Database Info

[APP] App Stats (for developers)

App Stats is an Android developer tool which allows you to check application stats and comments from one place. App Stats keeps you informed by notifying you when new information is available such as a new rating or additional comments. The lite version allows you to monitor up to three applications and includes advertisements while the pro version allows for essentially unlimited monitoring and is of course ad free.
Update to Pro (v1.3.0)
Now has a desktop widget =)
Update to Pro (v1.2.0)
Some developers may have a lot of apps to manage stats on such as games with lots of addon content or maybe live wall paper apps, etc. To help alleviate scrolling through a long list of apps, we have added in the ability to label apps and filter the apps list with these labels.
Also, you will find that you can now set per application notification settings. This lets you control when an app update notification is fired so you can now choose specific items to be notified about.
Notes
On certain devices you may not be able to see all of your apps without having root on your device. It is also important to note that if you can not see your app in the market on your device there is no way this app can circumvent that.
If you have any questions, comments or bug reports please contact me here or via our developer email which can be found on the market. (toxicbakery at gmail)
To download, use the attached image or search 'App Stats' on the market and we should be the first two results for pro and lite versions.
Known Issues
- Certain languages may no be available in comments, if you find one please let me know
Upcoming Features
- More graphing options
- Backup search against an app database to find missing data
- Have a feature request? Let me know what you want!
Need another feature? Just ask =)

I love it. But I think that $5 is a bit too much for the full version. I would have gladly paid $2 or $3 even, but anything more takes it out of impulse buy for me.
Don't think I'm bashing your choice, as a dev I understand your need to make money from it, but sometimes the sales you lose from a higher price are worth more than the extra couple dollars you'll make from the higher price.

Thanks for the input! I would have to agree with you that currently $5 dollars is on the high end of price however with the additional features we are working on we feel that it will be a fair price very soon. Depending on what features we end up being able to incorporate we may adjust the pricing.
We almost have the plugin finished that will assist in grabbing your market android id from tcpdump and once we perfect that then it will be possible to search 2.2 apps and copy protected apps when using legit android devices that are rooted. Once this is complete we will have the only app on the market that I know which can essentially hands free get all the needed info to make a 'true' market request that lets you see all applications. This is how sites like androidzoom and like function. Without this additional parameter other apps are limited to 2.1 and less non copy protected applications by design of the market itself.
After that we will be working on letting you attach admob accounts to your apps and possibly google checkout however google checkout looks iffy due to its seeming lack of being able to pull useful information such as 'total sales' etc.
That said, thanks again for the input and if you need help please email me at our developer email for fastest response.
-Ian

One thing that's highly annoying for an application which is not a game, a navigation system, or a media application: Asking for the fullscreen window feature.
Please consider removing it... I don't really see any need for it, and it just breaks the transitions between activities anyway (when you're not making the design consistent). Thank you.
Anyway, once polished up and the bugs cleared up, looks like a useful app

Thank you for the input! We removed the full screen requests on the detailed view and graphs view.
I'm unfortunately out of town currently however either tonight or tomorrow we will be releasing an update that adds in the functionality to search 2.2 and copy protected apps if you have a rooted device. This should alleviate the complaints some people have had about it not finding their apps.
Unfortunately right now having a rooted phone is the only way get the market key we need to make these 'fully enabled' searches due to how the market works currently. The other option is having users use TCP dump to grab the needed packet and then proceed manually with decoding it and running it though protobuf to get the key out.
A few other fixes and tweaks have also been put in place and after we release the updates the Pro version will be available again as we removed it due to a major bug in the licensing we didn't catch before.
Please keep the comments coming! If you don't like something feel free to post it or email us and we will do whatever we can to improve it.
Thank you again to everyone that has voiced their opinion, every bit helps!

Finally got the new version released!
To see copy protected or 2.2 only applications you will need to have a root phone that can already see those apps on the market. For example a 2.1 phone can't see 2.2 applications no matter what you do and theres no way to code around this, sorry.
Once installed, hit menu from the main screen and select settings. Simply hit the "Load Key" Button at the very top and hopefully after a few seconds a Toast should show up saying that the operation was a success.
I know for a fact this wont work on all phones. We tested it to work on a Droid and it works on a G1 with Cyanogen 2.2 rom however it will not work on an Eris. That said I'm sure it will fail to work on other phones but I will be working on figuring out the fix asap. If you are one of the unlucky ones with a phone that doesn't work, please email me or message me here and I will do whatever I can to get you setup!

New version is now out and good news! It appears, on our end, that root is no longer necessary to get copy protected and 2.2 applications. This change is still too new to confirm it works on all devices so please send us feedback on if you can see all of your applications without using the root feature.
As always please feel free to leave feedback!

New version released that will hopefully allow more users to successfully find all of their apps with less hassle. Also a few misc bug fixes and FC issues have been resolved.

Update to pro version released, main post updated.

Released new versions of lite and pro, updated main post.

About App Stats and its development
I am from Mobile application Development company in Singapore. I would like share this stats, today more users are available in through mobile apps. and mobile developments also increasing day by day. So this growth of development is lead the business strategy. Know from our Mobile app development how its useful for business environment.

What's going on with Eclipse?

Trust no-one, that's the first amendment for privacy concerned people...
So can we trust the compilers, IDE's etc.?
I made some tests with Eclipse, and the results are not very encouraging.
I created a hello world app.
This app has no permissions and it's supposed to only display its "hello world" message, but when I checked with Xprivacy if it had tried to access data I found out that it had requested access to:
1-phone/Configuration.MNC (cell tower),
2-phone/Configuration.MCC (cell tower),
3-identification/serial (the phone's serial number)
4-storage/sdcard.
Not bad but wait, there's more!
Then, I passed the app through Privacy Blocker, and it said that helloworld wanted to know my network type code.
I decompiled the app, removed the whole /smali/android folder, recompiled and reinstalled the app, now it doesn't want to know my network type anymore (but it stills tries to access 1, 2, 3, 4).
That means that there's something in the smali/android folder that requests the network type.
Note that this folder is added covertly since one would never know it's there unless one decompiles the app with apktool, and that the app works without it (actually one can see it in the libs in the Eclipse project, but a newbie wouldn't know that it's added in the app's smalis since it's not in the src folder).
Then I added a simple "search" button in the layout and in the main activity, and now the app wants to access, on top of the 4 above mentioned fields, system/queryIntentActivities.
Note that the app works even with everything restricted in Xprivacy.
To my understanding part of the problem comes from Eclipse and part comes from the Android OS itself, but I'd like to know what other people with more knowledge than me think about it

http://developer.android.com/tools/support-library/index.html
unclefab said:
Trust no-one, that's the first amendment for privacy concerned people...
So can we trust the compilers, IDE's etc.?
I made some tests with Eclipse, and the results are not very encouraging.
I created a hello world app.
This app has no permissions and it's supposed to only display its "hello world" message, but when I checked with Xprivacy if it had tried to access data I found out that it had requested access to:
1-phone/Configuration.MNC (cell tower),
2-phone/Configuration.MCC (cell tower),
3-identification/serial (the phone's serial number)
4-storage/sdcard.
Not bad but wait, there's more!
Then, I passed the app through Privacy Blocker, and it said that helloworld wanted to know my network type code.
I decompiled the app, removed the whole /smali/android folder, recompiled and reinstalled the app, now it doesn't want to know my network type anymore (but it stills tries to access 1, 2, 3, 4).
That means that there's something in the smali/android folder that requests the network type.
Note that this folder is added covertly since one would never know it's there unless one decompiles the app with apktool, and that the app works without it (actually one can see it in the libs in the Eclipse project, but a newbie wouldn't know that it's added in the app's smalis since it's not in the src folder).
Then I added a simple "search" button in the layout and in the main activity, and now the app wants to access, on top of the 4 above mentioned fields, system/queryIntentActivities.
Note that the app works even with everything restricted in Xprivacy.
To my understanding part of the problem comes from Eclipse and part comes from the Android OS itself, but I'd like to know what other people with more knowledge than me think about it
Click to expand...
Click to collapse

Thank you very much for your time Sir, and thank you for this nice and personalised answer, but I already knew about libraries, and anyway you completely missed the point.
The point is:
1-why a very simple hello world app built on eclipse requires private data access?
2-why that lib, that requests access to some data behind my back, is added to the final app whereas it's not needed?
I add that I'm building other projects (and it's actually from there that I understood that something was wrong and that I decided to make a plain hello world app to check it out) and same story, data access is added without my consent.
Oh well, nobody seems to care about the matter, and I don't care if people don't care so just tell me if you want me to remove this thread and let's forget about it...

[APP][5.0+][ROOT/NONROOT][GPLv3] Material Files (open source file manager)

Material Files
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
An open source Material Design file manager, for Android 5.0+.
https://github.com/zhanghai/MaterialFiles
Downloads
Google Play
F-Droid
GitHub releases
Screenshots
Features
Open source: Lightweight, clean and secure.
Material Design: Like the good old Cabinet with attention into details, and optional MD2 style.
Breadcrumbs: Navigate in the filesystem with ease.
Root support: View and manage files with root access.
Archive support: View, extract and create common compressed files.
Themes: Customizable UI colors and night mode.
Linux-aware: Like Nautilus, knows symbolic links, file permissions and SELinux context.
Robust: Uses Linux system calls under the hood, not yet another ls parser.
Well-implemented: Built upon the right things, including Java NIO2 File API and LiveData.
Why Material Files?
Because I like Material Design, and clean Material Design.
There are already a handful of powerful file managers, but most of them just isn't Material Design. And even among the ones with Material Design, they usually have various minor design flaws (layout, alignment, padding, icon, font, etc) across the app which makes me uncomfortable, while still being minor enough so that not everybody would care to fix it. So I had to create my own.
Because I want an open source file manager.
Most of the popular and reliable file managers are just closed source, and I sometimes use them to view and modify files that require root access. But deep down inside, I just feel uneasy with giving any closed source app the root access to my device. After all, that means giving literally full access to my device, which stays with me every day and stores my own information, and what apps do with such access merely depends on their good intent.
Because I want a file manager that is implemented the right way.
This app implemented Java NIO2 File API as its backend, instead of inventing a custom model for file information/operations, which often gets coupled with UI logic and grows into a mixture of everything. On the contrary, a decoupled backend allows cleaner code (which means less bugs), and easier addition of support for other file systems.
This app doesn't use java.io.File or parse the output of ls, but built bindings to Linux syscalls to properly access the file system. java.io.File is an old API missing many features, and just can't handle things like symbolic links correctly, which is the reason why many people rather parse ls instead. However parsing the output ls is not only slow, but also unreliable, which made Cabinet broken on newer Android versions. By virtue of using Linux syscalls, this app is able to be fast and smooth, and handle advanced things like Linux permissions, symbolic links and even SELinux context. It can also handle file names with invalid UTF-8 encoding because paths are not naively stored as Java Strings, which most file managers does and fails during file operation.
This app built its frontend upon modern ViewModel and LiveData which enables a clear code structure and support for rotation. It also properly handles things like errors during file operation, file conflicts and foreground/background state.
In a word, this app tries to follow the best practices on Android and do the right thing, while keeping its source code clean and maintainable.
Because I know people can do it right.
Nautilus is a beautifully-designed and user-friendly file manager on Linux desktop, and it's fully Linux-aware. Phonograph is an open source Material Design music player app (which I've been using for years), and it has just the right Material Design and implementation.
So, it's time for yet another Android file manager.
License
GPL-3.0-or-later
Code:
Copyright (C) 2018 Hai Zhang
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
XDA:DevDB Information
Material Files, App for all devices (see above for details)
Contributors
dreamingincode
Source Code: https://github.com/zhanghai/MaterialFiles
Version Information
Status: Stable
Current Stable Version: 1.0.0
Stable Release Date: 2019-12-02
Created 2019-12-08
Last Updated 2019-12-09

Reserved

Reserved

Reserved

Thank you for opening this thread on XDA. 謝謝 ！
I was following this on GitHub since I saw the application on F-Droid.
Stunning 1.0 release !
A feature request I think I haven't seen yet on GitHub's issues; would it be possible to implement full long filenames ? Currently they get truncated with a "..." and some file listings show the same partial filename for all items.
　

dreamingincode said:
Reserved
Click to expand...
Click to collapse
Tried the app.Very nice app for first release and its open source(cool)
Requesting for adding cloud (drive,mega) file management feature... Thank u

