FORUMS
Remove All Ads from XDA

Is Greenify Malware?... or Spyware?

59 posts
Thanks Meter: 35
 
By xxxmadraxxx, Member on 7th May 2019, 03:49 PM
Post Reply Email Thread
5th June 2019, 08:26 AM |#11  
Oswald Boelcke's Avatar
Forum Moderator / Recognized Translator
Flag Preserving Air Supremacy over XDA!
Thanks Meter: 6,524
 
More
Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3
The Following 2 Users Say Thank You to Oswald Boelcke For This Useful Post: [ View ] Gift Oswald Boelcke Ad-Free
 
 
5th June 2019, 12:05 PM |#12  
DB126's Avatar
Senior Member
Thanks Meter: 9,234
 
More
Quote:
Originally Posted by Oswald Boelcke

Never ever had a "self-update" of Greenify.
Currently on Greenify v4.6.3 (Google beta programme) & Greenify (Donation Package) v2.3

Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.
The Following 4 Users Say Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
5th June 2019, 12:25 PM |#13  
Oswald Boelcke's Avatar
Forum Moderator / Recognized Translator
Flag Preserving Air Supremacy over XDA!
Thanks Meter: 6,524
 
More
Quote:
Originally Posted by Davey126

Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.

Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.
The Following 2 Users Say Thank You to Oswald Boelcke For This Useful Post: [ View ] Gift Oswald Boelcke Ad-Free
5th June 2019, 01:22 PM |#14  
xxxmadraxxx's Avatar
OP Member
Thanks Meter: 35
 
More
Quote:
Originally Posted by Davey126

Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.

I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.

10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:

Quote:
Originally Posted by xxxmadraxxx

I realise this is just my unverified opinion... And you've got no reason to trust me on this. But, if you've any doubts, feel free to install AFWall+ and try it yourself...

Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.

If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service

[cf. Google, Facebook, et al, if you want to see where that can lead].

I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:

* If there's an innocent explanation, why not just explain it and clear the air?

* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?

or, since the phoning home is not necessary for the app to function;

* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]
The Following 2 Users Say Thank You to xxxmadraxxx For This Useful Post: [ View ] Gift xxxmadraxxx Ad-Free
5th June 2019, 02:59 PM |#15  
DB126's Avatar
Senior Member
Thanks Meter: 9,234
 
More
Defensive wall of text speaks for itself. Moving on.

(several generations removed from "millennial")

Quote:
Originally Posted by xxxmadraxxx

I don't see how stating a fact and questioning why it happens is spreading "FUD". And it's certainly not "disinformation". Surprised you didn't also call it "Fake News", since that seems to be the millennial way to deal with anything you read which doesn't align to your own personal viewpoint.

10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device. But, as I said in the first post in the thread:



Hardly spreading FUD and disinformation. Just letting people know what I saw and telling them to check for themselves and draw their own conclusions.

If other people want to believe that Greenfy is 100% benign, because it's useful to them, then that's fine too. But I could counter your accusations of FUD with saying other people are spreading CCC [Complacency, Certainty and Confidence]. ie. you're blindly trusting an app just because it provides a useful service

[cf. Google, Facebook, et al, if you want to see where that can lead].

I also note that these questions about Greenify's surreptitious behaviour have been raised before on this forum, on other forums and also on the app's reviews on Google Play and, as far as I can see, the developer has not once responded. That may or may not seem suspicious to you but I ask myself:

* If there's an innocent explanation, why not just explain it and clear the air?

* If there's a bug in the app which is causing these attempts to phone home to be repeated endlessly, thousands upon thousands of times, why not fix it?

or, since the phoning home is not necessary for the app to function;

* Why not provide a preference to turn it off? [especially for those people who have paid for the donation version]



---------- Post added at 09:59 AM ---------- Previous post was at 09:47 AM ----------

Quote:
Originally Posted by Oswald Boelcke

Absolutely concur. I'm going to refrain from bumping this thread any longer; this is the last time. BTW: Congrats to well deserved 9,000+ thanks. And what does "shesh" means? Never heard it. Just for me to learn.

"Sheesh" (forgot the second ''e') is a mild expression of exasperation generally uttered as a final remark. Not entirely dismissive but leaning in that direction. Akin to 'geez'.

As for the other, any and all acknowledgements go back to the XDA community who support each other like a well designed house of cards. Each depends on the other for support but removing one (or many) does not lead to collapse but the subtle shifting of another 'card' to share the load.
The Following 2 Users Say Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
5th June 2019, 03:06 PM |#16  
xxxmadraxxx's Avatar
OP Member
Thanks Meter: 35
 
More
Quote:
Originally Posted by Davey126

Defensive wall of text speaks for itself. Moving on.

