Better Mobile App

Is your app spying on you?

Most of the app now require acces to the phone calls..even a news app requires it, sms app such as go sms also requires it. So I want to know after knowing that an app will be able to acces your phone call you still download it? And does anyone in what way the developers use such info?
Sent from my E10i using XDA App

Excellent topic, I'm really troubled by this. The business world makes a whole lot of money based on the average persons inertia - their lack of information or willingness when it comes to the products and services they use and the money they use to pay for them. Particular mobile phone network providers come to mind, who are happy to charge the most expensive prices because people don't know or don't care.
This lazy attitude is seeping into the Android app world. It will be a small per centage of us who will realize this threat and do something about it - exactly like cookies and public wifi privacy etc.
For those of us already interested, are there websites or apps which can guide us on this?

I had thought about it before but it seemed to be all apps out there at least need to access your internet, calls, phonebook and etc.. Not sure really if some of these nasty apps has the evil purpose to steal our vital informations in the phone... say if we're checking our bank account or something similar..
What I practice:
1) Installed AVG pro and do scan regularly, and set to scan every newly installed apps.
2) Use both cache cleaner and history eraser to clean up all traces once a day.
3) Hope they don't see me as a target.

Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!

Deehee3 said:
Don't worry.
I think access to the phone calls is just to minimize the running app in case you receive a call. In other case you would not even realize an incoming call?!
Click to expand...
Click to collapse
What about data? When you install an app in most cases you allow data access to it.

Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App

Deehee3 said:
Searching for updates or viewing developers homepage maybe?
Sent from my U20i using XDA App
Click to expand...
Click to collapse
What if not? What if app you´ve installed is spying on you and sending info to hackers. How would you know?

On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...

On other systems, apps usually have an user/administrator scheme, where the 'user' has access to some things and 'administrator' has access to everything.
There is no such thing on Android (except if you have a rooted phone and some app asks for superuser access, but you get a requester asking for permissions as well).
Each app has to specifically ask for permissions or the system will deny it. A spyware has to ask for those permissions or it won't work.
Some permission requests to look out for:
- "Call phone"
can be used by the application to silently dial some "premium" numbers
- "Send SMS"
can be used to send SMS to special "premium" numbers
- "Record phone calls"
can be harmful if associated with "internet access" permission
- "Access fine location"/"access coarse location" and "internet access"
can be used for tracking purposes
Many apps ask for:
- "Phone identity" / "internet access"
they use it for "statistics purposes" (flurry.com mostly) but it is bad. The developer should always inform the user about those.
BTW, that an app is open source makes no difference. Someone can always (willingly or not) tamper with the final build. And not everyone reviews open source apps.

zapek666 said:
A spyware has to ask for those permissions or it won't work.
Click to expand...
Click to collapse
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?

ppirate said:
On android we have the luck that there are a lot of applications that are open source. When I have to choose an application, I always choose and support the open projects!
You will notice that most of those applications don't need all that personal information! Makes you wonder...
Click to expand...
Click to collapse
Don´t tell me that you evaluate the source code of each application you load from the market. And even so, how would you know the difference between what is shown to you and the final build, available on the market?

vlissine said:
Sure. But if an app legitimately ask for data transmission and file system access, AND you grant it, how would you know it is not using the granted rights for something else?
Click to expand...
Click to collapse
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Android apps are all sandboxed into their own homes.
A good example of a suspicious application is HTML5 Reference.
"This HTML5 reference lists all tags supported in the HTML5 specification.", fine. Let's look at the permissions:
Network communication: full Internet access
Phone calls: read phone state and identity
While the first 2 could be produced as a side effect of the developer implementing some "statistics library" (flurry.com or so), the next 2:
Your location: fine (GPS) location
Your personal information: read sensitive log data
Are a giveaway that this app does a bit more than just listing HTML reference tags

zapek666 said:
Filesystem access are limited to the external memory card. An app with such permission cannot access other apps' private data (which are stored on the phone).
Click to expand...
Click to collapse
Ok, how about a picture viewer, which usually picks pictures from each and every
directory, no matter if you want it (and not only from memory card).

Hey vlissine and zapek666. You both have a point.
One individual cannot review every code he or she uses. And also one does not only uses his or her own builds of the projects. But every now and then, I have to go into a project, mostly to add functionality. During that time, I usually have to go over a lot of code to understand the program. It is no guarantee, but you can imagine that some strange code will stand out.
I'm surely not the only person. So while one individual is not capable of such an endeavor. A lot are.
Your other point is as valid as can be. But here again, builds are comparable.
Surely, one does not have to find himself or herself obliged to use certain kind of projects. But to me, when I have the change, I use and support the open source project. One important reason is because of the concern raised by the original poster!

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html
Apparently we were not that paranoid, thinking of spying apps

Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..

farsight73 said:
Two options:
1) To avoid being spy and get super paranoid about it... ditch your smartphone and get those early 2000 phones with only calls and sms capable.
2) Use the smart phone eg: X10 mini/pro or any android phones and ignore these spying scene and live with it like nothing ever going to happen since this new technologies really live up our life nowadays..
Click to expand...
Click to collapse
One more option - stop giving stupid advises when you have nothing to say.

maybe apps need to call functions or need it to run?
write them your self if your that bothered?
...
Sent from my E10i using the XDA mobile application powered by Tapatalk

Researcher Says That 8% of Android Apps Are Leaking Private Information

http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.

Ur a good man
Sent from my PG86100 using XDA Premium App

Get an iPhone then.

Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.

Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.

if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning

This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.

A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol

xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol

Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.

I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.

Oh look iOS does this too.
/troll

DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%

Privacy - Are you ok with apps accessing your location?

