechanical engineer, I use my hands as hammers, pliers, etc. all day... they're not exactly "tuned" for the finesse I think slide-typing would require.
I came across this thread because in the past year, three times I have been notified by Xposed that a module has been updated. SuperSU also asks me to grant root access again so I'm wondering what the app is doing self updating?
Version 4.5.1 (donate)
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
Oswald Boelcke said:
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
Click to expand...
Click to collapse
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
xxxmadraxxx said:
I realise this is just my unverified opinion... And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself...
Click to expand...
Click to collapse
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
xxxmadraxxx said:
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
Click to expand...
Click to collapse
---------- Post added at 09:59 AM ---------- Previous post was at 09:47 AM ----------
Oswald Boelcke said:
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
Click to expand...
Click to collapse
"Sheesh" (forgot the second ''e') is a mild expression of exasperation generally uttered as a final remark. Not entirely dismissive but leaning in that direction. Akin to 'geez'.
As for the other, any and all acknowledgements go back to the XDA community who support each other like a well designed house of cards. Each depends on the other for support but removing one (or many) does not lead to collapse but the subtle shifting of another 'card' to share the load.
Davey126 said:
Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
Click to expand...
Click to collapse
In other words:
I'm not a millennial and just to show how mature I am –because I disagree with what you're saying, I'm going to stick my fingers in my ears and go "Na! Na!Na! I can't hear you!"
M'lud. The defence rests its case.
Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I have to disagree with you, and I applaud the original poster for making this thread. No closed source project should be immune from scrutiny.
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Though OP could have probably not used such a click-baity and sensational title. Even if it's not malware, the bug would mean that Greenify is not getting root access unless I manually grant it again.
htr5 said:
Though OP could have probably not used such a click-baity and sensational title...
Click to expand...
Click to collapse
The title wasn't intended to be either click-baity or sensational but, with hindsight, I can see how it might read it that way. Mea culpa.
However, given that no third party has been able to offer any justifiable reason as to why Greenify behaves as it does and the developer has never responded to the oft-expressed concerns of users –I don't think it unreasonable to infer that Greenify may be behaving; at best, irresponsibly and at worst, nefariously.
In which case, maybe the headline wasn't that click-baity, after all.
htr5 said:
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Click to expand...
Click to collapse
Yes, that would be a fair question (sans other baggage).
xxxmadraxxx said:
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device.
Click to expand...
Click to collapse
I've quieted Greenify. I used MyAndroidTools to disable the following for Greenify:
Content Provider:
com.crashlytics.android.CrashlyticsInitProvider
com.google.firebase.provider.FirebaseInitProvider
Activity:
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.tagmanager.TagManagerPreviewActivity
Broadcast Receiver:
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
Service:
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.gms.measurement.AppMeasurementService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.iid.FirebaseInstanceIdService
com.google.android.gms.tagmanager.TagManagerService
That Tag Manager Service and Tag Manager Preview Activity are worrisome...
https://support.google.com/tagmanager/answer/6102821?hl=en
Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app. Once the small segment of Tag Manager code has been added to your project, you can safely and easily deploy analytics and measurement tag configurations from a web-based user interface.
When Tag Manager is installed, your website or app will be able to communicate with the Tag Manager servers. You can then use Tag Manager's web-based user interface to set up tags, establish triggers that cause your tag to fire when certain events occur, and create variables that can be used to simplify and automate your tag configurations.
Click to expand...
Click to collapse
https://blog.hubspot.com/marketing/google-tag-manager-guide
Collecting data using tools like Google Analytics is critical for expanding your business’s online reach, converting leads into customers, and optimizing a digital marketing strategy to create stronger relationships with your audience.
However, collecting data is easier said than done. Google Analytics and other similar analytics tools aid the process, but they work more effectively with the addition of tags.
Tags, in a general sense, are bits of code you embed in your website’s javascript or HTML to extract certain information.
Click to expand...
Click to collapse
So Tag Manager is yet another way for Google to track your every move... in apps and on web pages. It's almost a backdoor to your device, since Tag Manager can be used to remotely change what it tracks and when. Google is getting awfully malware-y, which is why I've worked so hard to make it so I can completely kill all Google components on my phone and the phone still works... and the Google components stay killed until I start them (without the necessary modifications, Google Persistence kicks in and restarts the Google components, which is also very malware-y... Google is a service provider, they shouldn't run unless the user wants to use their services, and there should be an interface to disable (or uninstall) any functionality the user doesn't want.). Further, the user shouldn't have to rely upon changing settings on Google's servers, while leaving the Google components running on their phone... that means we have to trust that Google is abiding by those settings... does anyone believe they are?
I've uncovered instances on this very phone where Google is less than honest in abiding by settings... another is their GoogleOtaBinder, which disregards the Developer Options setting to disable Automatic System Updates... the only way to turn off Google pushing a new ROM (without consent, without notification) and rebooting the phone (at midnight each night, without consent, without notification) is to edit a file such that GoogleOtaBinder can't authenticate with Google's servers.
You'll probably also find an app in Settings > Apps called 'Tag Manager'... I got rid of it long ago.
Google Tag Manager / Tracking Pixels and Tags
package:/system/priv-app/TagGoogle/TagGoogle.apk=com.google.android.tag
To get a list of packages installed on your system, in an Administrator-privilege command prompt on your computer, with your phone plugged into your computer via USB and set to 'File Transfer' USB mode, type:
adb shell pm list packages -f
Here's the list of packages I've removed.
{UPDATE}
I've also found the following:
The file:
/data/user/0/com.oasisfeng.greenify/app_google_tagmanager/resource_GTM-KN73P2
contains the following:
Component Display Name:
com.xiaomi.mipush.sdk.PushMessageHandler
alibaba.sdk.android.push.AliyunPushIntentService
com.igexin.sdk.PushService
com.tencent.android.tpush.service.XGPushServiceV3
org.android.agoo.client.MessageRecieverService
com.baidu.sapi2.share.ShareService
"MessageReceiverService"? PushMessageHandler? What is being pushed to our phones?
Further down, because I've completely neutered Google Analytics, it reads:
.analytics.disabled.exception.NoSuchMethodError true
{/UPDATE}
Greenify is also using the real 'adid_key' content in /data/data/com.google.android.gms/shared_prefs/adid_settings.xml, although I doubt they're in on Google's nefarious scheme to trick users into thinking they can reset their Advertising ID, while tracking them with a non-changing GUID (Globally Unique ID).
There are two keys in adid_settings.xml... 'adid_key' and 'fake_adid_key'... pushing the "Reset Advertising ID" button in Settings > Google > Ads changes 'fake_adid_key', but 'adid_key' never changes and is propagated to many other apps.
https://forum.xda-developers.com/showpost.php?p=79521903
Further, I tried to uninstall Greenify (I'll manually set up device_idle_constants to mimic what Greenify did)... it's never had Device Administrator privileges, I disabled Usage Access, uninstalled the XPosed Framework 'Greenify Experimental Features', then went into Greenify's settings and disabled all that was there... but when I went into Settings > Apps > Greenify, there isn't an "uninstall" button, just "Force Stop" and "Disable" buttons. There's no way to uninstall it from within Greenify itself, either.
I booted into TWRP Recovery Mode, went to /data/adb/modules, deleted the module for Greenify, and when I rebooted, Greenify was gone. All that remained was to wipe it from the Dalvik cache.

Categories

Resources