[APP][6.0+] malninstall - Remove FluBot (SMS virus) from your device - Android Software/Hacking General [Developers Only]

malninstall - Remove FluBot from your device
​
Hello everyone,
I have created a tool to remove FluBot, one of the most dangerous malwares in Android that's striking European countries, like Germany and Spain right now. For more information on how the bot and the scam works, please read PRODAFT's White Paper or follow this link to look up the latest news regarding the malware.
To summarize, this malware has been around since November 2020 and it has now started spreading even quicker by using the contact list from infected devices to spread itself. The malware has now infected approximately 60.000 devices and has gathered a 25% of the total Spanish mobile phone numbers. In order to know what are the spread routines, and how it manages to infect users, please check here.
This malware is also capable of showing fake login screens for plenty of banks whenever the user attempts to open any legitimate bank app, in order to collect all sorts of login credentials and credit card details, as well as replacing your SMS application (and not allowing you to use another one). As a malware, it prevents from being uninstalled using an accessibility service, which the user manually granted while unknowingly installing the malware.
Knowing all of the above, I created malninstall (from malware-uninstall, and also known as FluBot Malware Remover) in order to help inexperienced people get rid of the malware. Upon installation (and detection of infection), malninstall shows a step by step guide on how to set-up the tool in order to remove FluBot, and after removal, it also helps the user undo the changes the application made to the device.
Malninstall is based on the principle that, whenever FluBot detects the user is performing an action that can affect the malware, like uninstalling or stopping its accessibility service, it will hit the (virtual) home button several times, and show a message, warning the user that "this kind of action is not allowed for a system service", which is not true. So, in order to remove the malware, malninstall will set itself as the device's launcher (temporarily), allowing this way to stay focused and letting the user to tap on the uninstall prompt that malninstall helps open. After the uninstall was successful, the user will be prompted to choose their launcher back to the one they were using before.
This project is completely open-source, and its source code can be checked on GitHub.
If you know of someone that got infected with this malware, feel free to advise them giving malninstall a try!
Download latest version - GitHub Project page - Featured in XDA Portal - Featured in Xataka (Spanish)
Check out how the malware removal process works in this video:

Related

[Q] Warning from Skype on malicious access to Skype data

(Sorry if this is posted in the wrong section. Mods: You may move/delete this if you feel necessary.)
Received this email from Skype today. Guess I'll uninstall Skype until they fix this. And does anybody know how to identify if we are affected?
Dear XXXXXX
Thank you for downloading and using the Skype for Android software. Unfortunately, it has come to our attention that if you were to install a malicious third-party application onto your Android device, it could access the locally stored Skype for Android files. These files include cached profile information and your instant message chat history.
We take our users’ privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application. This update will be available shortly and as always we urge you to install updates to benefit from our continuous fixes and improvements.
Until the update is released, to protect your personal information, we advise that you as always take care when selecting which applications to download and install onto your device from the Android Marketplace.
For more information see our Security Blog at blogs.skype.com/security or our security section at skype.com/security.
Adrian Asher
Chief Information Security Officer
Skype Information Security
I recently got this mail to.
They will probably fix it sometimes ...
More info:
http://blogs.skype.com/security/2011/04/privacy_vulnerability_in_skype.html
http://androidjet.com/skype-for-android-data-security-issues/
Skype for Android is one of the more widely used applications on Android – on any platform for that matter. We, as consumers, generally tend to trust popular applications with our personal information and rarely seem to think twice about how that data is protected or encrypted.
Unfortunately, Skype has allowed a glaring oversight in security to take place. The application has been failing to set the appropriate level of read-permissions for certain files that it creates while you’re using the program. Android has built-in security measures to prevent one application from reading another’s data, to avoid malicious apps from accessing your secure data. The flaw, however, is that Skype has been failing to encrypt the data that is being stored and they have also not been setting the permissions appropriately, to prevent other applications from reading the aforementioned data.
Thankfully, Skype is aggressively working on a fix for this issue and should be issuing a patch or update very soon. So far, we haven’t heard any stories of malicious activity actually taking place but the threat is enough to get us worried.
Click to expand...
Click to collapse

Malware in Android Market Steals Bank Passowords

Do you know that the Android Market Place too has some serious loop holes as some of the applications in the Android Market Place steals the banking passwords? Yes, for all those who thought that the Android as a platform is safe might just have to give this a thought as its not safe at all as the market has a malware which really is responsible for the stealing of banking passwords data. Basically there are two Android Malware types which are available as of now, one is the Droid Dream Light and another one is the Zitmo out of which both has the ability to steal the banking data or can also intercept the data from the non suspected users and then the data can be fetched to misuse it. Though these both malwares can be caught by using the recognized Antivirus, its still a big question mark on howm many more such malwares are there which cause damage to the privacy of the users confidential data.
Since these two malawares were caught by the LookOut mobile security, we could knew on what consequences it can make, so always ensure that you use a trusted antivirus or the anti malware softwares like the Lookout Mobile Security or else it will be very difficult to track, find and kill such malwares.
According to the release by LookOut, it was reported that the four applications that are Mobnet: Quick FallDown, Scientific Calculator, Bubble Buster and a clone of Best Compass & Leveler pulled the user data and were stealing the udser passwords, so its better that immediately you should uninstall these applications which are mentioned above. Please note that, always you will have to ensure that the unwanted apps should be removed or uninstalled from your device or else such consequences can get aroused. Also, we can hope that since al these things are Anti-Google Policies, Google will surely look out for the same and will ensure that such things are not repeated again. In the above 4 applications which are listed, there was a threat of Droid Dream Light which was found and also this one contnously performs the unwanted tasks in the background without our consent which is the most worst thing as it not only drains the data but also steals the data from our Android Phones like Passwords and other crucial data.
Another malware which is named as the Zitmo is basically a malware which has recently plagued other mobile OS formats like Windows and even the Symbian and was known for stealing the passwords. Also, this on eis very popular on all variants of the Videocon Zeus handsets as this malware is made for all the Zeus variants phones. Adding to the Worst its event like that it tracks all the incoming messages and captures the crucial data like the authentification codes which the bank sends to the users and also it has the capability to perform the transactions on the users behalf. Also, additionally, the apk file size is of around 19KB and it passes itself as the security tool with the name of Trusteer and if te user installs any malicious application, then then trusteer report will be appearing on the main menu and then this will take over the screen after clicking on the application link which is again the bad part of this application and how it works to capture all the important data.
So, all in all if you look to protect yourself from all such malicious threats, then you will have to make sure that you use a good antivirus as well as a good anti malware solutions like AVG Security Suite or even say Look Out Mobile security tool.
Do, let us know if you want to share any such experiences in the comments section below so that all other users will get benefitted with the same.
Source? 10char
tl;dr
However, I'm not stupid enough to enter my details into my phone willy nilly, or at all infact.
source please
Reads like an advertisement for lookout security, an app that has questionable permissions in itself, lol
Sent from my ADR6300 using Tapatalk
1. i dont download app under 300 reviews and rating.
2. i do research before i download app.
3. read step 1 & 2.
techrepublic has a little info on the Zeus/Zitmo and android, stating that:
Security researchers at Fortinet, S21sec, and McAfee are following the Zeus/Zitmo saga closely. They have examples of Zitmo code for Symbian, Blackberry, and Windows mobile operating systems–three out of the big four. What about Android? (...) According to this Nielsen report, Android is favored by a third of all smartphone users. Seems to me, the bad guys are missing or avoiding the largest segment of mobile-device users. Puzzling.
Anyway, for now I think that combo of DroidWall, LBE and Permission Denied provides some level of security
phoenixs4r said:
Reads like an advertisement for lookout security, an app that has questionable permissions in itself, lol
Sent from my ADR6300 using Tapatalk
Click to expand...
Click to collapse
I agree with that, I actually think Lookout itself is the part of malware. I'm curious what it is actually doing while it's scanning apps.
Closed - OP request

NotCompatible Android Trojan

Just a heads up (though I'm sure most people here are smart enough to avoid it):
NotCompatible Android Trojan: What You Need to Know
Android smartphone users should be on the lookout for hacked websites that automatically download an app onto your phone in an attempt to trick you into installing malicious code. For what may be the first time ever, analysts at Lookout Mobile Security are warning of a so-called drive-by download attack specifically targeted at Android devices. The attack uses infected websites to try to install a Trojan horse called NotCompatible onto your phone. If installed, the Android malware could let hackers use the phone as an intermediary access point, or proxy, to break into private computer networks. There is also some speculation that NotCompatible could add your phone to a botnet.