Before beginning, I'm outlining two application permissions for future reference.
These were pulled from this article. It also outlines other permissions.
Raju PP said:
fine (GPS) location
While not a danger for stealing any of your personal information, this will allow an application to track where you are. Typical applications that might need this include (but are not limited to) restaurant directories, movie theater finders, and mapping applications.
Click to expand...
Click to collapse
Raju PP said:
coarse (network-based) location
This setting is almost identical to the above GPS location permission, except that it is less precise when tracking your location.
Click to expand...
Click to collapse
Recently, I've taken an interest in privacy concerns with application permissions. I'm sure several of you are guilty of being unaware of unnecessary app permissions. I have apps on my device that I've had since migrating to Android, long before I concerned myself with privacy. In my recent hunt of cleaning up my application list, I've discovered that many applications have permissions that aren't necessary for it to function. The most common, unnecessary permission I've come across is coarse (network-based) location. As its name describes, this permission allows an app to determine your approximate location (e.g., the large location area shown by Google Maps when GPS is not on).
An example. I use a Wifi Login application to automatically enter login information for campus internet access (it was cumbersome to enter it manually each time). It works wonderfully, but it has this permission (coarse location). I asked myself, "what function of the app needs to access location??" I only need the app to access the internet, nothing else. I also noticed that each day, there was a location service wakelock despite having all location refreshing services turned off (in other apps, latitude, etc.). Upon removing its ability to obtain approximate location, the location service wakelock disappeared and functionality was not affected.
So, there are two concerns: privacy and unnecessary battery usage. While the link between the two is not often made, I'm making it here. Not only was the app (presumably) sharing my location, but in doing so, my battery took a hit. Before someone panics, I don't believe most apps use this maliciously. My guess is that app developers use it for demographic purposes to determine where in the U.S. their application is being used. Obviously not necessary, but an interesting tidbit for the creator of an app. So my question is, are you ok with apps accessing your approximate location? I've seen several games that have location permissions and in no way can that be justified.
Going beyond location permissions, there are obviously other privacy concerns. A number of app developers I've seen list why an application needs certain permissions. In the example provided above, the developer doesn't mention permission uses. In post 2, I will provide methods for identifying and removing app permissions (by using other apps lol - ironic, I know). Below is a good read about applications' additional "costs."
Free apps not truly 'free'

I use two applications to identify permissions: Appbrain Ad Detector and Avast Mobile Security. Appbrain Ad Detector has the ability to notify you when an app you install has "concerns." Avast Mobile Security has a lot of very useful features, one of them being "privacy advisor." Using one or both of these will allow you to determine what permissions are necessary and which ones are not. For what it's worth, I've only had a few apps that I felt had unnecessary permissions. You obviously don't want to revoke Tango access to the camera lol.
EDIT: I was going to suggest getting an application called "App Shield," (has the ability to remove app permissions) but it appears that it is no longer available on the market. It was a paid app that was just under 2 bucks, if I remember correctly. Due to this development, you'll have to find either App Shield or another method to accomplish this.

You can always just email the app creator and ask why they have the permission included. It (usually) takes more than one questionable permission to be truly dangerous.
From what I've read the majority of apps that use coarse location is for determining the ads you see in the app. Better chance of them being relevant to you.
Just like that article you linked, I think it was brought up on an xda portal article (either that or lifehacker love that site) that because of ad supported apps using coarse location, the battery use was higher, and paid apps that remove the ads will lower your battery drain. Not a huge difference, but it can add up.

gr8hairy1 said:
. . .
From what I've read the majority of apps that use coarse location is for determining the ads you see in the app. Better chance of them being relevant to you.
. . .
Click to expand...
Click to collapse
Makes sense. Coincidentally, the example I used is a paid app. The app itself had the permission, as well as the "pro" activation apk. Though it's no longer an issue, I may consider contacting the app developer out of curiosity.

Definitely do that. I have a large amount of apps on my phone, and it's not too uncommon to get an update for an app that removes a permission. Many times it's done because people contact the developer and the developer realizes it's not needed. Most times I see that happen is in paid apps, only sometimes with the free apps.
As for your original topic "are you ok with apps accessing your location", I have no issue with it. Obviously if it is getting used maliciously, no, I wouldn't be ok with it.
But as it is, 'guaranteed' the Phone Carriers know where you are and where you've been. And 'guaranteed' the government knows where you are and where you've been. I will always be more worried about the government knowing everything they want about me, without my permission, than some app creator. And as it is, I'm ok with the government knowing.
I feel the same way about the government as I do Google. Until they turn evil and start enslaving mankind (search "is google skynet", hilarious and royally creepy) I'm going to keep using them and stay in the country I live in.
Conspiracy theorists feel free to chime in. Although let's be honest, the over-the-top conspiracy theorists (that make for the best/most hilarious conversations) won't likely be carrying around a device that has cameras, microphones, gps chip, and internet access that can be used to activate one or all of those remotely

I don't really care if they know my location, but now that you mentioned a possible battery drain, I am bothered by that. Someone should make a list of popular apps that may have unnecessary permissions that can be safely disabled through some sort of means.

https://play.google.com/store/apps/details?id=com.stericson.permissions
Yer welcome.
Sent from my SGH-I777 using Tapatalk 2

I don't care either. I have my GPS constantly disabled so the only location any of my apps could get is a general network location....
Honestly, I think privacy concerns are often blown out of proportion... mostly by the media. Don't get me wrong, there is nothing bad with being concerned, but I highly doubt we are going to have another Craig's list killer situation from developers releasing apps on Google Play. Knock on wood.
As mentioned before, contact the app's dev and ask for more info. If they never reply then I would be worried. As well you can always use a different one. If needed you can use "Tasker" which can allow you to build almost any function any other app has to offer all under your control. Just be warned Tasker is highly addictive for us nerds....
Anyway, and in summary, I have less trust is most banks selling my purchase history then the random app developer.... but that's just me.

