Disabled System App Still Running

[0pLuS0]

Device info

• Device: OnePlus 5T
• OS Version: 9.0.11 PIE
• App Manager Version: 2.5.13
• Mode: root - Magisk

When I disable an app, I notice it is still listed in the Running Applications section, which I don't understand because it shows as disabled, and then in the application section it shows the 'Force Stop' button, which also adds to the confusion.

A disabled app should not be able to run, I don't get what is going on here.

BugReportLite in this screen shot shows as Disabled, so why is there a 'Force Stop' button appearing, why doesn't it show up as stopped?

In the Running Apps, BugReportLite is listed as a running app;

[MuntashirAkon]

It's a system app. It can do whatever it wants.

[MuntashirAkon]

Probably the only option is to block its components via IFW.

[MuntashirAkon]

@0pLuS0 could you check if blocking all the components of this package via AM can prevent it from running despite being disabled?

[0pLuS0]

Does AM give/show all the components? I've been trying to figure this out...

This is all I could figure out under the Services & Receivers, but they show as blocked...

[0pLuS0]

So according to the DOCS, this is what I understand for the Components;

Activities, Services, Receivers (originally broadcast receivers) and Providers (originally Content Providers) are together called the application components.

So I'm assuming, from the screen shots above, that's the Components of this app?

I'm assuming they are all blocked, so still not understanding why BugReportLite is running... hmm

P.S. IFW?

[MuntashirAkon]

This is all I could figure out under the Services & Receivers, but they show as blocked...

Apparently, system services can still run in the background despite being shown as blocked by the Android package manager and there's no way to block them it seems. The commit above prioritises the running services so that they will not be displayed as blocked but as running. What you can do is restart your device after disabling the app to see if it's still running.

P.S. IFW?

IFW is short for Intent Firewall. Read the FAQ: https://muntashirakon.github.io/AppManager/faq/app-components.html

[0pLuS0]

So what am I looking for, go through the Services & Receivers, then 1-Click Ops then Block components and block what I have found in Services & Receivers?

I hope this does it, in the screen shot below?

Thanks

[0pLuS0]

I assumed from the above screen shot in 1-Click Ops that all the components of BugReportLite would be blocked and now it would not run at startup, but it's still showing up as a running app;

[MuntashirAkon]

So what am I looking for, go through the Services & Receivers, then 1-Click Ops then Block components and block what I have found in Services & Receivers?

You can block components directly in the App Details page. See https://muntashirakon.github.io/AppManager/guide/app-details-page.html#additional-features-for-rooted-phones

[MuntashirAkon]

but it's still showing up as a running app;

System apps are known to bypass disabling/blocking. I don't know if they can bypass IFW as well.

[0pLuS0]

I really appreciate all the help, AM is turning out to be more work, and not being useful, I mean if we can't disable system apps in a simple few steps, which are going to be major causes of issues, then it's starting to become to much work.

In the end, the simplest solution I see here, is just to run a Firewall like AFWall+, where you only Allow a few apps you use, and then everything else is blocked by default, and there is no Data leaks going on, in the end, this provides the simplest and best security, which is what end-users should be aiming for.

If security isn't the concern, then disabling apps is only going to be about gaining more performance, and there are other ways to go about improving performance on a much larger scale, such as installing a custom kernel and tweaking it for performance.

I've never had to disable system apps for a performance gain, running a custom kernel works better for this.

I don't install bad apps in my system to begin with, it's only the bad system apps that come with an Android device I'm more concerned with, but as I said, these can be dealt with by not allowing them through a firewall.

Good security is first educating the end-users to first stay away from installing crap apps in their systems...

Anyhow, thanks for your time and help, much appreciated, and maybe in the future you can figure out a simple way in AM to disable system apps...

[MuntashirAkon]

I mean if we can't disable system apps in a simple few steps, which are going to be major causes of issues, then it's starting to become too much work.

Yes, of course, I need some workarounds to this problem. But the real problem is not being able to disable system apps, because you see services can be activated by any system app using Binder. Therefore, the app that you've disabled is correctly reported by App Manager but its service(s) are being called by another process through inter process communication (IPC) system using Binder and there's no way to prevent that without some crazy hacks.

In the end, the simplest solution I see here, is just to run a Firewall like AFWall+.

Nope. It still has the same problem. Suppose that, you've blocked the Internet connection of BugReportLite but allowed connection for another system app called Google Play Services. BugReportLite can still connect to the internet using Google Play Services. There isn't any easy solution to this problem which is why we don't recommend people to use any stock ROM.

I don't install bad apps in my system to begin with, it's only the bad system apps that come with an Android device I'm more concerned with, but as I said, these can be dealt with by not allowing them through a firewall.

The debloating of system apps that many people talk about is a myth. You can only debloat user apps, not system apps. System apps have nearly all the permissions that a superuser has, they can bypass anything they want. This is purely intentional and indicates the failure of Android as an operating system (these behaviours are, of course, intentional as you might've guessed already).

[MuntashirAkon]

Although I'm not sure which process is calling BugReportLite. If you can figure that out and disable that process along with this one, you might be able to solve your issue. But I cannot guarantee though. Vendors heavily modify Android frameworks. Therefore, even Android system (the package android) might be calling this process but this is highly unlikely. I found a list of bloatware after doing a quick search, you might start from there.

[0pLuS0]

Thanks for the reply, people can certainly use SuperR's Kitchen, it's the Geeky way, you can certainly debloat out any system app, and then create a custom rom this way, I did it before with OxygenOS Oreo version for the OnePlus5T, but it's work.

OnePlus had a history in the past of collecting Data, not sure if they are still doing it, it was my only reason for wanting to use AM.

I think for my next future purchase I am going with the Google Pixel, because this ioXt security certification has my eye, and I'm hoping it means we will have a more secure device...

https://www.xda-developers.com/google-pixel-4a-pixel-4-receive-ioxt-security-certification/

THANKS

[MuntashirAkon]

I think for my next future purchase I am going with the Google Pixel, because this ioXt security certification has my eye, and I'm hoping it means we will have a more secure device...

Yes, pixel with Graphene would be a better choice.

[0pLuS0]

By the way, from what you mentioned about the firewall, I don't do any of what you thought.

When I use AFWall+ I use on the Allow mode, where you have to pick between all the User & System apps, what you Allow, and I don't allow any System apps to communicate online, so I don't see this as an issue...

What do you mean by Graphene?

[MuntashirAkon]

By the way, from what you mentioned about the firewall, I don't do any of what you thought.

If App Manager were a malicious app and supplied by the vendor (meaning it were signed using the same signature as the OS itself), you couldn't stop it from running in background nor could you stop it from connecting to the Internet. Because I could just use another process to run in the background or connect to the Internet and you'd never know it unless you were careful enough to monitor all the processes using ps or any other monitoring tool. This is beyond the selinux context that Android is used to. Blocking via ip_tables won't work this time. When I finally implement blocking, I'll explain it further in a technical info page in AM docs and why system apps can bypass anything known to the book.

What do you mean by Graphene?

Graphene OS. Search online.

[0pLuS0]

Malicious apps is another subject matter for the uneducated, or cluless, I am neither, I don't run into this problem, I know what I am doing in regards to OS Security/Safety/Privacy.

I'm not trying to sound like a big head, or toot my own horn, I don't know everything who does, but I've been doing this 20 years, and in that time, never had one problem ever...

I'm a Geek, what else can I say...

Graphene OS, I might of seen it in the past...

So I know this is not the place to discuss, but I'll say this, for you to think about, no need to reply...

1. Graphene OS - The Releases are only for a few Google phones, of course you can build your own, good luck with that, so for the Releases, only for Google, I guess the rest of the world won't be secure... LOL

2. Doesn't use GSF or microG, so then it's just a limited amount of apps, hell, I've even used microG, created a debloated microG Rom, and used LOS microG, and microG is bad enough with such limited support for apps already.

3. Bottom line is it's a nice idea, the Noobs are the ones that really need this, but then they'd be all crying because they can't use their favorite apps.

4. I tell everyone that Education is the Best Weapon, get educated and you'll know how to properly run an OS and be safe, and in the end something like Graphene OS is just a niche market....