I want to develop an app with the following design:
The app will have some permissions (for example A- read the contact list B- use the Camera C- use the GPS location)
I want the app to contain 3 Mini apps that each of the mini apps has different permission. (Each of the mini app when activated download data from my server and request permissions, and I want that each one of the mini apps could get access only to one permission)
Can I do that ? how complicated the solution would be?
Do you know any apps the behave the same?
Thanks
Joe
Please respond
I cant post on other forums
thanks
Joe McCain said:
I want to develop an app with the following design:
The app will have some permissions (for example A- read the contact list B- use the Camera C- use the GPS location)
I want the app to contain 3 Mini apps that each of the mini apps has different permission. (Each of the mini app when activated download data from my server and request permissions, and I want that each one of the mini apps could get access only to one permission)
Can I do that ? how complicated the solution would be?
Do you know any apps the behave the same?
Thanks
Joe
Click to expand...
Click to collapse
It is not possible to define permissions for 'parts' of apps, permissions defined in the manifest cover the whole app, you would have to just write these as three separate apps
clarification
zacthespack said:
It is not possible to define permissions for 'parts' of apps, permissions defined in the manifest cover the whole app, you would have to just write these as three separate apps
Click to expand...
Click to collapse
Ok, so lets assume that I want to build my own mechanism to grant to permissions to each and every mini-app, can I build that kind of mechanism? or if someone will try very hard he can use unauthorized permission?
Thanks
Joe
Joe McCain said:
Ok, so lets assume that I want to build my own mechanism to grant to permissions to each and every mini-app, can I build that kind of mechanism? or if someone will try very hard he can use unauthorized permission?
Thanks
Joe
Click to expand...
Click to collapse
The issue is how android actually handles permissions.
It does so using the normal Unix/Linux users and groups, when you install an app this app is given its own user, and the permissions it requires are related to groups which the user for that app is added to.
In this sense one apk is treated as an App thus you can not have more than one different set of permissions for the same apk
...
zacthespack said:
The issue is how android actually handles permissions.
It does so using the normal Unix/Linux users and groups, when you install an app this app is given its own user, and the permissions it requires are related to groups which the user for that app is added to.
In this sense one apk is treated as an App thus you can not have more than one different set of permissions for the same apk
Click to expand...
Click to collapse
but If I build my own mechanism in the app code? for example I design the app that every miniapp should get its input through a main service, can I assure that the miniapp wont get input it doesn't need? or it wont be a problem for my "vendor" to pass my service and get the permission it needs
I hope that I'm clear
Joe
Related
Not sure if any of you ever heard of ngmoco's Plus+ game social network on iPhone, well they were bought out by a japanese company who owns "Mobage", a mobile game network in Japan.. Now they're releasing games on Android, but every single one of their apps has every permission in the book, & they give no explanation for any of them.
Now I'd normally stay away, but they have one game I loved on iOS, Pocket Frogs, here's a link; http://0.mk/72868 check out the permissions tabs.
Is it safe? Is there any way to block all permissions in an app or disable them??
Thanks.
TL;DR, remove app permissions?
I clicked on it and the permissions they have in there now seem normal actually. Except for this one:
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
It looks like they might have removed quite a bit of the permission requests because in the reviews people were saying it requests "super user access" and stuff like that but when I read the permissions, that one isn't listed anymore.
Yeah, that's the one that bothered me the most, but hardly any of those are required for the app to run, it's just unnecessary & annoying for a game to have that many permissions
Is there any way to remove its permission to read contact data?
That app also requested SU access on my phone. I denied it and then immediately removed the app. There is no reason that game should require SU access.
There is a handy linux tool to list permissions that an APK uses via commandline called scanperms. I use it to check out what an app uses before installing.
URL is hxxp://tinyurl.com/cvo6dqw
Is it possible to know if any app is grabbing all the keystrokes in my phone?
What is "garbing"?
Jayadratha Mondal said:
Is it possible to know if any app is garbing all the keystrokes in my phone?
Click to expand...
Click to collapse
No, I don't think any app will grab your key strokes. However while typing with Swype Keyboard or some other may store your key strokes just to make you more efficiently but it does not saves your passwords.
You can do one thing is download Android Assistant and open the third tab in it there you will find Permissions open it and see which app has access to what inside your phone.
mon_iker said:
What is "garbing"?
Click to expand...
Click to collapse
Sorry it was a typing mistake. it will be grabbing
kk9999gada said:
No, I don't think any app will grab your key strokes. However while typing with Swype Keyboard or some other may store your key strokes just to make you more efficiently but it does not saves your passwords.
You can do one thing is download Android Assistant and open the third tab in it there you will find Permissions open it and see which app has access to what inside your phone.
Click to expand...
Click to collapse
Ok. Is it guarantied that Android assistant will have all the permission infos of all the apps?? I mean is there any possibility to hide this permission infos and to grab all the keystrokes or password? Or android don't permit to grab the password type data by any app? I know at the time of installation it shows the permissions the app needed. But is there any way to hide a permission but to use that?
Jayadratha Mondal said:
Ok. Is it guarantied that Android assistant will have all the permission infos of all the apps?? I mean is there any possibility to hide this permission infos and to grab all the keystrokes or password? Or android don't permit to grab the password type data by any app? I know at the time of installation it shows the permissions the app needed. But is there any way to hide a permission but to use that?
Click to expand...
Click to collapse
Not sure but as far as I know Android will not save your passwords. But the web browser may save them if it is enabled in settings. I am sure that none of the information that you type will not be sent to third parties. Everything is safe in Android.
Using XPRIVACY*****won't be adding any more stuff to this guide for a while. will continue this when i have enough free time*******
XPRIVACY is undoubtedly the best privacy app out there. Its because of the options it supports almost all the android versions.
But it is not as easy to understand as App Ops or Pdroid privacy guard. Thats why inspite of my many attempts to use it, i gave up after few hours or days and switched back to App Ops.
It has come along way from when i made those attempts, it has become more user friendly and interactive but so many options which is its biggest plus point, also makes it hard for new users to switch from other privacy app to XPRIVACY.
I recently made a small guide about HOW TO USE APP OPS MORE EFFECTIVELY.
So the next obvious step was GUIDE on XPRIVACY. i have been putting it off from many days but now no more will add more videos whenever i can but its about time i that i finally get started with it.
I hope this guide will help my fellow XDA members to make the required switch or to introduce them to the world of XPRIVACY
Installation instruction, minimum requirements and other usefull stuff can be found at the official thread of XPRIVACY
What this Guide is ABOUT???
>This guide is for NOOB users, so that they can understand how to use XPRIVACY. Also as i ahven't purchased the PRO version yet this huide will only cover functions of FREE version. I will be buying the PRO version soon and then it will cover use of PRO features as well
>I will try to explain different restriction using different apps.
>Examples will be video of the app with and without those restrictions and the effect that those restriction will have on that app
>NOTE 1 - this is not full blown guide and it is just to get you started. However it can turn into full blown guide depending on the inputs from various users and also after a certain time as i get better in using this app.
>Note 2: Differnet categories are explained using different app. Most of the times category name will be used as heading as you can see in 3rd point, but at some places where permissions like location, contacts , clipboard etc are explained i will use these words only as these words will result in easier understanding.
> More and more videos will be added as i find the appropriate app and a way to demonstrate the use of a particular permission using that app.
LETS STARTYoutube playlist link
1) Faking or restriction location
I am pretty sure this is going to be very useful to many people for playing location based games or to become mayor of certain place in foursquare and i am sure you can think of using it in many other apps.
Please note that you cannot fake location for some apps like google maps and facebook. these are the only two apps that i know of. you cannot fake location for these two apps but you can restrict it.
Also as you can see in the video you will be able to fake location in foursquare but when you will try to access google maps view from inside Foursqaure app you will get no location. But still you can check in and get suggestion from foursquare based on your fake location. default fake location is CHRISTMAS ISLAND. but you can change it through XPRIVACY(which is covered in the video).
2) Blocking access to the different accounts configured in your device
For this i have used Chrome beta as you can see in the video that blocking the account permissions will result in chrome not seeing the different google accounts that are present on my device. Thus i am unable to sign in chrome beta to sync my bookmarks and other stuff.
You can use this to block access from those app which try to gain access to the different accounts configured in your device.
Note: if you block access to 9gag, Ifunny etc apps like these for which you sign in using your configured google account. You wont be able to sign in those apps as these apps won't be able to see the configured account.
Although if a you sign in using username or email id which you use only for that particular app. You can block restrict this permission as it will have no negative effect on that app behaviour
3) Xprivacy Category - View Browser
For explaining what this permission does i have used DIGG app. This permission will restrict app from opening external links. or more precisely hyperlinks from withing app. If this permission is restricted you will be displayed warning from xprivacy when you try to open any link from withing the app(shown in the video).
4) More Videos to come soon..........
More videos to be added whenever i can find time and based on users input. I am also a beginner when it comes to XPRIVACY so be patient with me and if you have any ideas to make this thread better please do share it with us.
Once you have enough understanding to use Xprivacy on daily basis you can head over to XPRIVACY thread and post you advanced question there.
Currently i have some personal stuff to take care of so updating this thread is on hold. Will update it with more videos as soon as i can. I have made the videos just need to edit them and upload.
Reserved
reserved
Other Useful threads by Me
[GUIDE] Using Apps Ops (or Privacy Guard) 4 blocking wakelocks & saving battery
[App] Samachar - Indian News app and more
thanks
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
drreality said:
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
Click to expand...
Click to collapse
You can block internet permission. That will block ads but that can also make app useless if it needs internet to function.
Why don't you use adaway or adblock pro to block ads?
I know this is a dumb question but I've been using Xprivacy for a few years now and I never could figure out what the two boxes to the right of the application names are for. I believe one is for restrict and one is for allow? If someone could let me know which each of those boxes means it would be much appreciated.
Good question. The two-column system is a later addition to xprivacy and many of the newbie tutorials don't cover it.
Let's take a simple example like location.
For starters, let's say the second column is unchecked. This is the easiest situation to understand. Then what happens depends on the first column.
The first column -- if it's checked then xprivacy will always deny access to location and will instead feed the app fake information as set up in the xprivacy settings.
If however the first column is unchecked then the app will be able to get to your actual location.
This is what you want with an app where the answer to "can it use this permission?" is always the same (either "always" or "never"). Second column unchecked, first column choice telling the app yes or no.
The second column controls the pop-ups that you see with xprivacy. If the second column is checked then you'll get a pop-up asking whether to allow the app the permission or not (whether or not the first column is checked).
There are four choices -- "allow", "deny", "don't know", and "oops I timed out".
"oops I timed out" will give the app whatever the answer in the first column is. You can tell what the first column is because the app says "Timeout will: allow/deny" depending on whether the first column is unchecked/checked.
If you click "allow" in the pop-up then xprivacy unchecks the second column in its settings, unchecks the first, and gives the app access to your true location. The popup will then not appear again unless you recheck the second column in the xprivacy settings.
If you click "deny" then xprivacy unchecks the second column, checks the first column and feeds the app fake location. Again you'll not see the popup again.
If you click "Don't know" then I *think* xprivacy denies access (whether or not the first column is unchecked) and leaves the second column checked, so it will ask again the next time.
How did I find this out? Well I didn't read it from a FAQ! I just downloaded xprivacy yesterday and I found it incredibly difficult to work out from scratch. In the end I just downloaded an app which prints out your gps location and nothing else, and I just experimented with it. The above is a report on my conclusions. I hope it helps other people because it is the post which I wish I could have read this time yesterday.
Note that other permissions might work slightly differently. For example it is not really possible to feed an app fake internet information, as this would require carrying around a fake internet on your phone. You can get a quick idea about what data can be faked by looking at the xprivacy settings. For example, you can fake your phone number and your MAC address. But as I've said you can't fake your internet and you can't fake your storage either -- which is quite a good idea because if you pretend to let an app write to your SD card and then pretend to let it read it and it can't find what it just wrote, this is bound to lead to trouble, probably more trouble than if you'd just denied it access in the first place.
Nice tutorial
@yannick.12
Many many thanks for you're well explained tutorial.
This is was definitley needed because is still (incredibly) very hard to find out some good guide out there, expecially for the "second column" options, as you mentioned.
Thank you, again my friend :good:
I got also another question (if someone knonw the answer) about the "shared rules". I mean, if I download the rules for some app, from the XPrivacy server, it's supposed to be the settings that someone has configure, ok. But what if I send my rules and, later in time, I download it again for that app? I got my rules (the rules that I uploaded before) or I got the " common" rules setted shared by the XPrivacy?
Sent from my Xperia E4g using XDA-Developers mobile app
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
rUx_Gaming said:
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
Click to expand...
Click to collapse
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
rUx_Gaming said:
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
Click to expand...
Click to collapse
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
rUx_Gaming said:
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
Click to expand...
Click to collapse
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
My phone doesn't seem so. Here's how it looks like in the app settings.
Hello.
You download an app, it gives you a big list of what permissions it wants, and you can either agree to it or not use the app...
Is there someway of limiting those permissions? Or provide fake permissions?
Like in most iphone apps you can choose if you want to allow gps, contacts, etc.
I am searching for an app thats will limit those permissions prior to installing it. Won't do me any good if I want to deny contacts access but I do it after its already taken it.
Cheers and thanks
P.S. I'm using a rooted LG G2 d802 with android 4.4.2
I don't think it's possible, even Google's last Play Store update doesn't reveal every single permission when you update stuff, dunno if this limitation affects it or no.
You can use "app ops" (search for it in google play). It is a hidden menu from android os. Obviously it works after installation (iOS works the same, you first install the app and later you decide which permission accept/deny).
PoOoZaQ said:
Hello.
You download an app, it gives you a big list of what permissions it wants, and you can either agree to it or not use the app...
Is there someway of limiting those permissions? Or provide fake permissions?
Like in most iphone apps you can choose if you want to allow gps, contacts, etc.
I am searching for an app thats will limit those permissions prior to installing it. Won't do me any good if I want to deny contacts access but I do it after its already taken it.
Cheers and thanks
P.S. I'm using a rooted LG G2 d802 with android 4.4.2
Click to expand...
Click to collapse
Try to search "3c toolbox" in Google.
This app has many integrated tools within it.
You can change permission also.
Good luck
Hi there,
I am a newbie with Android and smart phones.
As an old-school tech, from Windows 3.0 to Gnu/Linux, I want for long time avoid all GAFAM stuff and keep a bit of privacy and security.
I came across the Exodus site and try to find app with zero tracker and minimum permission.
Do you care about that?
Do you use FOSS apps?
Do you have a list of usual apps that fulfill your need AND privacy?
Any help, advise, list of apps (browser, messaging, files management, maintenance, ...) are welcome.
Thank you
IMHO it doesn't matter where you fetch apps from: F-Droid, Google Play Store, etc.pp.
Apps typically request normal premissions and dangerous permissoins.
Dangerous persmissions are
READ_CALENDAR
WRITE_CALENDAR
CAMERA
READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
RECORD_AUDIO
READ_PHONE_STATE
READ_PHONE_NUMBERS
CALL_PHONE
ANSWER_PHONE_CALLS
READ_CALL_LOG
WRITE_CALL_LOG
ADD_VOICEMAIL
USE_SIP
PROCESS_OUTGOING_CALLS
BODY_SENSORS
SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
jwoegerbauer said:
and only become activated if user clicks ALLOW to them: so it's on user what permissions can be used by an app.
So-called normal permissions get allowed by default without any user interaction.
Click to expand...
Click to collapse
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
MrNice said:
I you sure only normal permissions get allowed by default without any user interaction? and where can I separately allow or deny them? Is there a place where all these permissions are explained and what I'll block in the app when denied?
What about tracker? Is it possible to deactivate them?
I think trackers are more intrusive than permissions. Am I right?
Click to expand...
Click to collapse
Yes, only normal permissions get allowed by default, the apps will ask for the rest of them and you can deny them if you want. Also the only way to disable trackers is with aurora appwarden or trackercontrol, but sometimes the apps with disabled trackers could crash.
@MrNice
an app only can track you if it has the related Android permission granted to do so.
The Penguin said:
Also the only way to disable trackers is with aurora appwarden or trackercontrol,
Click to expand...
Click to collapse
jwoegerbauer said:
an app only can track you if it has the related Android permission granted to do so.
Click to expand...
Click to collapse
Hummm, for me, these 2 sentences look like an oxymoron.
Could you explain?
My last 2 cents here:
An app doesn't have trackers, it only has granted permissions, but an app may behave as tracker - where it doesn't matter whatever it will track - if it got granted the related permissions.
Have a nice day.
I use Karma Firewall to log/see what's accessing the internet and block it if needed.
Many don't need internet access to be functional.
Some of the worst offenders I uninstalled.
Gookill is the worst offender, I keep Google play Services and Playstore disabled 99% of the time.
Some freeware apps are perfect. They do nothing except what they're suppose to do and never attempt internet access; keepers.