About the use of accessibility service in Greenify

Like many other developers, I also received the 30-days deadline warning email from Google Play team about the potential "misuse" of accessibility service in Greenify.
As the very first developer who introduced this trick of "misusing" accessibility to achieve UI automation years ago, I'm very proud that many more creative tool apps followed this approach to enable fantastic functionality beyond the imagination of the creator of Android, without root. It's a miracle bred from the openness and flexibility of Android.
Unfortunately, the supervisor of the dominant app market is now declaring its right of final interpretation, to judge the proper use of Android API and claim that this whole idea is unacceptable. At this point, I feel I have to say something.
Why accessibility service?
As we all know, root is the ultimate playground of super users in the Android community. But it also has its inconvenience and grey side, so I decided to make Greenify work for users with non-root device. I had been experimenting with many approaches for this purpose in almost the whole year 2013. Finally I found the magic of UI automation driven by accessibility service. With this approach, many more users now enjoy the improved battery life and smoothness brought by Greenify.
I know that accessibility service is not a perfect solution, considering the overall UI performance degradation involved (explained below). So I never gave up seeking alternative approaches ever since, (many of which might also be considered API "misusing" in strict speaking) but still no better approach found. If Android could provide any alternative solution, I would never prefer accessibility service in the first place.
The Good
Accessibility service is so powerful, that I have to admit it's some kind of Pandora's box.
With accessibility, developers could not only help people with disabled abilities, but also greatly benefit the general users with wonderful use cases, including:
• Remote assistant via touch interaction, without root. (seems like no such apps yet?)
• Automate the tedious operations inside not-well-designed apps, even possibly driven by Tasker or IFTTT, without root.
• Programatically trigger global actions (e.g. Back, Home).
• Overlay the whole screen including the notification shade on Android O.
• ……
I even wrote a small app with accessibility service to "fix" the bottom navigation bar of my wife's Moto X Style, whose touch screen is not reading touches any more in bottommost rows of pixels.
The Bad
With such power, accessibility service is also becoming the trending target of malware, endangering average users world-wide. A typical malware could deceive user to enable its accessibility service and then perform many dangerous actions without user consent, including gaining other sensitive privileges.
Together with screen overlay, this could even hide from average user's observation, effectively making it a seductive approach, thus highly dangerous in the wild.
The Ugly
The dangers above may not be a thread to advanced users, but the overall UI lag caused by accessibility service could be a real hurt.
Android delivers accessibility events to active accessibility service in two phases. Events are first generated in the current interacting app and immediately sent to system process, then dispatched to separate accessibility services, each in its own process.
If no accessibility services enabled, both phases are shutdown, thus no performance affection at all. If at least one accessibility service is enabled, the first phase is turned on, in full power, no matter which types of events are interested (declared by accessibility service). The second phase is taking that into consideration and only delivers the interested events to each accessibility service.
The performance lag comes mostly out of the first phase because some types of accessibility events are so heavy, considering how frequently they are triggered. For example, TYPE_WINDOW_CONTENT_CHANGED is generated and sent every tiny bit of UI content changes and TYPE_VIEW_SCROLLED is generated and sent every pixel your finger is moved across during scrolling, even if no accessibility services are interested in them.
Sounds crazy? Unfortunately that's the current situation. Although Android O took a step to address that, the situation is still not changed fundamentally. Maybe in Google's view, accessibility service is not intended for general users, so performance optimization is never in the priority.
How is Greenify doing
Performance is always Greenify's priority since it’s one of the purposes defining Greenify. So I took all the possibilities to improve that in the past years, even greatly pulled-back by Android system itself.
First of all, Greenify declares no interest of events at all at most of the time and only declares minimal interest of events (all are trivial to generate) and specific target (system settings app) required during the short period of on-going hibernation operation. This is implemented by dynamic registration, cutting the cost of the second phase to almost zero.
Due to the inefficient implementation in Android system, the first phase is still the bottleneck of UI performance. After a long time of trial and failure, I finally managed to eliminate that cost, in a tricky way. With necessary permission granted via ADB, Greenify only enables its accessibility service during the hibernation operation and disable it immediately afterwards. That means, if no other accessibility service enabled, you will have no performance problem of accessibility service at all while still enjoy the power of Greenify.
With above optimization, Greenify limited the events it could receive to the minimal, thus also effectively keeps the privacy of users in safety. I'm planning to bring this optimization to broader users who has little knowledge about ADB, and even to other apps with accessibility service hopefully.
My Concern
Accessibility service is a yard full of potential creativity and magic. It should never be a Pandora's Box if Android itself implement it with caution in the first place. I understand the complexity and historical reasons that lead to the current situation, but feel sorry and sad about how Google deals with this situation, by banishing popular tool apps. Will that make Android users more secure? I highly doubt.
I don't know if Google Play team represents the atitude of Android team at Google. If so, it will then be the breaking day for all Android developers, when Google starts to use its power to judge the "proper use" of Android API, even if it's not used by malware.
Will it come a day that the use of screen overlay besides showing information will be banned?
Will it come a day that the use of content provider not for providing data will be banned?
Will it come a day that the use of internal APIs will be banned?