(several generations removed from "millennial")

In other words:

I'm not a millennial and just to show how mature I am –because I disagree with what you're saying, I'm going to stick my fingers in my ears and go "Na! Na!Na! I can't hear you!"

M'lud. The defence rests its case.
The Following User Says Thank You to xxxmadraxxx For This Useful Post: [ View ] Gift xxxmadraxxx Ad-Free
7th June 2019, 05:25 PM |#17  
htr5's Avatar
Senior Member
Thanks Meter: 238
 
More
Quote:
Originally Posted by Davey126

Same. This FUD about Greenify being evil by design is disinformation the net craves. I expect this to be a top trending thread in no time that trashes the reputation of an otherwise fine product. Shesh.

I have to disagree with you, and I applaud the original poster for making this thread. No closed source project should be immune from scrutiny.

I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.

Though OP could have probably not used such a click-baity and sensational title. Even if it's not malware, the bug would mean that Greenify is not getting root access unless I manually grant it again.
The Following User Says Thank You to htr5 For This Useful Post: [ View ] Gift htr5 Ad-Free
7th June 2019, 06:43 PM |#18  
xxxmadraxxx's Avatar
OP Member
Thanks Meter: 35
 
More
Quote:
Originally Posted by htr5

Though OP could have probably not used such a click-baity and sensational title...

The title wasn't intended to be either click-baity or sensational but, with hindsight, I can see how it might read it that way. Mea culpa.

However, given that no third party has been able to offer any justifiable reason as to why Greenify behaves as it does and the developer has never responded to the oft-expressed concerns of users –I don't think it unreasonable to infer that Greenify may be behaving; at best, irresponsibly and at worst, nefariously.

In which case, maybe the headline wasn't that click-baity, after all.
The Following 2 Users Say Thank You to xxxmadraxxx For This Useful Post: [ View ] Gift xxxmadraxxx Ad-Free
8th June 2019, 01:27 AM |#19  
DB126's Avatar
Senior Member
Thanks Meter: 9,234
 
More
Quote:
Originally Posted by htr5

I of course have been using the app for many years and trust the developer but still don't have an answer as to why Xposed and SuperSU were telling me that Greenify has been updated - I think it would be fair to question what's going on.

Yes, that would be a fair question (sans other baggage).
The Following User Says Thank You to DB126 For This Useful Post: [ View ] Gift DB126 Ad-Free
9th June 2019, 11:43 PM |#20  
Senior Member
Thanks Meter: 25
 
More
Quote:
Originally Posted by xxxmadraxxx

10,000+ attempted internet connections by Greenify in the space of a couple of months is a statement of fact that I observed on my own device.

I've quieted Greenify. I used MyAndroidTools to disable the following for Greenify:
Content Provider:
com.crashlytics.android.CrashlyticsInitProvider
com.google.firebase.provider.FirebaseInitProvider

Activity:
com.google.android.gms.common.api.GoogleApiActivit y
com.google.android.gms.tagmanager.TagManagerPrevie wActivity

Broadcast Receiver:
com.google.android.gms.measurement.AppMeasurementI nstallReferrerReceiver
com.google.android.gms.measurement.AppMeasurementR eceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver

Service:
com.google.android.gms.measurement.AppMeasurementJ obService
com.google.android.gms.measurement.AppMeasurementS ervice
com.google.firebase.components.ComponentDiscoveryS ervice
com.google.firebase.iid.FirebaseInstanceIdService
com.google.android.gms.tagmanager.TagManagerServic e

That Tag Manager Service and Tag Manager Preview Activity are worrisome...
https://support.google.com/tagmanage.../6102821?hl=en
Quote:

Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app. Once the small segment of Tag Manager code has been added to your project, you can safely and easily deploy analytics and measurement tag configurations from a web-based user interface.

When Tag Manager is installed, your website or app will be able to communicate with the Tag Manager servers. You can then use Tag Manager's web-based user interface to set up tags, establish triggers that cause your tag to fire when certain events occur, and create variables that can be used to simplify and automate your tag configurations.

https://blog.hubspot.com/marketing/g...-manager-guide
Quote:

Collecting data using tools like Google Analytics is critical for expanding your business’s online reach, converting leads into customers, and optimizing a digital marketing strategy to create stronger relationships with your audience.