Ultramanoid said:
Thank you for opening this thread on XDA. 謝謝 ！
I was following this on GitHub since I saw the application on F-Droid.
Stunning 1.0 release !
A feature request I think I haven't seen yet on GitHub's issues; would it be possible to implement full long filenames ? Currently they get truncated with a "..." and some file listings show the same partial filename for all items.
　
Click to expand...
Click to collapse
You can copy the full name in the "Properties" dialog. I intentionally put the ellipsis in middle in hope that it can help distinguishing different files with numbers at end, etc. Unfortunately the file name cannot be two-line/multi-line because fast scrolling requires every item to be of fixed height

thisisarjun said:
Tried the app.Very nice app for first release and its open source(cool)
Requesting for adding cloud (drive,mega) file management feature... Thank u
Click to expand...
Click to collapse
See https://github.com/zhanghai/MaterialFiles/issues/95 or https://github.com/zhanghai/MaterialFiles/issues/148

dreamingincode said:
You can copy the full name in the "Properties" dialog.
Click to expand...
Click to collapse
Well, thanks, but that is not really a solution. In a list with dozens or hundreds of files it's not realistic to check each single filename, dozens or hundreds of times.
Organizing photos or sound files, I have listings with hundreds of files that all seem to have the exact same name.
Sorry to hear it is not possible. ( You could check Ghost Commander to see it implemented in another open source file manager. FX, MiX, not open source, but also with threads in XDA, or the venerable Total Commander, all can show full filenames. Linux file managers as well. )
Well, good luck with the project.
　

Ultramanoid said:
Well, thanks, but that is not really a solution. In a list with dozens or hundreds of files it's not realistic to check each single filename, dozens or hundreds of times.
Organizing photos or sound files, I have listings with hundreds of files that all seem to have the exact same name.
Sorry to hear it is not possible. ( You could check Ghost Commander to see it implemented in another open source file manager. FX, MiX, not open source, but also with threads in XDA, or the venerable Total Commander, all can show full filenames. Linux file managers as well. )
Well, good luck with the project.
　
Click to expand...
Click to collapse
I tried MiX with full file name enabled, and fast scrolling indeed became broken :crying:

dreamingincode said:
I tried MiX with full file name enabled, and fast scrolling indeed became broken :crying:
Click to expand...
Click to collapse
I'm not sure what fast scrolling means, but at any rate if all filenames look exactly the same, no operation is possible. Here's an example comparing with FX.
　

Ultramanoid said:
I'm not sure what fast scrolling means, but at any rate if all filenames look exactly the same, no operation is possible. Here's an example comparing with FX.
　
Click to expand...
Click to collapse
Oh, fast scrolling means if you drag the scrollbar, the scrollbar actually follows you so that you can scroll through the entire content quickly. That requires knowing the item height without laying all of them out, so dynamic item height will most likely break it.
Maybe I should consider adding an option to make all items take the height of a two-line file name. Created https://github.com/zhanghai/MaterialFiles/issues/205.
Btw I also happened to listen to that song, a really beatiful one It has been in my personal music library for years, the piano arranged version.

dreamingincode said:
Oh, fast scrolling means ... the piano arranged version.
Click to expand...
Click to collapse
I understand. Thank you very much for considering it. I had been testing the F-Droid build and this was my only serious problem. It is a really solid file manager.
Yes, I have the piano version too. It is a good soundtrack. (^^♪
　

dreamingincode said:
Oh, fast scrolling means if you drag the scrollbar, the scrollbar actually follows you so that you can scroll through the entire content quickly. That requires knowing the item height without laying all of them out, so dynamic item height will most likely break it.
Maybe I should consider adding an option to make all items take the height of a two-line file name. Created https://github.com/zhanghai/MaterialFiles/issues/205.
Click to expand...
Click to collapse
The fixed height schema is malapropos and can be problematic...
Maybe we can refer to how web browsers rendering lengthy web pages.

I checked the 1.0.1 release from GitHub since the F-Droid build is always slower to appear. Very disappointed to see it's loaded with trackers; Firebase, CrashLytics, GCM...
Hopefully the F-Droid build will be clean and without all those things, but still worrisome.
　

I am also an enthusiastic Android user myself (which is why I built the app) and I do share your concern, but as a developer I also need analytics and telemetry to know how my app works and debug issues, so I hope you could understand it.
Meanwhile, Firebase Crashlytics is one single thing (source), and I didn't use GCM which is for push notifications. So it feels kinda unfair to say the app is "loaded with trackers".
Different people may have different expectations of privacy, and I fully understand it which is why I published the app on F-Droid. F-Droid only allows building from open-source code (Firebase surely isn't open source), and makes it very hard to do otherwise, so you don't need to worry about the F-Droid version. You can check my F-Droid build file to see how nonfree code is removed before build, and the GitHub repo to see the full source code.
Regarding latency of F-Droid build, unfortunately it's a limitataion of F-Droid and I cannot do anything about it. The build file linked above already has the recommended auto update mechanism configured, so we just have to wait one or two days (see the previous link, F-Droid signing needs human intervention) for a new version to be there. You can also download the F-Droid tool to do your own build using the build file if you really want the free version quickly, which I did for once when testing the build file.
EDIT: Didn't see you screenshot. Yes Firebase Analytics and Firebase Crashlytics are two things, but both under Firebase and viewed at the same place, one for analytics and one for telemetry.