oasisfeng said:
Like many other developers, I also received the 30-days deadline warning email from Google Play team about the potential "misuse" of accessibility service in Greenify.
As the very first developer who introduced this trick of "misusing" accessibility to achieve UI automation years ago, I'm very proud that many more creative tool apps followed this approach to enable fantastic functionality beyond the imagination of the creator of Android, without root. It's a miracle bred from the openness and flexibility of Android.
Unfortunately, the supervisor of the dominant app market is now declaring its right of final interpretation, to judge the proper use of Android API and claim that this whole idea is unacceptable. At this point, I feel I have to say something.
Why accessibility service?
As we all know, root is the ultimate playground of super users in the Android community. But it also has its inconvenience and grey side, so I decided to make Greenify work for users with non-root device. I had been experimenting with many approaches for this purpose in almost the whole year 2013. Finally I found the magic of UI automation driven by accessibility service. With this approach, many more users now enjoy the improved battery life and smoothness brought by Greenify.
I know that accessibility service is not a perfect solution, considering the overall UI performance degradation involved (explained below). So I never gave up seeking alternative approaches ever since, (many of which might also be considered API "misusing" in strict speaking) but still no better approach found. If Android could provide any alternative solution, I would never prefer accessibility service in the first place.
The Good
Accessibility service is so powerful, that I have to admit it's some kind of Pandora's box.
With accessibility, developers could not only help people with disabled abilities, but also greatly benefit the general users with wonderful use cases, including:
• Remote assistant via touch interaction, without root. (seems like no such apps yet?)
• Automate the tedious operations inside not-well-designed apps, even possibly driven by Tasker or IFTTT, without root.
• Programatically trigger global actions (e.g. Back, Home).
• Overlay the whole screen including the notification shade on Android O.
• ……
I even wrote a small app with accessibility service to "fix" the bottom navigation bar of my wife's Moto X Style, whose touch screen is not reading touches any more in bottommost rows of pixels.
The Bad
With such power, accessibility service is also becoming the trending target of malware, endangering average users world-wide. A typical malware could deceive user to enable its accessibility service and then perform many dangerous actions without user consent, including gaining other sensitive privileges.
Together with screen overlay, this could even hide from average user's observation, effectively making it a seductive approach, thus highly dangerous in the wild.
The Ugly
The dangers above may not be a thread to advanced users, but the overall UI lag caused by accessibility service could be a real hurt.
Android delivers accessibility events to active accessibility service in two phases. Events are first generated in the current interacting app and immediately sent to system process, then dispatched to separate accessibility services, each in its own process.
If no accessibility services enabled, both phases are shutdown, thus no performance affection at all. If at least one accessibility service is enabled, the first phase is turned on, in full power, no matter which types of events are interested (declared by accessibility service). The second phase is taking that into consideration and only delivers the interested events to each accessibility service.
The performance lag comes mostly out of the first phase because some types of accessibility events are so heavy, considering how frequently they are triggered. For example, TYPE_WINDOW_CONTENT_CHANGED is generated and sent every tiny bit of UI content changes and TYPE_VIEW_SCROLLED is generated and sent every pixel your finger is moved across during scrolling, even if no accessibility services are interested in them.
Sounds crazy? Unfortunately that's the current situation. Although Android O took a step to address that, the situation is still not changed fundamentally. Maybe in Google's view, accessibility service is not intended for general users, so performance optimization is never in the priority.
How is Greenify doing
Performance is always Greenify's priority since it’s one of the purposes defining Greenify. So I took all the possibilities to improve that in the past years, even greatly pulled-back by Android system itself.
First of all, Greenify declares no interest of events at all at most of the time and only declares minimal interest of events (all are trivial to generate) and specific target (system settings app) required during the short period of on-going hibernation operation. This is implemented by dynamic registration, cutting the cost of the second phase to almost zero.
Due to the inefficient implementation in Android system, the first phase is still the bottleneck of UI performance. After a long time of trial and failure, I finally managed to eliminate that cost, in a tricky way. With necessary permission granted via ADB, Greenify only enables its accessibility service during the hibernation operation and disable it immediately afterwards. That means, if no other accessibility service enabled, you will have no performance problem of accessibility service at all while still enjoy the power of Greenify.
With above optimization, Greenify limited the events it could receive to the minimal, thus also effectively keeps the privacy of users in safety. I'm planning to bring this optimization to broader users who has little knowledge about ADB, and even to other apps with accessibility service hopefully.
My Concern
Accessibility service is a yard full of potential creativity and magic. It should never be a Pandora's Box if Android itself implement it with caution in the first place. I understand the complexity and historical reasons that lead to the current situation, but feel sorry and sad about how Google deals with this situation, by banishing popular tool apps. Will that make Android users more secure? I highly doubt.
I don't know if Google Play team represents the atitude of Android team at Google. If so, it will then be the breaking day for all Android developers, when Google starts to use its power to judge the "proper use" of Android API, even if it's not used by malware.
Will it come a day that the use of screen overlay besides showing information will be banned?
Will it come a day that the use of content provider not for providing data will be banned?
Will it come a day that the use of internal APIs will be banned?
Click to expand...
Click to collapse
Well thanks for all you've done for the Android community!
Perhaps you and many other devs should just pull away from Google and switch to a different market like FDroid.
Google has done this sort of thing in the past, like with SCR Pro (screen recording software with internal audio support) because it changed SELinux Policy. If Google loses their cut money, maybe they would rethink that decision. Personally if I was Google, I'd just add a "Potential Security Issue" or a "Modifies Critical Security Settings" indicator to apps on the Play Store that use the Accessibility Services or change SELinux Policy, or other security related settings. Give the users the option of what they choose or not choose to run on their phones! They already have some sort of a system in place that already does this with the "Play Protect" system. Slowly but surely, Android is becoming more like iOS with less freedom.

Interesting update to original article on XDA
https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/
"Update: LastPass has just responded to this news and states that there will be “no immediate impact” for their Android apps. Whether or not this means that other applications will be given leniency remains to be seen."

Accessibility Service options
If I may ask -- what are you going to do? Are you going to pre-emptively unpublish the app before the 30 day limit is up? Are you going to try to reach out to Google and ask them to clarify whether there is any changes / clarifications? (LastPass implies they have gotten some kind of assurance, but they don't directly state that). Or, are you going to try to get as compliant as possible (put the appropriate language in the appropriate places), and hope for the best?

As far as I'm concerned your app is one of the few mission critical apps in the android ecosystem. So I can only hope that this can be resolved amicably.
I think this change is aimed solely at Substratum, as I have heard (not confirmed) than in Android 8.1 without root/unlocking and only using accessibility services, OMS can be exploited for theming. So Google is using a shotgun to kill all apps using this service rather than narrow their focus.

@oasisfeng
An insightful, deliberate and extremely well written post! ?
Sent from my SM-G955W ??

I think its time of the developers make a big migration of the apps to the XDA store to save the lagacy of the -7.0
Sent from my Asus ZenFone 3 Deluxe using XDA Labs

divineBliss said:
Interesting update to original article on XDA
https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/
"Update: LastPass has just responded to this news and states that there will be “no immediate impact” for their Android apps. Whether or not this means that other applications will be given leniency remains to be seen."
Click to expand...
Click to collapse
LastPass and Chrome enjoyed a cozy relationship in the past. That said I'm almost surprised at the news given Google could easily incorporate similar functionality into Android. Maybe Google and LogMeIn have something going on the side (new rumor...lol).

As much as i like to sympathize with developers using Accessibility to improve functionality of Android, I can't.
Because in last couple of months i have seen many crappy apps (cleaners n all) also start asking for same permission, and average user don't really understand or even care to read what impact or access they are giving and more than 95% of Android user falls in this category. We at XDA or other nerdy site don't like this fact but it's bare truth.
And from Google perspective, They can't monitor each and every App for eternity that which one is using this permission for good and which one isn't. So hammer of Banning all of it seems only solution for now on their part. especially considering Accessibility service was never meant to use for improving "Device Functionality" (Button Mapper, Battery Saver) it was always meant for "helping hand" in case normal functionally can't be used, not as "Replacement".
Also in my personal option, i think this ban is more due to App developers are trying to bypass each and every thing device manufacturers put (Bexby & Assistant Button) than apps trying to help with routine task (LastPass, Greenify).
Though they may not say explicitly OEM are not happy with their excursive feature are ruined by apps using accessibility as bypass and they (including Google in this case) can force Play Store to make restriction on this. (whether it's is Good practice or not is entire different topic so don't dwell into that debate in replies)
So in conclusion, Till Google come up with better solution (and i think they will, People working there are not fools they understand good that this access can do for Android as whole) , banning seems fair to me because security & stability of 95% users comes above 5% demanding modification & features.
Nerdy will always find a way but it's extremely difficultly to help understand average user why their phone suddenly start behaving abnormally
and that's what Google & OEM face daily.