However, collecting data is easier said than done. Google Analytics and other similar analytics tools aid the process, but they work more effectively with the addition of tags.

Tags, in a general sense, are bits of code you embed in your website’s javascript or HTML to extract certain information.

So Tag Manager is yet another way for Google to track your every move... in apps and on web pages. It's almost a backdoor to your device, since Tag Manager can be used to remotely change what it tracks and when. Google is getting awfully malware-y, which is why I've worked so hard to make it so I can completely kill all Google components on my phone and the phone still works... and the Google components stay killed until I start them (without the necessary modifications, Google Persistence kicks in and restarts the Google components, which is also very malware-y... Google is a service provider, they shouldn't run unless the user wants to use their services, and there should be an interface to disable (or uninstall) any functionality the user doesn't want.). Further, the user shouldn't have to rely upon changing settings on Google's servers, while leaving the Google components running on their phone... that means we have to trust that Google is abiding by those settings... does anyone believe they are?

I've uncovered instances on this very phone where Google is less than honest in abiding by settings... another is their GoogleOtaBinder, which disregards the Developer Options setting to disable Automatic System Updates... the only way to turn off Google pushing a new ROM (without consent, without notification) and rebooting the phone (at midnight each night, without consent, without notification) is to edit a file such that GoogleOtaBinder can't authenticate with Google's servers.

You'll probably also find an app in Settings > Apps called 'Tag Manager'... I got rid of it long ago.

Google Tag Manager / Tracking Pixels and Tags
package:/system/priv-app/TagGoogle/TagGoogle.apk=com.google.android.tag

To get a list of packages installed on your system, in an Administrator-privilege command prompt on your computer, with your phone plugged into your computer via USB and set to 'File Transfer' USB mode, type:
adb shell pm list packages -f

Here's the list of packages I've removed.

{UPDATE}
I've also found the following:
The file:
/data/user/0/com.oasisfeng.greenify/app_google_tagmanager/resource_GTM-KN73P2
contains the following:
Component Display Name:
com.xiaomi.mipush.sdk.PushMessageHandler
alibaba.sdk.android.push.AliyunPushIntentService
com.igexin.sdk.PushService
com.tencent.android.tpush.service.XGPushServiceV3
org.android.agoo.client.MessageRecieverService
com.baidu.sapi2.share.ShareService

"MessageReceiverService"? PushMessageHandler? What is being pushed to our phones?
Further down, because I've completely neutered Google Analytics, it reads:
.analytics.disabled.exception.NoSuchMethodError true
{/UPDATE}

Greenify is also using the real 'adid_key' content in /data/data/com.google.android.gms/shared_prefs/adid_settings.xml, although I doubt they're in on Google's nefarious scheme to trick users into thinking they can reset their Advertising ID, while tracking them with a non-changing GUID (Globally Unique ID).

There are two keys in adid_settings.xml... 'adid_key' and 'fake_adid_key'... pushing the "Reset Advertising ID" button in Settings > Google > Ads changes 'fake_adid_key', but 'adid_key' never changes and is propagated to many other apps.

https://forum.xda-developers.com/showpost.php?p=79521903


Further, I tried to uninstall Greenify (I'll manually set up device_idle_constants to mimic what Greenify did)... it's never had Device Administrator privileges, I disabled Usage Access, uninstalled the XPosed Framework 'Greenify Experimental Features', then went into Greenify's settings and disabled all that was there... but when I went into Settings > Apps > Greenify, there isn't an "uninstall" button, just "Force Stop" and "Disable" buttons. There's no way to uninstall it from within Greenify itself, either.

I booted into TWRP Recovery Mode, went to /data/adb/modules, deleted the module for Greenify, and when I rebooted, Greenify was gone. All that remained was to wipe it from the Dalvik cache.
10th June 2019, 03:21 AM |#21  
Senior Member
Thanks Meter: 25
 
More
Quote:
Originally Posted by htr5

I came across this thread because in the past year, three times I have been notified by Xposed that a module has been updated. SuperSU also asks me to grant root access again so I'm wondering what the app is doing self updating?

Version 4.5.1 (donate)

I think what's happening here is this:
In Xposed, you likely have the Greenify Experimental Features module, and Xposed automatically updated that module.

SuperSU is set to reauthorize root for updated apps and modules, so when Xposed updated that module (which SuperSU likely considers to be a part of Greenify), SuperSU asked for authorization to grant root to Greenify.
Post Reply Subscribe to Thread

Tags
afwall+, firewall, greenify, malware, spyware

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes