First, my apologize for poor engish
Please allow me to introduce LBE Privacy Guard, a small app wrote by myself. This app enhances Android permission system and protects your privacy.
LBE Privacy Guard works just like Windows UAC, it intercept vital actions (like send SMS, call phones) and requests to access sensitive data(SMS conversation, contacts, phone location, IMEI, IMSI, etc) from apps, then prompt for your confirmation. Unless explicit permit, such actions and request will be rejected.
LBE Privacy Guard also has a low-level firewall, supports per-app control like droidwall, but not require netfilter/iptables so it works on pre-froyo devices and faster than droidwall because it doesn't filter packets.
So why I wrote this app? Because android permission system sucks, it's very hard for average user to understand the meaning of each permission, there is also no way to track the behavior of installed app and no way to control the permission of installed app(except uninstallation).
I hope my app could bring dynamic permission control and real-time track for installed apps. So you can figure out which app is stealing your privacy and block it before your privacy stolen.
LBE Privacy Guard is now on official Android Market, you can get it from
https://market.android.com/details?id=com.lbe.security
This app requires a ROOTed phone, works on Android 2.0 and above (not tested on Android 3.0 and 3.1)
For any questions, feel free to send mail to [email protected], any comments are welcomed You can also check our website at http://www.lbesec.com (Chinese only)
Sounds great, definitly the first app I am going to install after s-off my IS
Been playing with this for the last few hours - looks amazing!
Question how does it "reject"?
Does it send fake information or does it ignore the request?
Thanks!
I definitely ythink this or something similar should be default in android, keep up the good work.
Sent from my SGH-I897 using XDA Premium App
Sounds amazing to me..
Keep on rolling mate!!!
Sent from my GT-P1000T using XDA App
Related
LBE Privacy Guard v2 is available, check http://forum.xda-developers.com/showthread.php?p=18948472#post18948472 for more information.
----------
First, my apologize for poor engish
Please allow me to introduce LBE Privacy Guard, a small app wrote by myself. This app enhances Android permission system and protects your privacy.
LBE Privacy Guard works just like Windows UAC, it intercept vital actions (like send SMS, call phones) and requests to access sensitive data(SMS conversation, contacts, phone location, IMEI, IMSI, etc) from apps, then prompt for your confirmation. Unless explicit permit, such actions and request will be rejected.
LBE Privacy Guard also has a low-level firewall, supports per-app control like droidwall, but not require netfilter/iptables so it works on pre-froyo devices and faster than droidwall because it doesn't filter packets.
So why I wrote this app? Because android permission system sucks, it's very hard for average user to understand the meaning of each permission, there is also no way to track the behavior of installed app and no way to control the permission of installed app(except uninstallation).
I hope my app could bring dynamic permission control and real-time track for installed apps. So you can figure out which app is stealing your privacy and block it before your privacy stolen.
Requirements
**NEEDS ROOT**
Works on Android 2.0 and above.
Tested on various devices and firmwares, but not tested on Android 3.0 and 3.1 devices.
Current Features
1. Block unwanted send SMS / call phone operation
2. Block unwanted access to phone location, contacts, SMS/MMS conversation database, IMEI/IMSI/ICCID/phone number.
3. Integrated low-level firewall, no netfilter/iptables required, works on pre-froyo devices
Market Link
https://market.android.com/details?id=com.lbe.security
Contact us
For any questions, feel free to send mail to [email protected], any comments are welcomed.
You can also check our website at http://www.lbesec.com (Chinese only)
Screenshots
Good application, Thank you
im gonna give this a look. will report back if any issues
Been waiting for an app that watches local permissions.
Can you tell me what exactly is "low-level firewall." How can it filter network traffic if it does not make use of iptables?
Looks promising. Will give it a test ride for a few days.
Sent from my Legend using XDA App
good app
Sent from my Desire HD using XDA App
crashed after a reboot. will re-install and do another test run later as it would not start the security service when i rebooted my phone.
This is great app... works very well on 2.3.4. Thanks for this wonderful app...
from my desire using xda
traumatism said:
crashed after a reboot. will re-install and do another test run later as it would not start the security service when i rebooted my phone.
Click to expand...
Click to collapse
hi traumatism, i would appreciate if you could tell me your phone model, and the ROM you are using.
It looks like LBE Privacy Guard has some problems to obtain ROOT privilege during auto start process.
Installing now, this looks interesting. I'll report any issues tomorrow.
Thank you.
edit: absolutely no issues, this app is awesome!
I was looking for something like this for the longest time... especially since my kernel doesn't support iptables. Installing now.
I am gob smacked, this application is brilliant!
Had it installed for around 2 hours now, no issues at all, works perfectly fine after reboot, doesn't appear to slow down phone or have any performance impact.
This should be included in Android by default!
Running it on HTC Inspire 4G with CM7.0.3
Great app. my first impression is good. looks like you've did a good job .. Thx happy
First look is great. Thank you. It is exactly what I am looking for
asicman said:
Been waiting for an app that watches local permissions.
Can you tell me what exactly is "low-level firewall." How can it filter network traffic if it does not make use of iptables?
Click to expand...
Click to collapse
The "low-level firewall" does not filter packets, instead it removes network related supplemental groups of certain process. Without such supplemental groups, socket syscall will fail with EPERM, so the application will not be able to access network.
This solution neither require netfilter kernel module / iptables binaries, nor filter packets, it's faster. but it can't distinguish 3G and WIFI connections.
I love this idea! I haven't updated "att Mark the Spot" in months because they requested access to everything. The first thing was trust my root apps, sms, gmail & voice apps, then I blocked my phone ID from ALL apps. (would've been nice to have a "reject all" option there.) My question is, are there any legitimate reasons for an app to request my IMEI? Are there any potential negatives to blocking my IMEI from ALL apps?
Edit: I also experienced the force close on reboot, but LBE started right back up on its own. Atrix 4.1.83
eoc, are you planning to release the source code?
Hi guys,
I am a little confused by this app. Can it allow me to stop the imei sending to my carrier when I connect to the network? They are trying to reduce the amount of data included in my plan if im not using an phone!
n3man said:
Hi guys,
I am a little confused by this app. Can it allow me to stop the imei sending to my carrier when I connect to the network? They are trying to reduce the amount of data included in my plan if im not using an phone!
Click to expand...
Click to collapse
No., It will only block apps and not the communication between your device and the carrier which is impossible on GSM networks.
Is anybody experiencing problems with blocked apps? Like fc or anything similar.
Sent from my LeeDroid Desire HD using laggy Tapatalk
After long wait, LBE Privacy Guard v2 is finally available!
V2 has a completely rewritten core service, which makes it faster than previous version and consumes less memory.
However, due to the rewritten core service, the database format is completely different. So it's not possible to keep your configuration while upgrade.
Besides, LBE Privacy Guard v2 has changed package name (from com.lbe.security to com.lbe.security.lite), after you install new version, please uninstall older version.
---------------------
Change log for Version 2.0.1001
0. Fixed compatibility issue for custom ROMs such as CyanogenMod 7.1
1. Completely redesigned service framework with lesser battery drain and less memory usage.
2. Dual firewall support: Uid firewall for Android 2.1 and eariler, iptables firewall for Android 2.2 and later. iptables firewall allows you to configure 3G/WIFI permission separately.
3. Changing app permission now takes effect immediately, app restart is no longer required.
4. New traffic monitor allows you to track 3G/WIFI daily usage for each app on your phone. (you can turn it off if you don't need it).
5. Improved compatibility with Root Call Blocker
---------------------
Requirements
**NEEDS ROOT**
Works on Android 2.0 and above.
Tested on 100+ different devices and firmwares, but not tested on Android 3.0 and 3.1 devices.
Market Link
https://market.android.com/details?id=com.lbe.security.lite
Contact us
For any questions, feel free to send mail to [email protected], any comments are welcomed.
You can also check our website at http://www.lbesec.com (Chinese and English)
Screenshots for your information
Great to see v2. Thanks for your hard work
from tux..