jineshpatel30 said:
As much as i like to sympathize with developers using Accessibility to improve functionality of Android, I can't.
Because in last couple of months i have seen many crappy apps (cleaners n all) also start asking for same permission, and average user don't really understand or even care to read what impact or access they are giving and more than 95% of Android user falls in this category. We at XDA or other nerdy site don't like this fact but it's bare truth.
And from Google perspective, They can't monitor each and every App for eternity that which one is using this permission for good and which one isn't. So hammer of Banning all of it seems only solution for now on their part. especially considering Accessibility service was never meant to use for improving "Device Functionality" (Button Mapper, Battery Saver) it was always meant for "helping hand" in case normal functionally can't be used, not as "Replacement".
Also in my personal option, i think this ban is more due to App developers are trying to bypass each and every thing device manufacturers put (Bexby & Assistant Button) than apps trying to help with routine task (LastPass, Greenify).
Though they may not say explicitly OEM are not happy with their excursive feature are ruined by apps using accessibility as bypass and they (including Google in this case) can force Play Store to make restriction on this. (whether it's is Good practice or not is entire different topic so don't dwell into that debate in replies)
So in conclusion, Till Google come up with better solution (and i think they will, People working there are not fools they understand good that this access can do for Android as whole) , banning seems fair to me because security & stability of 95% users comes above 5% demanding modification & features.
Nerdy will always find a way but it's extremely difficultly to help understand average user why their phone suddenly start behaving abnormally
and that's what Google & OEM face daily.
Click to expand...
Click to collapse
Actually Google has fairly simple way to provide a solution, for example, Play services API to provide similar functionality with refined security and proper restriction. The new SMS verification API is a good example for app to avoid requesting SMS permission. Fairly speaking, SMS too was not designed for verification purpose.
They did nothing for a long time, but rush to ban all these apps in just 30 days. I think they just don't care that much about advanced user like the old days when Android was competing with iOS fiercely.

I’m the developer of Battery Overlay Percent. Not one of the big apps out there but it does got 500,000 downloads and about 30,000 active users.
I use accessibility services for hiding overlay when user pull status bar or on later release to resolve overlay breaking permission.
I’m quite sad with Google closing down on legitimate use cases. Personally from an open source OS we now live in a world of 2 pretty closed mobile environments.
And who’s collecting most data? Play Services of course.
Hope there will be a shift from this centerlized dark state we’re in.

oasisfeng said:
Actually Google has fairly simple way to provide a solution, for example, Play services API to provide similar functionality with refined security and proper restriction. The new SMS verification API is a good example for app to avoid requesting SMS permission. Fairly speaking, SMS too was not designed for verification purpose.
Click to expand...
Click to collapse
I thought something similar and i still think they will implement it but not before 30day timeline.
They did nothing for a long time, but rush to ban all these apps in just 30 days. I think they just don't care that much about advanced user like the old days when Android was competing with iOS fiercely.
Click to expand...
Click to collapse
True that. When you have 90% of market you don't need to expand it any more you just need to control it.
I don't mean to sound like I'm supporting them, but this what people do in general, when they have control on almost entire market.

Luckily for now (and unlike with ios) Android can still and probaly can always exist without the Google Play Store and Google Play Services and thats still a big win over ios! And as much as I hate this news, this is something I think will ultimately lead advanced users and advanced developers to become less dependant upon Google Play Store and Google Play Services.... and for users/devs like us, thats actually a good thing!
Maybe now Google Play Store will finally get some real competition!! Google has certainly with their actions have now got a significant chunk of users and devs properly motivated to look or create healthy alternatives for app licensing and license management on Android, thats for sure and to also kick it off with a healthly sample of some of the most prized apps android has ever seen, yikes!! Greenify is amazing but Tasker too; bigger yikes!!!

cantenna said:
Luckily for now (and unlike with ios) Android can still and probaly can always exist without the Google Play Store and Google Play Services and thats still a big win over ios! And as much as I hate this news, this is something I think will ultimately lead advanced users and advanced developers to become less dependant upon Google Play Store and Google Play Services.... and for users/devs like us, thats actually a good thing!
Maybe now Google Play Store will finally get some real competition!! Google has certainly with their actions have now got a significant chunk of users and devs properly motivated to look or create healthy alternatives for app licensing and license management on Android, thats for sure and to also kick it off with a healthly sample of some of the most prized apps android has ever seen, yikes!! Greenify is amazing but Tasker too; bigger yikes!!!
Click to expand...
Click to collapse
Exactly.
We need to stand our ground.
I have a feeling that alternate app stores are about to see a huge boost in users. Google is going to sorely regret their decisions.

betatest3 said:
Exactly.
We need to stand our ground.
I have a feeling that alternate app stores are about to see a huge boost in users. Google is going to sorely regret their decisions.
Click to expand...
Click to collapse
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Sent from my SM-G955W ??

shaggyskunk said:
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Click to expand...
Click to collapse
Not to mention the relatively small number of individuals that will be adversely impacted when all is said and done. Bigger players (eg: LastPass) will likely receive some form of dispensation. Niche tools like Greenify might take a hit but that is not where the revenue stream resides. Google ain't catering to the Android enthusiast community.

shaggyskunk said:
I admire your optimistic attitude - But... Alphabet is a Juggernaut and if it suits them - They'd probably just buy any potential problem ?
Click to expand...
Click to collapse
I dont think they'll be buying the amazon app store any time soon.
but to the point of the other user you quoted, you'll likely see the accessibility needing market move to another app store.

cantenna said:
I dont think they'll be buying the amazon app store any time soon.
but to the point of the other user you quoted, you'll likely see the accessibility needing market move to another app store.
Click to expand...
Click to collapse
Sure. There are a handful of reputable alternative app stores that cater to small communities that dare to venture off the beaten path. Niche market; don't think Google is worried. Nor is it likely Amazon will cater to Android enthusiasts.
If Alphabet/Google is serious about reining in potential abuses look for further adjustments in the successor to Android 8.