However, while NotCompatible sounds scary, it is not a threat if you use common sense and never install anything on your phone that you don't trust or don't remember downloading. Here's what Android users need to know about NotCompatible.
How was NotCompatible discovered?
The Trojan first surfaced when a Reddit user named “georgiabiker” discovered NotCompatible by chance and brought the malware to the Reddit community's attention. Reddit is a social news site and message board.
Who's at Risk?
NotCompatible can only infect people who have enabled sideloading -- the ability to download apps from unofficial sources -- for their device, according to Lookout. Sideloading is enabled on your phone by going to Settings>Applications and then tapping the “Unknown Sources” check box.
Keep in mind that even if you have sideloading enabled, getting infected still requires explicit user action.
OK, So How Do I Get Infected?
Courtesy of Reddit user georgiabiker
Any Android user arriving at an infected site using the phone's browser will automatically download a file called “Update.apk.”
Courtesy of Reddit user georgiabiker
If you have sideloading enabled, a screen will pop-up asking you to install an update named com.Security.Update or something similar. Any user who then installs the application will get infected.
If you are not sideloading apps, you will not be able to install the Trojan, Lookout says.
What Does It Do to My Phone?
It's not immediately clear whether there's any long-term effect on your phone or your device's content, but so far Lookout says the only thing that will happen is your phone could be used as a proxy by a third-party.
How Widespread is the Trojan?
Lookout is not offering any specific numbers, but the company says it has found the malware on “numerous” websites embedded in an iframe -- a segment of a browser window that can display content from a third-party. Lookout expects NotCompatible's overall impact to be low.
Hacked sites unknowingly acting as a vehicle for NotCompatible appear to be typically low traffic websites for local businesses such as country clubs, computer repair, and pest exterminators.
What If I'm Infected?
Lookout has not provided any information on what users can do if they are infected with NotCompatible so it's not clear whether installing Lookout's antivirus software would remove the malicious software.
Even though this malware is specifically targeted for Android devices, as long as you remain attentive when authorizing new apps and watch out for unauthorized downloads, your device should be fine.
Click to expand...
Click to collapse

A General Warning about flashing Unknown Roms

Hi.
I recently came across some chinese / asian websites which kang / modify and release a diversity of roms.
I'm not specifying sources / which roms are, this is a general announcement to be careful with what we download & flash into our devices, and why ?
I flashed in order to test some of these roms (not the sense 5 kang tho), since I work in network security, I had noticed on our firewall logs when my mobile connected through the wifi, a bunch of UDP requests / DNS queries to russian websites. This can be used to botnets, DoS, even malware / spam propagation (a diversity of not cool stuff, basically).
A colegue of mine which also has a 'droid had once an app which sent repeatedly ICMP requests in "not random" but specific hours / intervals, he asked me to test his rom which he downloaded and flashed from "another" website, and I confirmed the suspicious behavior. There was established connections to foreigner addresses through a diversity of protocols, data being sent / received and at times, a udp flood directed to specific addresses. This is bad, my friends.
We don't know what these roms have inside, what's their mechanism besides the standard transparent operations which most of us are familiar with, and they could be very well used to do illegal things which I guaranty we don't want to be part of.
Flashing a rom, connecting through 3G or Wifi, and then our mobile is now part of a botnet which participates without our knowledge on such illegal operations is just one of the things that could happen. Phishing is also very possible - in other hand, a lot of things are possible without our knowledge and consent. We don't want this do we ?
The last Rom which I have experienced this, the link was removed and is no longer online. So i'm not pointing URL's / Rom names because this is something that each one of us has to be careful about.
Fortunately we have ways to detect / avoid / remove and make sure our device is used only for us and does only what we "tell" it to do.
We can use this thread to report such roms (since they're not published on xda, we can only warn each other and be aware) and applications that have malicious content.
I'll also be updating this thread with methods, applications for android to detect malware / suspicious activities (I'm not going into depth like using a sniffer or protocol / packet analyzer (although we can) I'll try to keep as simple as possible.
Suggestions, reports are very welcome and should be reported here. We can use this thread to protect our droids and help each other making our devices secure.
This post has the intention of protecting ourselfs, but privacy tips / applications are also welcome. Be careful tho, would be ironic to suggest an app to protect user privacy and in the end the app itself sends private data to GodKnowsWhere.