dreamingincode said:
So it feels kinda unfair ...
Click to expand...
Click to collapse
Thank you for the reply, and developer myself. But surely much older and missing the era where software was paid with money instead of personal information.
Still won't allow a single tracker on my system on any device. That's one tracker too many. Unusual, I know, but no Play Services, no social data miners, no malvertising, no crash reporters, no trackers, and no internet permission for anything other than the web browser and terminal, period. And if possible, only open-source applications to be able to audit the code.
I understand 99% of users just want convenience, and prefer a "free" pretty application that records everything they write, say, eat, do, and uses it or sells it, than running a clean but ugly Linux binary in a terminal...
Edit : Sorry if it seems I was complaining about the F-Droid delay, I wasn't, I know it's not something you can control.
　

Ultramanoid said:
Thank you for the reply, and developer myself. But surely much older and missing the era where software was paid with money instead of personal information.
Still won't allow a single tracker on my system on any device. That's one tracker too many. Unusual, I know, but no Play Services, no social data miners, no malvertising, no crash reporters, no trackers, and no internet permission for anything other than the web browser and terminal, period. And if possible, only open-source applications to be able to audit the code.
I understand 99% of users just want convenience, and prefer a "free" pretty application that records everything they write, say, eat, do, and uses it or sells it, than running a clean but ugly Linux binary in a terminal...
　
Click to expand...
Click to collapse
I'm more of a pratical user for myself, but I agree people should have the freedom to not be tracked. This app is my hobby project created for myself and others, and I surely don't want to track anyone with it, so rest assured.
The source code of this project is free (as in freedom) with GPLv3, and the F-Droid version contains only FOSS code and should be a clean and beautiful app to use. I believe free software should be as good as, or even better than proprietary ones ?

dreamingincode said:
Because I want a file manager that is implemented the right way.
This app implemented Java NIO2 File API as its backend, instead of inventing a custom model for file information/operations, which often gets coupled with UI logic and grows into a mixture of everything. On the contrary, a decoupled backend allows cleaner code (which means less bugs), and easier addition of support for other file systems.
This app doesn't use java.io.File or parse the output of ls, but built bindings to Linux syscalls to properly access the file system. java.io.File is an old API missing many features, and just can't handle things like symbolic links correctly, which is the reason why many people rather parse ls instead. However parsing the output ls is not only slow, but also unreliable, which made Cabinet broken on newer Android versions. By virtue of using Linux syscalls, this app is able to be fast and smooth, and handle advanced things like Linux permissions, symbolic links and even SELinux context. It can also handle file names with invalid UTF-8 encoding because paths are not naively stored as Java Strings, which most file managers does and fails during file operation.
This app built its frontend upon modern ViewModel and LiveData which enables a clear code structure and support for rotation. It also properly handles things like errors during file operation, file conflicts and foreground/background state.
In a word, this app tries to follow the best practices on Android and do the right thing, while keeping its source code clean and maintainable.
Click to expand...
Click to collapse
With no intent to disappoint you... But I'd like you to know:
Being of higher level of abstraction does not necessarily ensure being of higher level of quality...
...what's under the hood may be not much different from another `ls` parser.
And usually... those abstraction layers inevitably introduced some losses in the runtime efficiency of the program.
dreamingincode said:
However parsing the output ls is not only slow, but also unreliable...
Click to expand...
Click to collapse
It doesn't have to be slow... nor unreliable. When properly implemented.
If necessary, you can adapt your own version of `ls` specifically optimized for your specific purpose, to reduce the performance overhead. (though generic `ls` already works well... for most purposes, and usually still faster than calling similar functionalities from the abstraction layer of higher levels)
Indeed anything unfamiliar can be considered unreliable... though `ls` indeed gives consistent output.
dreamingincode said:
...which made Cabinet broken on newer Android versions.
Click to expand...
Click to collapse
I believe the cause is this. (check the adjacent posts too)
Something about Google's whims: the approach towards "No file in the system"... (the exact opposite of the creed of Unix)
dreamingincode said:
By virtue of using Linux syscalls...
Click to expand...
Click to collapse
More accurately, it's calling native Linux applications/libraries through the JNI.
Meanwhile... how's the app's performance in this test? (unfortunately I'm unable to verify on my system due to dependency issues)

gdgsdg123 said:
Being of higher level of abstraction does not necessarily ensure being of higher level of quality...
...what's under the hood may be not much different from another `ls` parser.
And usually... those abstraction layers inevitably introduced some losses in the runtime efficiency of the program.
Click to expand...
Click to collapse
There must be an abstraction to represent files and paths in a file manager written in Java, however you get the file data (via `ls`, Java File or custom native things). Java NIO2 file API is a good abstraction so it's an improvement over bad ones.
It's very diffrent from an `ls` parser in that it doesn't parse the output of an unknown version of a binary, and it doesn't start new processes.
It doesn't have to be slow... nor unreliable. When properly implemented.
If necessary, you can adapt your own version of `ls` specifically optimized for your specific purpose, to reduce the performance overhead. (though generic `ls` already works well... for most purposes, and usually still faster than calling similar functionalities from the abstraction layer of higher levels)
Indeed anything unfamiliar can be considered unreliable... though `ls` indeed gives consistent output.
Click to expand...
Click to collapse
It is unreliable and cannot be properly implemented, because things like newline in file name. In a word, it doesn't provide an option to separate lines with a NUL byte, and thus cannot be reliably parsed. `find` provides such an option as mentioned in the HackerNews thread, but it cannot output all the needed file metadata like `ls` and launching separate processes to retrieve metadata is painfully slower.
It has to be magnitudes slower than JNI because every time it is creating a new process, waiting for it to finish and collecting its output. This will be a huge slow-down comparing to any number of layers of abstraction within Java.
Building and bundling `ls` only solves parsing, but cannot avoid creating a new process every time in any way.
`ls` isn't something completed and untouchable, and it can be inspected, modified and improved. I consulted the source code of `ls` (and various others) in toybox (the AOSP implementation now) and OpenJDK NIO2 implementation before writing my own, not inventing something new.
I believe the cause is this. (check the adjacent posts too)
Something about Google's whims: the approach towards "No file in the system"... (the exact opposite of the creed of Unix)
Click to expand...
Click to collapse
The cause of Cabinet stopped working is unlikely the Scoped Storage work happening in Q and beyond, because it is broken on P. It is showing every file/folder name as `0` which is likely due to modification to `ls` output that added a new column, and Cabinet thought that was where the file name should be.
About the trend in Android towards scoped storage: Rooting itself is against the Android permission system, etc, and is much less supported than raw file access. So as long as root is supported on Android, having a Linux file manager makes sense to me.
More accurately, it's calling native Linux applications/libraries through the JNI.
Click to expand...
Click to collapse
Yes this is the point. Using JNI to call into a custom native library avoids the overhead of creating new processes. However, these JNI calls are simple wrappers around the original Linux syscalls, so I believe it's fine to say that the app is utilizing Linux syscalls (there's no other way of using Linux syscalls in Java).
syscalls.c is the source code for syscall wrappers written in C. Syscalls.java is the Java interface. As you can see, they are merely wrappers around the original syscalls.

anbox+microG: what is the current easiest approach?

I would like to use anbox (in postmarketos) together with microG (for supporting apps which depend on Google Play Services). What would be the easiest way to add signature spoofing to anbox image? This was discussed briefly here: https://github.com/anbox/anbox/issues/27 but nothing definitive (the last post https://github.com/anbox/anbox/issues/27#issuecomment-863918130 goes into the most detail but finish). I am a bit lost with all the smali/baksmali/haystack/tingle plus different android version and so on; some of the tools have not been updated for years and I would like to see what would be the current best approach. Ideally, including the UI for allowing signature spoofing as an extra special permission granted to certain apps, though predefined set of apps allowed to spoof (microG) is sufficient as well.
If this is somehow not feasible, building anbox (android.img) on my own is also an option, in which case pointers to patches to the source code would be very welcome.
On the normal phone, I was lucky I could install microG+LineageOS pre-built.
Thanks for help!

[App][7.0+][Early Access] Truvark - modern file encryption

Truvark is a modern file encryption app for Android. You might be wondering why building another vault app as there are already a lot of options. The difference is that Truvark is built around security by design and privacy by default. To proof that I take that serious, this is an offline app, it does not have/requests Android's Internet permission. Features like cloud synchronization are not compatible with the mentioned paradigms. However, that does not mean that you cannot sync or backup your data through a third-party app (on your own risk). Read more about (unique) features below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Features​Multiple vaults​You can create multiple vaults on your device. Any empty folder can become a vault. All your data remains on the shared device storage, means you can access the encrypted files from a file manager e.g. for backups.
This is a major difference to alternatives. Some apps don't even encrypt your files, they just move them to the app's internal storage. These often speak about "hiding data" instead of encrypting. Others using encryption still prohibit access. You fully rely on their export feature.
Deep folder structures​Truvark is not an encrypted gallery that just lets you group your pictures into albums. It is a file encryption app providing full support for creating folders inside folders. You are not limited in organizing your files.
View encrypted files​The aim is to be able to view common file types in the app. Currently supported are images, videos and audio. The decryption takes place "on the fly" means the required data is decrypted in memory while needed. This is especially important for long videos that would not fit into memory. The image viewer supports high-res pictures and shows more details when zooming in instead of becoming pixelated.
Here are more differences to alternatives to spot. While I analyzed a wide range of vault apps from multimillion downloads to open source ones I found many flaws. Apps decrypting the full file to disk before showing it, scarify performance and possibly put that file on a risk. Others don't encrypt thumbnails, just the original files.
Privacy by default​To make it short this app has no Internet permission. There are no analytics, ads, telemetry or requirements for an account. However, there is an option for logging that is turned off by default. Logging is required to be able to help any user that has an issue with my app. The user needs to provide these logs, they are not automatically sent (what is technically impossible because of the missing Internet permission).
Security by design​Truvark is using a component (library) for encryption that is built by Google engineers and used in Google Pay. It's called Tink and has the following promise:
A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Click to expand...
Click to collapse
The last part is important. In cryptography it is enough to get a single parameter wrong to make an encryption insecure. Therefor I decided to rely on a popular open source library.
Additionally, Argon2(id) is used for key derivation. It won the Password Hashing Competition back in 2015 and is one of the best (if not the best) algorithm for that task out there.
The cryptographic core of Truvark (the combination of both libraries) is open source and available on GitHub.
The database is a Realm database. Realm can feature encrypted databases and of course that is in use. I have seen a lot of vault apps without encrypted database during my analysis.
Furthermore, Truvark supports biometric (e.g. fingerprint) authentication for unlocking a single vault. That feature is backed by the Android Keystore and might not be available on devices even though they offer biometric authentication because a strong authentication is required that not every device supports.
Partly open source, fully in future​As mentioned above the cryptographic core is already open source and available on GitHub. You can see that this is not my first open source project. Because I'm committed to open source, I plan to publish the full source code sometime in future. The idea is to do that when the app leaves early access but all in all I will do that when I think it's ready.
About development​On the one hand I want to let you know that I'm a professional software developer and not coding as hobby only, on the other hand I have to put a disclaimer here that I'm not a cryptography expert. However this app was carefully build over time and not in a hastle. Although this app is in early access, it is not a prototype or minimal valuable product. Every release is going trough automated and manual tests. For the manual tests I'm using multiple devices. Nevertheless I'm not afraid to say that bugs can happen. I personally lost data using alternatives in the past, so I am very aware of that issue. Therefor this app stores many information redundant. For example in near future a corrupted or deleted database can be almost fully restored (only some information about the folder structure will be lost but you don't need to organize all files again). The app is already designed to support featues like this in future. Furthermore to backup your encrypted files all you need to do is copy the vault folder.
Upcoming features​
Move files and folders to different folders
Rename folders
Rename vault
Material3, followed by many UI and UX improvements
Performance improvements
Future plans​
Support more file types (like text and PDF)
Fully open source
Provide desktop clients (cross platform)
Download​Download from Google Play

Changelog:
0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
0.3.1:
Fix a bug during biometric setup

Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!

7h3DuD3 said:
Thanks for this, I noticed in recents I did not have to relog in to open, pixel as far as I understand doesn't close recents and clearing them also doesn't actually end the process losing a security risk. Great app though!
Click to expand...
Click to collapse
Hi,
many thanks for giving Truvark a try and for providing feedback. Indeed there is no mechanism automatically closing a vault or the app itself. Actually I spend a bunch of hours on this feature already and haven't found a solution yet that significantly improves security while keeping encryption/decryption/etc reliable.
You might have noticed that this app makes heavy use of background scheduling. Other apps show a dialog forcing you to wait while they encrypt one file after another, where Truvark runs encryption parallel in background and you still can view your already encrypted files. This is one of the reasons why the feature you mentioned is not available yet, closing a vault would cancel background operations that cannot be automatically started again when the vault is opened next time, because of storage permissions.
Truvark is completely build on Android's "new" storage design (that Google enforced in Android 10/11) by using the storage access framework (SAF).
Therefor I cannot grantee that automatically closing a vault will ever be available, however likely there will be at least a button to close a vault inside the app or maybe a login screen to prevent access to the UI while still having that vault open in background. Actually I’m planning bigger changes on how the vaults are opened with the goal to make it possible having multiple vaults open at the same time. During that process I will reevaluate if it is easier to implement that feature.

@7h3DuD3 did my post answered your questions or are you looking for different information? Happy to answer any question or feedback.
May I ask you in case you regularly use a vault/encryption app what app you're using? What you like about it and what could be improved in your opinion?
Furthermore, I might be able to give insights about the security and privacy of alternative apps if they were part of my analysis. Hoping to analyze more vault apps soon, possibly on request.

Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *

7h3DuD3 said:
I haven't tried a brute force, might be kinda fun to do.
Click to expand...
Click to collapse
Starting with your last sentence, I wish you good luck with that. Of course it depends on your password. Assuming you picked a good password (Truvark requires 8 character at the moment) brute force is by far the worst attack you could try. For hashing Argon2id is used with a configuration above the minimal recommendations by OWASP and for encryption Google's Tink library is used that "has been deployed in hundreds of products and systems" (quote from their readme file) including Google Pay.
I think you should try attacking the implementation instead of globaly used algorithms.
7h3DuD3 said:
Actually don't use one ever for more than a few days, however I've been using this for a bit and find it adequate. Perhaps a triggered deletion of the vault, say recieve an email or text, but I'm fairly certain tasker could do that or multiple other apps not to mention the security risk of having something like that poses a security risk in itself. But overall I'd say it's better then what I've used in the past and files I carry on my personal thumbdrive are vaulted which feels better knowing should I lose it my personal information won't just be in a .hiddenpasswords.txt file lol that's been the main thing is bs where they hide the file like no one's gonna see that or rename the extension with no encryption. I haven't tried a brute force, might be kinda fun to do. Suggestion, Better variety of file types *
Click to expand...
Click to collapse
Thanks that you overall seem to like my app. I don't plan to implement a remote deletion because I believe that strong cryptography does not need that. If you really want to build that yourself in a first step you could just delete the file with the name "vault". It contains a so called salt and the encrypted database key, without the file the attack surface is reduced (and you lose access to your files even with correct password btw).
Because you mentioned a thumb drive, that is one of the benefits of the new storage APIs. Truvark fully supports sdcards and external USB devices without workarounds or the need to move data manually from time to time. I have seen lots of vault apps with bad sdcard support.
What file support are you looking for? I plan GIFs, basic text files and PDFs next.

0.3.2:
Replace prebuild Argon2 (used for password derivation) with own build from official source
Update various dependencies (including improvements to the in-app file presenter)
Development is currently a little slow or let's say less visible to users because of many under the hood changes. Furthermore, I'm waiting for improvements/new features in some dependencies. Next will be various improvements to the database. After that I plan to work on Material3 design.

0.4.0:
Target Android 13
Handle new notification permission (first and only required permission)
Support themed icons (Android 13)
Update dependencies
Was quiet in the last months, also because I had little time, the development will progress much faster in the next weeks. I am still working on the replacement of the database implementation. Afterwards it goes on with the Material3 redesign that will come with many new features.

0.5.0:
Fix lags affecting the in-app file viewer
Loop video/audio playback
Update various dependencies
Drop a dependency in favor of official implementation
Obviously, my plans (see above) didn't work out. Unfortunately I'm still waiting for a final feature for database migration, which is finally in development upstream. So here is another small update.
I commit to continue improving this app and bring it out of early access status, as well as go fully open source in future.