Can you on XDA Dev put an parallel market on the XDA Labs with PayPal account with less taxes (good for all) to maintaining and update webpage to conventional user going fu*k up the Google to the apps then will not survive on the Google rules on the market?
Put and good design market to the conventional use on XDA please.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:31 PM ---------- Previous post was at 05:20 PM ----------
If you on XDA Labs put a inner market in the app with an Market safe with PayPal the developers can update the Apps on the Market with no acessibility but make an link to be updated on the XDA Labs with a plugin or a new full version, we can free more people with xposed solutions to defeat Google Policy
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:37 PM ---------- Previous post was at 05:31 PM ----------
Dev can update your apps and redirect to the external link in XDA Labs without violated google policy.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:50 PM ---------- Previous post was at 05:37 PM ----------
XDA Labs have power with an safe and free market scanning and checking malicious new apps to be so respected and Xposed so popular then I believed on the futere ASUS and Samsung make the ZenFone Deluxes and Galaxy S with Xposed on stock on the most expansive "and free" devices, absolutely. Please think renew the XDA webpage and XDA Labs to defeat the enemies of the freedom on coding.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs
---------- Post added at 05:58 PM ---------- Previous post was at 05:50 PM ----------
Its time of the XDA webpage be more like Facebook on design and XDA Labs more like market on the safe and design to receive more redirected links to update and pay by apps on the XDA Labs with PayPal an Google Account if I like. Well if that happen we really will see if Google support free coding on open source.
Sent from my Asus ZenFone 3 Deluxe using XDA Labs

Interesting/digestible read; nothing new if you have been keeping up with the news on this topic.
https://www.howtogeek.com/333365/android-apps-using-accessibility-services-could-disappear/

Is Greenify Malware?... or Spyware?

I originally posted a summary of these thoughts on my Play Store review of Greenify. But, since comments there soon get lost in the traffic, I thought I'd rewrite here.
Greenify seems to get a free pass from pretty much every Android-focussed site as a "must have app". I even saw an article on one site that said all RAM/Battery optimiser apps were a waste of time except for Greenify.
My own findings are a bit less uncritical.
My findings are that Greenify is constantly trying to make internet connections behind your back. I have the excellent AFWall+ installed on all my gadgets and, after I installed Greenify and blocked it from making internet connections, I was having AFWall+ alert me that Greenify was trying to make connections, almost constantly.
I would be doing something on my phone and the alerts from AFWall+ would be popping up continually, telling me that Greenify was trying to connect to one IP address after another. This would literally go on for two or three minutes at a time. It got so distracting that I eventually turned off AFWall+'s alerts for Greenify, just so I could use my phone in peace!
Digging further into AFWall+'s logs I found that, in the couple of months I'd had Greenify installed, it had attempted to make over ten thousand internet connections!
To put that into perspective; during the same time period, the second most tenacious app on my phone, Google's Gboard keyboard [which you'd expect to be spying on you], had made around two thousand attempts to phone home – and the connection figures for all the other apps I'd blocked with AFWall+ were way down in the couple of hundreds.
So, what is Greenify doing, trying to connect to these myriad servers all the time?
Even if you believe it's benign [although I can't see any legitimate reason it should be making ANY online connections at all] you've got to wonder how much the app is saving your battery by shutting down other background processes, when it's pretty much constantly trying to make internet connections itself.
I realise this is just my unverified opinion. I've since uninstalled Greenify from all my devices and so no longer have the AFWall+ logs to back up what I'm saying. And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself. You might just get a nasty shock.

@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287

Oswald Boelcke said:
...I don't want to miss Greenify as it certainly enhances the duration of my battery...
...As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration....
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools....
Click to expand...
Click to collapse
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.

xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
I uninstalled it because I really couldn't see how whatever small savings in battery juice that Greenify was purportedly giving me by sleeping apps which aren't doing anything much anyway wouldn't be being more than cancelled out by the drain on my battery caused by Greenify spending countless minutes every day, trying to make hundreds of internet connections behind my back.
I haven't noticed any difference whatsoever in battery life, since uninstalling Greenify.
Click to expand...
Click to collapse
It's amazing the conclusions one draws when given a tool. Perhaps Greenify behaves differently on your device than the huge universe of other long time users, some of which share your concerns over excessive outreach. I do not see the aggressive characteristics you and a few others describe - perhaps because I permit *most* analytics to flow unimpeded.
The power saving potential of Greenify and similar tools has depreciated over time given native doze and more aggressive enforcement of app background behaviors via Google policy. That said, Greenify remains an essential tool in my arsenal for performing selective tasks without manual intervention. It certainly is not malware/spyware as your click-bait thread title suggests.