To be continued / Updated Soon.
List of Applications to monitor / analyze traffic:
Netstat Professional - Allows you to see what connections your android has established. Allows whois info, Real time IP / Port and status information (pretty much like netstat -an), and what service is running / port information.
Wi.cap. Network Sniffer - Much like a network protocol analyzer / network sniffer. This neat app allows you to see what connections are estabilished / protocol / status / analyze packets. If there's a connection estabilished - it will be listed. [Root needed]
Shark for Root - Traffic sniffer for 3G & Wifi (supports FroYo tethered mode too). Records traffic which later you can open with WireShark. To preview you can use Shark Reader.
List of Applications fo scan for malware.
Coming Soon...
Procedures to discover / analyze / report malware / suspicious behaviours and such.
Coming Soon...
Post reserved for procedures which will include:
- Common Sense
- How a malware works (the term malware is used to include viruses, trojans, custom scripts and apps.
- What to look for / suspicious behavior which you should pay attention to (also included in Common Sense).
- Basic tools to detect / analyze / remove malware.
More to come.
Sent from my HTC Z710e using xda premium
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
XxXPachaXxX said:
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
Click to expand...
Click to collapse
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Unknown Rom
The threat is over when a secure rom is installed (after using a none xda rom) ??
MidnightDevil said:
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Click to expand...
Click to collapse
phearell said:
The threat is over when a secure rom is installed (after using a none xda rom) ??
Click to expand...
Click to collapse
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
MidnightDevil said:
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
Click to expand...
Click to collapse
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
astar26 said:
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
Click to expand...
Click to collapse
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
MidnightDevil said:
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
Click to expand...
Click to collapse
I just remembered of an app called "Who is tracking" (was featured on the portal a while ago), that also scans system files (bloatware) and tells you which app tracks you. tried using it a while ago, but didn'y really try to understand it, and it seems to have changed since. will try it myself.
Agreed with Patcha, unless you 100% trust the source (CM/MIUI are well known and if they did something untrustworthy a massive ****storm would ensue) then I would stick to ROM's posted on XDA (though frankly I avoid MIUI out of moral principle #SouceCodeMuch?). Anything untrustworthy that is posted on XDA is picked up very quickly and dealt with effectively.
More to come from me on this, I need to organize what I want to say so it doesn't sound like a mad persons ramblings
Edit: A thing to look out for in google play store is the permissions, READ THEM, read what they mean, read what permissions the app requests and if you don't know why an app needs that permission or if it looks dodgy (like the permission to send sms messages without the user knowing) then for God's sake don't use the app util you've found out what the app needs that permission for (quick google search or email to the developer). Don't just blindly agree to all the permissions without reading them.
These permissions are declared by the developer in the Android_manifest.xml file and pulled from there when publishing the app on play store. As far as I am aware, there is no way to fool this system - you can't edit the visible permissions through the developer panel of play store, only by editing the manifest - I have a developer account on play store so this I am 100% sure on.
Yup, very true. Something I forgot to mention earlier and is VERY important.
Always check the permissions and what for the permissions are used. Some good developers write what for they need the permissions. Some things are obvious, others not so quite.
Also reading the comments of an app helps as well. More experienced users tend to write a more complete review and sometimes they draw the attention to things that sometimes other users miss. About permissions or anything else.
Any user can write a review, so if you find something important, you can also write in the review. Just make sure you don't underrate an app because of a doubt
Usually developers also have their contact email in case of doubts, it can be used to to bring some things to light.

Freeware Apps - Redefining a Lost Genre

Freeware isnt something you really find much in the Android community.
You hear the term thrown around quite a bit, but even alot of what is termed as freeware, actually isnt.
The Lion's Share of Android apps are not Freeware at all, and the Vast majority of the so-called 'freeware' apps that are available for us to download & use daily are not truly freeware at all
I would like to draft a set of guidelines for what would ideally become a certification standard for the ethical creation & development of free apps
Apps adhering to this standard could be classified under this genre of apps, and even bear a symbol within the app, overlaid on its logo, showing users it belongs and mentioned in the app's description, showing users how it was developed, and stating that it adheres to the guidelines and fulfills the requirements of the new standard.
I would also like to compile a list of any existing apps which already meet these criteria
and all Apps filling these requirements will fall under the realm of this Guild.