+ 1
already added to german forums: http://goo.gl/5TkcE
with friendly greet
starbase64
I missed this so much and am glad to hear it works with cm7 now. It is available on the market on my HTC thunderbolt but It states that my Moto Xoom is incompatible. But it does work on the Xoom if I go to the site directly and download the apk.
Is it possible to manage LBE itself?
Can Android Firewall still be used as firewall and LBE only for permissions?
Sent from my HTC Desire using XDA Premium App
vr5411 said:
Is it possible to manage LBE itself?
Can Android Firewall still be used as firewall and LBE only for permissions?
Sent from my HTC Desire using XDA Premium App
Click to expand...
Click to collapse
Thanks to the new design, although not recommended, you can actually monitor (and even block) LBE itself.
Personally I would recommend LBE's built-in firewall, but feel free to use any firewall app you want, LBE should work with them.
eoc said:
Thanks to the new design, although not recommended, you can actually monitor (and even block) LBE itself.
Personally I would recommend LBE's built-in firewall, but feel free to use any firewall app you want, LBE should work with them.
Click to expand...
Click to collapse
Okay. Now I can install and use it.
Sent from my HTC Desire using XDA Premium App
Does it work with Call Master?
ftgg99 said:
Does it work with Call Master?
Click to expand...
Click to collapse
Yes
Sent from my HTC Desire using XDA App
You say you haven't tested in on tablets, so here's my experience on an ASUS Transformer 3.2 with Prime: The application keeps saying "your phone is protected" every 5 seconds. It also crashes after I try to change the settings for an app and press the back button.
Curious: Why don't you test for? Can't you use the emulator? Or isn't that possible for apps that need root?
Ability to turn off bandwidth usage on the notification bar would be nice. Also, don't specify the text colour for the text on the notification bar. Thanks!
Can anyone provide a direct download link to the APK? Thanks very much.
PirateNL said:
Can anyone provide a direct download link to the APK? Thanks very much.
Click to expand...
Click to collapse
LBE Privacy Guard
Nice, trying this out now.Thx
Very nice. It's good to see an app developed with privacy in mind.
I'm testing it right now, so far so good.
thanks for putting an off-market version
I prefer to use droidwall for firewall/iptables configuration...
However, even if you turn off the firewall in lbe there are a ton of lbe settings that keep getting written in the iptables.
Even after I format iptables the lbe settings get rewritten the next time lbe is run.
I will not be using this unless this is fixed.
Hi. somehow it stopped working for me.
I used it to deny the GPS for facebook app whitch worked perfectly but somehow it stopped working....facebook can get GPS again.....any ideas?
Dauntless said:
You say you haven't tested in on tablets, so here's my experience on an ASUS Transformer 3.2 with Prime: The application keeps saying "your phone is protected" every 5 seconds. It also crashes after I try to change the settings for an app and press the back button.
Curious: Why don't you test for? Can't you use the emulator? Or isn't that possible for apps that need root?
Click to expand...
Click to collapse
You have to turn off the Notification icon in settings...works for me on Samsung Galaxy Tab 10.1
Best app ever!!
Great update. However, Dolphin Browser HD 7.0.2 does not work. The app is unable to access the internet both via WiFi or 3G. Permissions could also not be set because it's neither listed in the monitored nor trusted app lists. Refreshing the app list didn't help. Anyone else having this issue?
Update: I discovered that denying internet access to Dolphin's desktop toggle plugin causes the browser not to be able to connect (perhaps because the browser agent could not be sent thru the plugin). STILL, Dolphin is nowhere to be found in the app list. I wonder if that's got something to do with the browser's privacy issues which you can read more about here: http://forum.xda-developers.com/showthread.php?t=1319529&page=3
Update 2: Removing the pluggins installed made the browser show up in the app list.
The latest Camera360 update demands a strange and dangerous permission - "Change WiFi State". This is defined as follows:
"Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks."
The apps already has internet access. But change WiFi state means it can not only turn your WiFi on and off, but it can add or delete to your access points, and read/change other information like encrypted passwords.