Oswald Boelcke said:
@xxxmadraxxx I'm a long time user of Greenify in its donation version running on all of our devices and I confirm all of your observations. As you could see by my other own threads, I'm very heavily privacy minded but I continue to use Greenify despite its permanent attempts to "call home" (actually the 1e100.net i.e. Google) because I'm able to fight it. From my perspective, reason are the implemented Google analytics tracker. Certainly, I'd prefer if first no trackers at all were implemented and second no attempts to connect to the internet were made at all. Grenify doesn't require an internet connections for its functionality.
However, as I said I'm able to fight it and I don't want to miss Greenify as it certainly enhances the duration of my battery.
All of our devices still run on custom Nougat ROMs for specific reasons. As far as I see if you're already using Oreo or Pie you wouldn't require Greenify any longer to achieve a better battery duration.
Remark: Malware? Not from my point of view. Spyware? As much as every application that contains trackers or analytics tools but there are a few I trust for the benefit of the developer and the development. As an example: SD Maid and Piwik (now Matomo) (the SD Maid Privacy Statement).
If interested: https://forum.xda-developers.com/android/general/how-enhance-battery-duration-sgs-3-lte-t3478287
Click to expand...
Click to collapse
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
First, set up your hosts file.
Second, use MyAndroidTools and XPrivacyLua to lock Greenify down.
In MyAndroidTools, disable:
Content Provider > Greenify > com.crashlytics.android.CrashlyticsInitProvider
In XPrivacyLua, disable everything for Greenify except:
Determine activity
Get applications
Read identifiers
In Settings > Apps > Gear Icon > App permissions, go through and ensure Greenify isn't enabled for anything.
Greenify, being root, will still try to connect, but it won't be able to because of the hosts file.
---------- Post added at 06:25 AM ---------- Previous post was at 06:15 AM ----------
xxxmadraxxx said:
My problem isn't so much with the fact Greenify phones home per se. I know that most apps do so, or at least try to. My problem with Greenify is the tenacity and persistence with which it tries to phone home. As I said in my previous post, it made over TEN THOUSAND! attempts to phone home in the space of the couple of weeks I had it installed.
With the vast majority of other apps, they'll try a couple of times to phone home, maybe using a couple of different IP addresses and then give up. With Greenify, I would sit there and watch the AFWall+ alerts pop up on screen, one after the other, with a succession of different IP addresses, literally for 2 or 3 minutes continually. Also, as I said previously the only other app I had installed that came anywhere near this level of persistence was Google's GBoard which would regularly try and phone home as I was typing stuff on my phone [you can draw your own conclusions as to what that entails for your privacy!]. But, even then, Gboard only [relatively speaking] made about a fifth of the attempts to connect to the internet that Greenify did.
Click to expand...
Click to collapse
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone, along with nearly every other Google app (16 Google apps removed, 3 disabled in case I need them in the future)... and what remains is so locked down that the only thing that works is Google Play Store... for the rest of Google Play Services and Google Services Framework functionality, I've used MyAndroidTools and .xml file hacks to disable. I have no location tracking from Google, no logging from any Google components, no aGPS phone-homes to anywhere (aGPS is completely disabled)... in fact, Google can't even see when I'm online unless I change to my 'Google Enabled' AFWall+ profile to visit Google Play Store. In fact, I've recently disabled all Google Ads functionality... I found out that Google is presenting to the user a fake_adid_key that the user could change but which otherwise did nothing, yet they also have an adid_key which never changes, which they use as a GUID to track users.
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you.
For me, I set Portrait keyboard height to 45%, landscape keyboard height to 55%, Keyboard mode in portrait and landscape as 'Full 5-row layout', Gingerbread keyboard theme, Auto-capitalization, Double-tap Shift mode, Apply Shift Lock to modifier keys, no Ctrl-A override, no Ctrl key code, no Alt key code, no Meta key code and ignore slide-typing.
It does everything I need, I can type pretty quickly, and it doesn't log keystrokes. I especially like the little arrow keys which let me navigate around in a text file, and the fact that I can Ctrl-A (select all), Ctrl-C (copy) and Ctrl-V (paste) just like a regular keyboard.
Pro-tip: If you want to select a few lines of text, hold the shift key, and tap the down arrow key, just as you'd do on a regular keyboard.

Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics...
Google Keyboard is, by Google's own admission, a keystroke logger... it's in their privacy policy for GBoard. I've removed it from my phone....
Try Hacker's Keyboard... no ads, I've never seen any connection attempts from it, and it's a very nice keyboard once you configure it to suit you....
Click to expand...
Click to collapse
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.

Lusty Rugnuts said:
There are a couple of ways around Greenify's nearly constant call-outs to Crashlytics.
...
Click to expand...
Click to collapse
I'm glad to see that we both have nearly the same setup to protect our privacy.:good:
xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
After uninstalling Gboard and having a brief foray through Samsung's built-in keyboard, I've ended up using SwiftKey on all my devices.
Don't laugh! –I know it's owned by Microsoft which is a huge red flag. But if you set it up without creating a SwiftKey account and switch off any of the "cloudy" options [such as backup, dictionary sync, downloading themes, etc.], it does all its word-prediction processing locally on your device and [according to AFWall+] has never tried to make a single online connection.
Click to expand...
Click to collapse
I'm surprised that you quoted me but with statements in the quotation, which I've never made. As far as I see they are by @Lusty Rugnuts. If you click the quotation you're referred to post #2 with a totally different content. May I politely ask you to edit your post in regard to the quotation.

Sorry about that. The multiple nested quotes, when replying, gets a bit unweildy. I deleted the wrong bit when trimming then.

xxxmadraxxx said:
I found the simplest way of reining in Greenify was to uninstall it. As I said, I've not noticed any detriment to battery life whatsoever –although that may be partly because I'm using an Oreo based ROM now. When I had Greenify installed I was on Marshmallow.
Click to expand...
Click to collapse
I wish there were a way to do away with it on Nougat... I take the Lotus approach, add speed by taking away. The less installed, the better. The stock ROM backup I took when the phone was brand-new is 4.74 GB in size. My latest backup is 2.29 GB. Yeah, I've stripped out a lot of Google-stuff.
xxxmadraxxx said:
I do use Hacker's Keyboard for apps like Termux and JuiceSSH when I need access to all those extra keys, but it doesn't have swipe-to-type [or didn't last time I looked] so it's no good for my day-to-tay messaging/email/texting etc. where I swipe-to-type all the time.
Click to expand...
Click to collapse
The Hacker's Keyboard options does have an "ignore slide-typing" option, so I'm assuming it supports slide-typing / glide-typing / swipe-to-type. I've never tried it... I'm a creature of habit, and regular typing suits me. I watched my sister-in-law doing slide-typing, and it seems like one would need very good word correction to get readable text. Besides, I'm a mechanical engineer, I use my hands as hammers, pliers, etc. all day... they're not exactly "tuned" for the finesse I think slide-typing would require.

I came across this thread because in the past year, three times I have been notified by Xposed that a module has been updated. SuperSU also asks me to grant root access again so I'm wondering what the app is doing self updating?
Version 4.5.1 (donate)

Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3

Oswald Boelcke said:
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
Click to expand...
Click to collapse
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.

Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.

Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
xxxmadraxxx said:
I realise this is just my unverified opinion... And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself...
Click to expand...
Click to collapse
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]

Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
xxxmadraxxx said:
I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:
Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.
If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service
[cf. Google, Facebook, et al, if you want to see where that can lead].
I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:
* If there's an innocent explanation, why not just explain it and clear the air?
* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?
or, since the phoning home is not necessary for the app to function;
* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
Click to expand...
Click to collapse
---------- Post added at 09:59 AM ---------- Previous post was at 09:47 AM ----------
Oswald Boelcke said:
Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
Click to expand...
Click to collapse
"Sheesh" (forgot the second ''e') is a mild expression of exasperation generally uttered as a final remark. Not entirely dismissive but leaning in that direction. Akin to 'geez'.
As for the other, any and all acknowledgements go back to the XDA community who support each other like a well designed house of cards. Each depends on the other for support but removing one (or many) does not lead to collapse but the subtle shifting of another 'card' to share the load.

Davey126 said:
Defensive wall of text speaks for itself. Moving on.
(several generations removed from "millennial")
Click to expand...
Click to collapse
In other words:
I'm not a millennial and just to show how mature I am –because I disagree with what you're saying, I'm going to stick my fingers in my ears and go "Na! Na!Na! I can't hear you!"
M'lud. The defence rests its case.