Please feel free to offer your own ideas & input as to what you feel would be best for the end user, and any rules or criteria you feel are relevant to forming a framework of guidelines & prerequisites needed for apps to be called under this name, and be brought under the umbrella of this guild.
Please feel free to offer suggestions for the certification & class name and/or Guild name as well
this is all preliminary work, and I'm looking for anyone interested in helping to build this community and standard & promote its use.
There could be 2 classes of apps, Freeware & Benefit-Ware
Or there could just be one set of rules for each, stating "IF.. such and such, THEN... such and such"
If you are an App User, please mention anything you find annoying, bothersome, or troublesome.
If you are an App Developer who knows about or is displeased with the ethics and developments of certain apps which gives other apps and developers bad names, please mention anything you can that might assist us in reigning in the cowboys of the App Wild West.
Also, if somethings are simply & 100% "Not Possible" because of the Android OS, these would be issues the Guild will work to make Individual Device Manufacturers as well as the Android team at Google aware of
So, it could start something like this:
- An app should not contain ads nor promotions which cannot be closed or disabled
- An app should not contain any full-screen ads nor any ads which limit or effect user interaction with the app
- An app should not give reminders which pop up and ask the user for money, ratings, or to download additional apps
- All requests for financial support, ratings, and downloading of additional apps should be contained in the 'About' Section of the Apps Settings
- All apps which produce sound of any sort must include its Volume Controls, including in-app Mute
- All apps with services which wish to run at start up must include their own settings option to enable or disable "Start when Android Starts"
- An app must not Auto-start unless the User has specifically selected it to, nor shall it be kept running if it has not been manually Launched by a User since the last Boot time.
- An app must allow users to manually select the installation directory upon installation
- An app must have its own internal Uninstall button in the "About" Menu Settings
- An app must install 'portably', that is, without adding data to the internal phone storage
- All apps which save data must have a User-Selectable Save Location which can be used to replace the App Default Save Location
- All Apps must Uninstall completely and leave no folder behind, asking users whether or not to uninstall specific items which might contain important user data
I hope other people can add to this list
thanks
I would like to stress that this isnt a knock on any existing programs, nor do I expect anyone to change what they are doing who isn't willing to.
If you hate the idea of this, please continue doing what you are doing.
This is for people who want to join or participate because these are the apps they would prefer to use, or make.
thanks
Others may include:
- An app must ask users whether or not the user wants to add a shortcut to the users default Home screen, regardless of the user's own phone settings. Perhaps an "Allow Shortcut" selection for Shortcuts which are going to be added
- An app must ONLY install shortcuts to the program currently being installed, and can in no way add shortcuts to the Home screen, the apps drawer, or the installation directory, to any other program nor any website at all.
- An app may include a single, small, unobtrusive "Donate/Beer" button on a menu bar with other menu buttons, but to be at the far right or farthest/last menu item available on the menu
- An app must not include permissions for anything other than the express intent & use of the app for its specified purpose.
- No app may, at any time, access a users personal information unless the app has direct interaction with such information as directly related to a service it is providing as a primary function of the app - And even then, the apps access to information must not be sent online nor over the internet unless specified as such due to it being a primary function of the app - and if & when personal information is sent online, the owner of the server must have a secure server which is not accessed by himself or his employees, but in which information is automatically transferred by software to and from the end users needed locations, and to no other place shall the information be passed - Nor shall it be kept on the server while not being sent or received to/from the users locations, without the users express consent, as an additional option.
- A "Primary Function" is defined as a Function which is the main or only reason a user installs or interacts with the site, and will be the main focus of the apps description
- Secondary Functions are not allowed to gain internet access, nor have any interaction with any online server or service, nor be granted any access to personal information nor any stored data outside the apps own install directory, etc.
- Apps must, in a written disclaimer provided in the "About" section of the apps own settings, give specific details as to the apps permissions and justify with specific reasons and technical details why each function requires each form of permission, and exactly how the app will use each permission, including server specifications & information-handling specifics, where applicable.
- Apps qualifying for inclusion in the Guild will clearly label themselves in one of 3 categories exclusively - Freeware, Benefitware, or Trialware.
- Apps labelled as Free, or containing the word "Free" must 1.) be 100% ad-free, 2.) not be a Trial, 3.) be fully functional, & 4.) not bother users for payments, ratings, etc.
- Apps labelled as "Benefitware" may include 1.) ads adhering to the guidelines for the inclusion of ads, 2.) requests for financial assistance in accordance with the guidelines for requests of Financial Assistance, 3.) Added Functionality which is above and beyond the scope of the original, feature-rich, fully-functional program, & 4.) Other items which are primarily of benefit to the developer, but which adhere to the guidelines of Enjoyable, Unfettered User Interaction
- Apps labeled clearly as "Trialware" may 1.) Limit the functionality of the apps Primary Functions, 2.) Must have a fully-functioning trial period of no less than 30 days, 3.) Must not be limited in any way during the Evaluation Period (e.g. no "20-character", "2-page", "3-time" limitations, or the such), & 4.) after the Trial Period, the app will be completely 100% uninstallable, and a re-install of the app on a specific device will begin a new 30-day evaluation (Users will not be treated like criminals nor presumed Guilty of Fraudulent use before proven otherwise).
- Other apps will not gain classification, certification, or inclusion in the Guild, and may refer to themselves in anyway they care to, but may broadly be referred to as "junkware" if they are found to not conform to the Principles, Guidelines & Statutes set forth and adhered to by the Guild & its Members & Affiliates
-
Also:
- An app must have an option to turn off Automatic updates, and may not self-check for updates otherwise.
- All Settings a User sets must be permanent and may not be reset nor shall those permission requests for updates, etc, be altered or changed nor be made to reappear, nor require the user to specify the same setting more than once.
- No app shall ever contact its servers for anything other than a user-launched request for the specific function required by the user at the time of the request.
- No app nor server nor company shall in any way interact with its apps or servers in anyway other than to execute the exact function called for by the user according to the UI meaning and implicit intent of the action
-
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
MarkanthonyDonald said:
I have checked almost all the setting of it..But couldn't find the prior results..What are the other alternatives of it?
Click to expand...
Click to collapse
Hi, markanthonydonald. welcome to the forum, I see this is your first day registered, and your first post no less.
That's right, all the prior results are belong to the settings of it t almost at all from the prior r results, but dont stop trying your point o of that the alternatives are to us, and thats the most bases of it. ll
-
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine IF certain things were moved into the 'about' option. How or why a dev would change their current, 100% working fine app, to modify this I dont know.
Click to expand...
Click to collapse
Great Idea!
- An App must have a complete Version History contained in the About Menu Settings, or a Menu Item Devoted to Version History, with Detailed explanations as to why the changes were added, and if they are only to fix a bug with device x, why is it recommended to install it if you arent using that device
- Each App Update should be available as a complete App Stand-Alone APK installer, or installable from the Play Store Directly. No App should require Updates, nor provide updates for which there is no Standalone APK or an updated Google Play Installation.
alot of devs set up their apps just good enough to get on Google play, without getting kicked off, and then after you install it, they update the app with functions & behaviors that would get it kicked from the Play Store.
great work catching that one, thanks
-
robneymcplum said:
I like the idea of this, and from what youre saying and a few apps I use would fall into this category just fine
Click to expand...
Click to collapse
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
We need a list of example apps that we feel embody the spirit of honesty, transparency, user-centric programming & packaging, and which are either made in the spirit of true freeware, or made in the spirit of goodwill, and have either Benefitware or Trialware which adheres to consumer-oriented needs & interests
The following behaviors DO NOT qualify for inclusion in the Guild:
- Any app which appears desperate to flash things in front of your face, particularly things which flash or change scenes or color rapidly, change in a single frame, or less than a 1 second cross-dissolve, and which are overly animated, bothersome, annoying, or which may lead to epileptic reactions, which cannot be permanently closed or disabled for the duration of the session.
- Any app which appears to desperately or urgently present users with matters of no immediate significance or importance to the user. This includes the pestering need for ratings, requests for financial assistance, downloading of the developers other apps or partner apps, offers to visit the Play store or any other external website, etc..
- Any Benefit-ware app with any full-screen advertisement at all, from Internal or external sources used to promote the sales, use, or downloading of its own other products & services or those of an external company
- Any Benefitware which does not allow you to close a bar-style advertisement with a clear, easily-accessed, and adequately-sized close button
- Any Benefitware which re-opens an ad which has been closed within the same 24-hour period, or since reboot.
- Any Trialware which limits functionality of its products to a state inconsistent with the primary function of the app
- Any Trialware which does not allow a minimum 30-day trial period
- Any Trialware which limits the functions within its trial period in any way
- Any Trialware which doesnt openly allow a re-installation of a Trial package on fresh uninstall/reinstall
A user is to be given as much time as is required for him/her to fully evaluate the product. Often times a user may begin a 30-day trial period, only to never have the time to use it, including having no time to even look through it the day it was installed
Furthermore, All apps containing promotions of their own products are to be classified as Benefitware, and not Freeware, even if there are no ads from external advertising companies.
Feel free to add to this list, or to add an app you believe warrants inclusion for its programming efforts, ethics, & merits
-
A similar Evaluation Period problem arises when users are given a 30-time evaluation. As one "Evaluation" day is simply a 24-hour period since the app was launched.
Launching the app by accident, or launching the app and immediately closing it, removes evaluation days from your trial, days in which no evaluating took place.
Even if we give each launch a time-specific interval where an app which is running for 10 or 15 minutes is considered "Evaluated" for one day, it doesnt take into account that launching the app then closing it where it sits opened in the background still takes away your evaluation days, or opening it, then answering the door or going to grab a sandwich also takes from your evaluation period
We could find other solutions to this problem, but one of the primary characteristics for an app or developer to be included in the Guild is to treat the user as if they were a guest in an actual store, and not a criminal pirate on a baby-killing spree, meaning:
- No app or developer should treat a user like a criminal, nor assume he is engaging or will engage in criminal activity, nor accuse him of such activities, nor behave in a manner which displays mistrust or accusations of users
- An app & developer must leave it to fate, heaven, and the common goodwill of mankind to have its requests & guidelines (such as for trials, etc) met, and can in no way behave in a manner which is inconsistent with good will
- All agreements made will be made in Good Faith with the community at large
you wont walk into a department store and be tackled by the security guards and forced to pay for something you didnt even try on, simply because you touched in on the rack, or be banned from the store for life until you do pay for it.. simply because the paranoid psychotic lunatic in charge of the store thinks everybody who walks into his store is a dirt-poor crack-head criminal out to steal his supremely precious goods
-
Also:
- An app is not to be created for the sole intention of Data Collection or Information Gathering, and apps which appear to do so will be blacklisted
- An app is not to be developed or created for the primary purpose of spreading advertising spam, shady promotions, other sites & services, etc, and any app found to be out of balance with respect to this criteria will be blacklisted
- Any app found to be in breech of any of the guidelines shall be blacklisted. Concerned Members could write a letter to the developer instructing them on the things they could change for inclusion in the Guild, if they so choose
- No app shall include advertisements or links of/to any shady or malicious programs or websites, including phishing sites, spoof sites, porn sites, or any site which executes malicious code or scripts, or which is deemed as an unhealthy website, program, or service by the world-wide community of web experts as a whole
- Any app or developer found in severe breech of the spirit of the Guild will be banned for life. Severe offenses include things such as falsifying information, deception, betrayal, lying, perpetuating viruses/malware or web-based attacks, hacks or intrusions, or stealing private information & personal data; the gathering of personal data for uses unspecific to the service or which willfully compromise the security & privacy of users; or if an app or developer is found to be using the information & data of users in a way which destroys the Integrity & Trustworthiness of the app & developer, and undermines, corrupts, corrodes, or destroys the Trust & Faith the community has put in the app & developer
-
chinarabbit said:
If you know of any solid apps that you believe fall into this category, or easily could, please post them here
Click to expand...
Click to collapse
I use zeam launcher, that definetely qualifies.
robneymcplum said:
I use zeam launcher, that definetely qualifies.
Click to expand...
Click to collapse
Cool, thanks
It seems its not under development anymore.
Perhaps a goal of the Organization can be to encourage, promote, or reward excellence in Programming as well..
It may help to motivate devs who've grown disassociated or whos apps may not be getting the attention they deserve.