I emailed the developer (in China) and they just keep emailing me back asking what version I am using. He obviously doesn't want to answer the question!
I've noticed this "permission creep" in many other apps. The latest Firefox Android app wants access to global system setting, address book, and accounts. The latest YouTube app can take pictures and videos without your knowledge.
There are a few apps that I no longer update. I also use DroidWall to block cameras and other apps from internet access.
Stay Away from Camera360!
I use droidwall as well, actually extensively. I block everything but the necessities.
Sent from my LG-P999 using xda app-developers app
Thanks for the heads up.
Sent from my LG-P999 using xda premium
Now that look at it, some of the permissions that Camera360's Chinese developers want are pretty scary:
https://play.google.com/store/apps/details?id=vStudio.Android.Camera360
Here are the most dangerous as of today:
NETWORK COMMUNICATION
FULL INTERNET ACCESS
Allows the app to create network sockets.
YOUR PERSONAL INFORMATION
READ SENSITIVE LOG DATA
Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information. Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
PHONE CALLS
READ PHONE STATE AND IDENTITY
Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
SYSTEM TOOLS
RETRIEVE RUNNING APPS
Allows the app to retrieve information about currently and recently running tasks. Malicious apps may discover private information about other apps.
CHANGE WI-FI STATE
Allows the app to connect to and disconnect from Wi-Fi access points, and to make changes to configured Wi-Fi networks.
Camera 360 Browser Popups!
The Chinese developers that made Camera 360 removed the draconian permissions. But now, it has a more evil behavior. When you start your phone, Camera 360 starts a background process that displays popup ads on some websites with the default Android browser!
Thread on it here:
http://forum.xda-developers.com/showthread.php?p=33130018
Uninstall Camera 360 and watch your phone and your browser run faster!
Uninstalled :good:
Shouldn't this thread be a sticky, and, posted somewhere owners of all different models of phones will see?
Also, surely there must be some kind of app which lets you install apps without actually granting them those permissions? Some kind of permission stripper?
I'm not sure of any apps that control permissions directly but the is one called DroidWall which can block apps from communication over WiFi and/or your mobile network. Needs superuser/root access.
Sent from my LG-P999 using xda app-developers app
Pdroid, need to make a patch for ROM of choice, but it works like a charm!
Sent from my Nexus 7 using xda premium
Bob Tums said:
I'm not sure of any apps that control permissions directly but the is one called DroidWall which can block apps from communication over WiFi and/or your mobile network. Needs superuser/root access.
Click to expand...
Click to collapse
I have DroidWall, and Camera360 is blocked internet access. But it is still able to hook into the Android browser and show popups.
Not sure how that happens. You can try downloading AdAway from the market and see if that gets red of it.
Sent from my LG-P999 using xda app-developers app
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
are you a thief?? :laugh:
Most of the permissions are for ads bases on location
Batcom2
xxXismakillXxx said:
are you a thief?? :laugh:
Click to expand...
Click to collapse
No, but I'm thinking about it. Seriously, have you ever wonder why you get web searches, translations and other services for free and yet the companies that handle the sites are billionaires? Because they sell your personal data and your commercial preferences to other companies without your permission. Think about it when you post your personal data on the web.
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
I'm not so sure about that. However if I buy an ad free app , there shouldn't be any ads. And why an alarm clock need my phone id and can access my call log? It's fishy.
Toriko said:
I'd like to pone a privacy problem.
In Android ,installed apps require permissions to operate. Permissions to access the Phone Id (also the IMEI) or the position of the device or the access to your calls seem very common in most apps on the market.
Permission for the position seems ok for a Gps navigation program but also for an alarm clock? Where do they sent my data and what use they do?
I use LBE privacy guard but it is enough?
what do you think?
Click to expand...
Click to collapse
Rule of thumb: Every app that asks for unique device numbers, location and a backchannel does so because it contains advertisement. Advertisers simply love to track customers and find out as much as possible about them in order to deliver ads that actually result in a sale (contrary to popular belief, they don't do that just to annoy the crap out of everyone).
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
If u filter out apps for their permissions, u will have nothing but the system apps left on the phone! even I used to check permissions b4 downloading at the beginning. Then as I downloaded a lot of apps i was lazy enough to give a dang to wat permissions the app wants! just see through the comments (reviews) to know if there are any issues with the app! That's it.! And nowadays the app developer tries to explain the reason for each permission the app asks for. So sooner all apps are gonna be explaining their permissions! (hopefully)
zelendel said:
Most of the permissions are for ads bases on location
Batcom2
Click to expand...
Click to collapse
This is true although some use it to collect app usage information for the purpose of improving the app. Unfortunately, it can be difficult to determine exactly why a particular permission is requested.
onyxbits said:
Personally, I don't use LBE privacy guard. I haven't seen the source and that pretty much means it is as much a blackbox as the apps, it is suppose to protect me from. For me, rooting and installing a firewall to simply block the backchannel does the trick.
Click to expand...
Click to collapse
Installing a firewall won't solve the problem, because you can't stop apps that need connection : together with the access to the net they send your data. LBE allows the access for the app but block the transmission of your id together with other data.
Anyway LBE also works as a firewall. There's another app that works the same way (Pdroid) but supports only Gingerbread.
Hey guys!
I'm given the task of securing 2 android devices (galaxy tab 7.0 and an S3). The friend of mine who has asked me to do this has been hacked (on an Iphone and on a windows PC) recently (for various sinister reasons) and After I secured her windows environment she bought these devices. A while after using the phone someone started to remotely control the phone and typed 'hell' in our language and she is really afraid. One of the pcs I secured has been stolen since it couldn't be reached remotely anymore, so I guess the threat is pretty serious. Now getting to the point, what would be the BEST way to do this ?
-Flashing custom roms on these (which is the most secure?)
-Seting up an antivirus + firewall on both devices (also I'd like to know which of these are the best NP if its paid)
-Setting up an anti theft app (and same here, I know Cerberus, but I'm wondering if there is a better solution)
The hard part of this is the fact the hackers are very likely experts (they hacked her Iphone back then making it taking photos and logging all keys like a regular keylogger).
What a story!
I strongly recommend avast! AntiVirus which comes with avast! Anti-Theft. Best Part: It's free!
McAfee is supposed to detect more malware but not as many as it would be worth its price.
Sent from my GT-I9100 using xda app-developers app
H3llwar said:
What a story!
I strongly recommend avast! AntiVirus which comes with avast! Anti-Theft. Best Part: It's free!
McAfee is supposed to detect Moore Malware but not as many as it would be worth its price.
Sent from my GT-I9100 using xda app-developers app
Click to expand...
Click to collapse
Thank you Buddy! Any additional professional suggestions? Anyone?
Anti-virus is only a curative solution, and can only detect malware after they have already breached your device. Android's security model makes it difficult for an attacker to remotely breach the device, unless they have a bad app installed on the device. When a user installs an app, they give that app certain permissions, and these permissions need to be checked to ensure they aren't being used as malicious apps (why would a camera app need to make phone calls on your behalf?) . The best suggestion would be to exercise good permission checking habits to ensure you aren't accidentally installing a bad app. Also, attackers may also send bad code through SMS, which may appear as a clickable link. I could keep going on possible ways to get compromised, but these are the most prominent.
syung said:
Anti-virus is only a curative solution, and can only detect malware after they have already breached your device. Android's security model makes it difficult for an attacker to remotely breach the device, unless they have a bad app installed on the device. When a user installs an app, they give that app certain permissions, and these permissions need to be checked to ensure they aren't being used as malicious apps (why would a camera app need to make phone calls on your behalf?) . The best suggestion would be to exercise good permission checking habits to ensure you aren't accidentally installing a bad app. Also, attackers may also send bad code through SMS, which may appear as a clickable link. I could keep going on possible ways to get compromised, but these are the most prominent.
Click to expand...
Click to collapse
Get a PermissionsManager like OpenPDroid or XPrivacy.
Sent from my GT-I9100 using xda app-developers app