Davey126 said:
Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
Click to expand...
Click to collapse
I have to disagree with you, and I applaud the original poster for making this thread. No closed source project should be immune from scrutiny.
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Though OP could have probably not used such a click-baity and sensational title. Even if it's not malware, the bug would mean that Greenify is not getting root access unless I manually grant it again.

htr5 said:
Though OP could have probably not used such a click-baity and sensational title...
Click to expand...
Click to collapse
The title wasn't intended to be either click-baity or sensational but, with hindsight, I can see how it might read it that way. Mea culpa.
However, given that no third party has been able to offer any justifiable reason as to why Greenify behaves as it does and the developer has never responded to the oft-expressed concerns of users –I don't think it unreasonable to infer that Greenify may be behaving; at best, irresponsibly and at worst, nefariously.
In which case, maybe the headline wasn't that click-baity, after all.

htr5 said:
I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.
Click to expand...
Click to collapse
Yes, that would be a fair question (sans other baggage).

xxxmadraxxx said:
10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device.
Click to expand...
Click to collapse
I've quieted Greenify. I used MyAndroidTools to disable the following for Greenify:
Content Provider:
com.crashlytics.android.CrashlyticsInitProvider
com.google.firebase.provider.FirebaseInitProvider
Activity:
com.google.android.gms.common.api.GoogleApiActivity
com.google.android.gms.tagmanager.TagManagerPreviewActivity
Broadcast Receiver:
com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver
Service:
com.google.android.gms.measurement.AppMeasurementJobService
com.google.android.gms.measurement.AppMeasurementService
com.google.firebase.components.ComponentDiscoveryService
com.google.firebase.iid.FirebaseInstanceIdService
com.google.android.gms.tagmanager.TagManagerService
That Tag Manager Service and Tag Manager Preview Activity are worrisome...
https://support.google.com/tagmanager/answer/6102821?hl=en
Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app. Once the small segment of Tag Manager code has been added to your project, you can safely and easily deploy analytics and measurement tag configurations from a web-based user interface.
When Tag Manager is installed, your website or app will be able to communicate with the Tag Manager servers. You can then use Tag Manager's web-based user interface to set up tags, establish triggers that cause your tag to fire when certain events occur, and create variables that can be used to simplify and automate your tag configurations.
Click to expand...
Click to collapse
https://blog.hubspot.com/marketing/google-tag-manager-guide
Collecting data using tools like Google Analytics is critical for expanding your business’s online reach, converting leads into customers, and optimizing a digital marketing strategy to create stronger relationships with your audience.
However, collecting data is easier said than done. Google Analytics and other similar analytics tools aid the process, but they work more effectively with the addition of tags.
Tags, in a general sense, are bits of code you embed in your website’s javascript or HTML to extract certain information.
Click to expand...
Click to collapse
So Tag Manager is yet another way for Google to track your every move... in apps and on web pages. It's almost a backdoor to your device, since Tag Manager can be used to remotely change what it tracks and when. Google is getting awfully malware-y, which is why I've worked so hard to make it so I can completely kill all Google components on my phone and the phone still works... and the Google components stay killed until I start them (without the necessary modifications, Google Persistence kicks in and restarts the Google components, which is also very malware-y... Google is a service provider, they shouldn't run unless the user wants to use their services, and there should be an interface to disable (or uninstall) any functionality the user doesn't want.). Further, the user shouldn't have to rely upon changing settings on Google's servers, while leaving the Google components running on their phone... that means we have to trust that Google is abiding by those settings... does anyone believe they are?
I've uncovered instances on this very phone where Google is less than honest in abiding by settings... another is their GoogleOtaBinder, which disregards the Developer Options setting to disable Automatic System Updates... the only way to turn off Google pushing a new ROM (without consent, without notification) and rebooting the phone (at midnight each night, without consent, without notification) is to edit a file such that GoogleOtaBinder can't authenticate with Google's servers.
You'll probably also find an app in Settings > Apps called 'Tag Manager'... I got rid of it long ago.
Google Tag Manager / Tracking Pixels and Tags
package:/system/priv-app/TagGoogle/TagGoogle.apk=com.google.android.tag
To get a list of packages installed on your system, in an Administrator-privilege command prompt on your computer, with your phone plugged into your computer via USB and set to 'File Transfer' USB mode, type:
adb shell pm list packages -f
Here's the list of packages I've removed.
{UPDATE}
I've also found the following:
The file:
/data/user/0/com.oasisfeng.greenify/app_google_tagmanager/resource_GTM-KN73P2
contains the following:
Component Display Name:
com.xiaomi.mipush.sdk.PushMessageHandler
alibaba.sdk.android.push.AliyunPushIntentService
com.igexin.sdk.PushService
com.tencent.android.tpush.service.XGPushServiceV3
org.android.agoo.client.MessageRecieverService
com.baidu.sapi2.share.ShareService
"MessageReceiverService"? PushMessageHandler? What is being pushed to our phones?
Further down, because I've completely neutered Google Analytics, it reads:
.analytics.disabled.exception.NoSuchMethodError true
{/UPDATE}
Greenify is also using the real 'adid_key' content in /data/data/com.google.android.gms/shared_prefs/adid_settings.xml, although I doubt they're in on Google's nefarious scheme to trick users into thinking they can reset their Advertising ID, while tracking them with a non-changing GUID (Globally Unique ID).
There are two keys in adid_settings.xml... 'adid_key' and 'fake_adid_key'... pushing the "Reset Advertising ID" button in Settings > Google > Ads changes 'fake_adid_key', but 'adid_key' never changes and is propagated to many other apps.
https://forum.xda-developers.com/showpost.php?p=79521903
Further, I tried to uninstall Greenify (I'll manually set up device_idle_constants to mimic what Greenify did)... it's never had Device Administrator privileges, I disabled Usage Access, uninstalled the XPosed Framework 'Greenify Experimental Features', then went into Greenify's settings and disabled all that was there... but when I went into Settings > Apps > Greenify, there isn't an "uninstall" button, just "Force Stop" and "Disable" buttons. There's no way to uninstall it from within Greenify itself, either.
I booted into TWRP Recovery Mode, went to /data/adb/modules, deleted the module for Greenify, and when I rebooted, Greenify was gone. All that remained was to wipe it from the Dalvik cache.