I currently use Lightning Launcher, and I would definitely say it qualifies as well. It has the most features of any launcher I've tested, and one of the smallest foot prints as well.. its fast and minimalistic, and completely free, and never bothers you about anything.. it has more features than you'd expect from any high-priced app.. if it has additional paid options I dont even know, as the app is extremely feature rich and has all the functions you could ever want, and many more you havent even thought up yet
These kinds of apps make using Android Phones worthwhile
-
Other important requirements -
- Any App wherein the user enters personal, private, or sensitive information, which has the ability to sync Across Devices & Computers through Web-based Servers, shall:
- Provide a switch to turn off all syncing options & functions
- Provide an adequately useful method for SD Card Storage export which is not dependent on the software which was used to create it
- Be fully functional, practical & useful, as per the intent for use of the primary function of the app, in an offline state.
- No app shall automatically start Services such as GPS, Wi-Fi, etc, without offering a user Prompt for acceptance of such actions
- All apps which turn on services like GPS, Wi-Fi, Bluetooth, etc, shall contain a settings option to permanently disable turning on of any such external services
- All information Sent or Received through online servers or web services shall be secure & inaccessible by the host, in the following ways:
- The information & data sent by users shall enter the server and leave the server, and not be kept on the server except for the brief moment during transfer, without being subject to any sort of copy mechanism, nor filter, nor scan, nor shall accessing the content in any way while the information is passing through the server be allowed
- Information & Data uploaded to storage servers for later access by users shall be encrypted by the server administrators with 128-bit encryption, and be stored thus encrypted until it is Retrieved from the server by the user or users granted password access by the owner of the information.
- Server administrators & owners are forbidden from accessing any user information on their servers, and must encrypt the files & user data in such a way that its available only to the user, and otherwise remains in a software-encrypted state upon the server, inaccessible by server admins & owners
- Servers shall be vigilantly maintained and frequently tested for security
- If a server is used for "cloud" storage by the user, the User Data shall be backed-up in an Encrypted state, and frequently tested for data integrity
- Servers which are not secure and which do not encrypt user files & data files, or which do not design themselves to be secure from admin access of data and other third-party viewers, shall be known as "Public Servers", and a Warning Prompt shall appear on the device or computer each time the Server is accessed and data is sent or received (there shall be no method for disabling this prompt). The Warning Message shall clearly state the user is accessing a "Public Server" (capitalized) and that any data sent or received is freely viewable to third-parties, and server owners & administrators shall include themselves as third-party viewers
- First Party users & viewers (hereafter referred to as the "Owner") are designated as both the Device & User which uploaded the data to the server for storage
- Second Party users & viewers are defined specifically as both the Device & User which downloads or accesses the data which was previously stored, and who has been given password-protected permission by the Owner (First Party)
-Third Party is broadly inclusive of any organization, company, or individual who has access or potential access to the Owner's Data. Third Party also includes Devices, Computers, Servers, & Software which handles, accesses or views (or has the potential to do so), in an unencrypted state (not 128-bit or higher), any data or information belonging to or uploaded by the First Party / Owner, with the exception of Software or an Algorithm accessing the data for the sole purpose of automated Encryption to 128-bit level, or decryption from 128-bit, which does not copy, record, send or store any user-sent/received data at all, and which no other software or entity views, has access to, or monitors, records, sends, or retrieves in any way whatsoever
- "Encrypt" (also Encryption, Encrypted, Encrypting, etc) is defined as 128-bit automated, unmonitored software / algorithm encryption processed by a program without oversight or monitoring by any other software, algorithm, or entity,and which has no other function other than Encryption
- To Qualify for Inclusion in the Guild, Server owners must open up their server modules, processes and other relevant information to review by the Guild or one of its member affiliates for inspection, review, & certification. Server Owners must also provide sworn affidavits stating the integrity and security of the data, and how the data is used, who has access, how information is processed, transferred, encrypted, etc. and submit said Affidavits to the Guild before being removed from the Guild Security Blacklist.
-
I think we've already narrowed the list of qualifying software to less than what's available for Windows Phone
-
A qualifying app must also have the ability to retain full functionality after an Android OS reinstall.. meaning a portable install or an install which can use existing files found in File System Root/data/data without errors when reinstalling the app
No developer shall make any requests for donations or monetary compensation of any kind, who has included in his app any form of advertising or which has been given any permissions pertaining to user data & usage information
No App shall require specific permissions for advertisements or promotions.
No in-app advertisement shall require any special permissions or access whatsoever.
No advertisement or information gathering function shall piggyback on other functions requiring access or permissions, nor shall any advertisement or information gathering function utilize access or permissions granted to the app for its core, non-advertising, non-data collecting, non-marketing functions

Categories

Resources