[CONCEPT] xPrivacy APK Builder - Security Discussion

I thought about this one multiple times and finally decided to open this thread.
My idea is for those people that aren't able to root their devices. Apart from the warranty side there are various reasons not to do so:
KNOX
Company-owned devices?
Closed BL
Internal counters (e.g. Samsung devices)
...
So rooting won't be easy with one of the above situations.
The concept is to decompile the APK, build a modified one frome the "old" resources and include the xPrivacy APK Builder "Controll Service" and install this. Another Controll App is then able to give the Service in the modified App commands, what device-specific value it should spoof.
The concept mainly builds on the SRT App Guard that is used to take permissions from apps away. It does this e.g. by spoofing the mobile phone number to 123456 as well as the IMEI and IMSI (if READ_PHONE_STATE is in AndroidManifest and disabled by AppGuard).
It would be really nice if it were possible to manage which data should be spoofed from another App without root.
What do you think about this idea?
Greetz

Awesome idea. But who is able to make your idea real?

Related

[Q] security of rooting apps and custom roms

Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
kbntk said:
Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Click to expand...
Click to collapse
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
Elzbach said:
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
Click to expand...
Click to collapse
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Thank you for your replies guys.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
kbntk said:
Thank you for your replies guys.
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
Click to expand...
Click to collapse
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
jcase said:
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
Click to expand...
Click to collapse
Well I stand corrected.
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
I could be completely wrong
But as I understand dev a pick the permissions they need for the app to work correctly. They declare the permissions they need to the Android system. And then they can only use those permissions and no others. However they don't need to use all of the permissions but they can if they want to.
Btw apps from google play are in no way safe.it has no bearing if you do or don't have apps from unknown sources on your device. fact is google in no way checks the source code of apps on the play store.now maybe the run a virus checks but honestly that means nothing as moron could code in malicious code that would not trigger a scanner (and Trojans are far more prevalent for Android than viruses). If the source code is not available then no one knows what an app could be doing.
90% of my apps come from fdroid, who builds everything from source.
In the discussion above I should also note (but could be wrong about this completely) that system apps (the ones that come with your phone) all have root(administrator) permissions by virtue of being system components.
So rooting may decrease your security but personally I think factory roms are far too unsecure to start with and will never have a device that is not rooted. The benefits far out weight the risks for the careful user. Until such time as the source code is released.
Unless you trust google, face book, Samsung, Twitter, and a host of other baked in developers who get to put apps on your phone at the factory.
Or Apple who has their own way of making money off your every move, or microsoft with win 10 that also sells your habits.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Without root you can't add any security to Android. Which has very little security to start with. Permissions are vague and can't be denied on a per app basis short of not installing the app.
System apps have no way of being removed without root unless you do it before flashing, and without root you can't do a complete backup of your system.
Even if you don't root a device yourself Trojans can gain root with many of the same exploits, root themselves and cause whatever havoc they desire.
An app only gets root if you allow it even after rooting your device. It will pop up and ask you if you want to allow or deny or always allow or deny. a Trojan that can create root will do can do it regardless if you root your device yourself, I have no idea if such a Trojan tried to get root if supersu, or superuser will pop up and ask.
A firewall requires root and that alone is worth rooting for me.
But then I have very few apps that I allow online.
Can root cause serious damage to your device? Yes
Can you administrator your device without root? No
Every Linux has root capabilities,
if you own it you should be able to administer it to the best of your abilities and to do that you need root.
Custom Roms are updated far more often that oem roms and as such generally have the newest fixes and updates for security.come that to factory roms that may update once or twice in their expected lifetime, regardless of how many security holes are found in the rom.older devices(read older as a synonym for 2 years old) may never get another update and the only way to protect yourself with out a custom Rom is to buy a new device.
For example Android 5.01 has a major memory leak.and even with that and other bugs and security issues Samsung had not updated the north American galaxy s5 (just over a year old,) above 5.01 yet and may not until marshmallow comes out (Which will mean almost a year after the security and memory leak were found). And until then you walk around using a device with major security issues and a major memory leak.
XPrivacy is not about Security. "Security" is never linked to Xprivacy on Github. "XPrivacy can prevent applications from leaking privacy-sensitive data". Saying the opposite is a lie.
Whether you have root access or not you can almost do nothing against serious attacks BUT having root access allows you to control some things like Internet connection, restricted access,...
Finally do not confuse Custom ROMs and Root. You can run a custom rom without root and vice versa. As explained above custom ROMs are more updated so you can enjoy more patches and new security features like SElinux.
Kayak83 said:
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
Click to expand...
Click to collapse
Go to F-Droid or fossdroid instead of Google Play to avoid crappy apps and unwanted connections. Apps on F-Droid are safer. Google has an automatic system to scan apks when they are uploaded but it doesn't detect everything... Be sure that if you didn't update the version number of your apk you will be blocked though lol
Permissions are stored in the AndroidManifest.xml. If the developer doesn't want to state the permissions he needs then nothing will be shown into the Manifest. That's why it's important to use 3rd party apps to control what apps really do.
Would never use my phone without a firewall installed. I want to have control over what apps can access the net and which cannot.
So rooting is a must for me.
Have no gapps installed and privacy is important to me.
Semseddin said:
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Click to expand...
Click to collapse
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly transmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
optimumpro said:
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he probably knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do with your device. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly tramsmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
Click to expand...
Click to collapse
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Semseddin said:
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Click to expand...
Click to collapse
Most of the time the answer is yes. Also, you could be a developer yourself meaning you can compile your rom from sources with your own modifications. OEMs have user's security on the back burner. Their goal is to monetize the user and in case of mobile devices, there is no way to monetize the user without compromising security. The beauty of a published source code is that anyone could examine it and they do (even if it is not you yourself). Look at businesses: the majority of them use neither windows nor apple. They use Linux, because linux does not monetize the user and it is open sources and by the way, it is maintained by "hobbiest" developers. And naturally, because of this Linux has a vastly superior security and virtually no viruses.
Google is malicious and incompetent, but luckily, Android is based on linux and most of the code there is from linux.
This is of course a separate from root issue, which remains simply an issue of control: whether you want to be in control of your device or not. You can't name any OS that does not provide root to the user out of the box... Just because some (or most) smart phone dumb users don't know what they are doing does not mean that everyone should be denied root on their devices... And by the way, most Google engineers also don't know what they are doing and had it not been for Linux and the community at large, google wouldn't be able to produce anything that moves...

App uid sharing is a security risk.

Most things that restrict actions in Android use the applications uuid to identity it.
UUID is an immutable representation of a 128-bit universally unique identifier (UUID).
However recently I installed firefox and firefox beta..
Both share the same uuid..
And when I installed firefox beta. It gained all the rights and permissions and internet access that firefox had..
Both applications are installed on my device both run separately
But I cannot secure one with out the other getting the same security access.
If you look at system files many of them have the same uuid
That is a huge security issue with Android..
Is there a way to assign a new uuid to a application
Even if you have to rebuild the apk?
(Almost everything I have is open-source so I can build it from scratch if required)
In android, apps can share the UUID by declaring it in the manifest:
android:sharedUserId
The name of a Linux user ID that will be shared with other applications. By default, Android assigns each application its own unique user ID. However, if this attribute is set to the same value for two or more applications, they will all share the same ID — provided that they are also signed by the same certificate. Application with the same user ID can access each other's data and, if desired, run in the same process.
So if you just resign the APK with a different certificate (you can quickly generate one) they won't share the same ID anymore (because you don't have the mozilla certificate)
And FYI, it is not a security issue. In fact, it is an added security measure. Because apps that need to communicate with each other can share the same memory space and filesystem. The security is based on the signature of the app. So it is as strong as your ability to not leak the certificate
h4oxer said:
And FYI, it is not a security issue. In fact, it is an added security measure. Because apps that need to communicate with each other can share the same memory space and filesystem. The security is based on the signature of the app. So it is as strong as your ability to not leak the certificate
Click to expand...
Click to collapse
Except that many apps can be installed under the same id number.
If they where given a completely unique number for every app installed then I would agree
But that is not the case.
Multiple apps with the same id is just bad security
It's like giving two different people the same identification because they share an office.
I will look into resigning some apks and see what I can find.
Thank you for the info.
nutpants said:
Except that many apps can be installed under the same id number.
If they where given a completely unique number for every app installed then I would agree
But that is not the case.
Multiple apps with the same id is just bad security
It's like giving two different people the same identification because they share an office.
I will look into resigning some apks and see what I can find.
Thank you for the info.
Click to expand...
Click to collapse
Signatures have nothing to do with uid. If you have the same app with a different signature, you will simply not be able to install them together. Uid has to do with app's internal name like com.xxx. Apps with the same internal name will always have the same uid (like firefox stable and beta) and different apps will always have different uid, except for some system apps that come from os makers, which is true for many, if not all os. A third party app will never have any of the system app uid. So, there is no security issue at all.
ukanth talked about the android:sharedUserId attribute.
Android's documentation says that apps have to be signed by the same certificate.
Having the same package name (or a similar one) is not mandatory to share the same UID (example: dev tools & fused location).
Firefox and firefox beta..
Two similar apps
Same uid last time I installed both..
So a unscrupulous developer could create a separate app with separate functions with the same uid and if you installed it where would you be?
And god knows that no one ever has an issue with developers creating unscrupulous apps that try to get data from your device.
nutpants said:
So a unscrupulous developer could create a separate app with separate functions with the same uid and if you installed it where would you be?
Click to expand...
Click to collapse
He could only do that if both apps were his, and if both apps were his, he doesn't gain access to anything that he didn't already have access to.
nutpants said:
Firefox and firefox beta..
Two similar apps
Same uid last time I installed both..
So a unscrupulous developer could create a separate app with separate functions with the same uid and if you installed it where would you be?
And god knows that no one ever has an issue with developers creating unscrupulous apps that try to get data from your device.
Click to expand...
Click to collapse
Your scenario is impossible. Firefox can only obtain permission from another firefox and both must be made by the same developer. And Firefox cannot get permissions from apps made by others.
optimumpro said:
Your scenario is impossible. Firefox can only obtain permission from another firefox and both must be made by the same developer. And Firefox cannot get permissions from apps made by others.
Click to expand...
Click to collapse
Firefox is an example.
But a similar situation could come from any developer.
Develop one good popular app
And one data mining, soul stripping life stealing app with the same uid and maybe even a hidden icon..
Personally I give apps only the access the need. Not what they ask for.
With marshmallow everyone can restrict information
But you can not when two apps share the same uid.
For example Firefox stable had no serious privacy holes
Firefox beta could. It's beta.
Two apps one uid..
Bad idea..
nutpants said:
Firefox is an example.
But a similar situation could come from any developer.
Develop one good popular app
And one data mining, soul stripping life stealing app with the same uid and maybe even a hidden icon..
Personally I give apps only the access the need. Not what they ask for.
With marshmallow everyone can restrict information
But you can not when two apps share the same uid.
For example Firefox stable had no serious privacy holes
Firefox beta could. It's beta.
Two apps one uid..
Bad idea..
Click to expand...
Click to collapse
"Develop one good popular app. And one data mining, soul stripping life stealing app with the same uid and maybe even a hidden icon."
But that doesn't make any sense. If there is another (bad) app by the same developer with the same com.name, it will install only on top of the good one and it will be a totally different app. By the way, beta firefox shouldn't have the same uid as stable (unless they, as a big developer, have a special arrangements with Google, so that their certificate is preinstalled, but you don't really think that firefox would need another app to steal your data, they can do it anyway). Also, what's the point of having both firefox beta and stable? It is bad for system. Firefox is known to stay in the background after you exit it, unless you literally kill it with a specially configured back button. So, now, you have 2 web browsers in the background.
optimumpro said:
"Develop one good popular app. And one data mining, soul stripping life stealing app with the same uid and maybe even a hidden icon."
But that doesn't make any sense. If there is another (bad) app by the same developer with the same com.name, it will install only on top of the good one and it will be a totally different app. By the way, beta firefox shouldn't have the same uid as stable (unless they, as a big developer, have a special arrangements with Google, so that their certificate is preinstalled, but you don't really think that firefox would need another app to steal your data, they can do it anyway). Also, what's the point of having both firefox beta and stable? It is bad for system. Firefox is known to stay in the background after you exit it, unless you literally kill it with a specially configured back button. So, now, you have 2 web browsers in the background.
Click to expand...
Click to collapse
Check out Firefox and firefox beta..
Different names, different app.Same developer, Same uuid
Both together on your device at the same time.
Unless there is something wrong with my nexus
You can get both from Google play and see for yourself.
Which means that any developer could do it.
The next question would be how secure is the app signing method. Can it be duplicated? Coerced ? Or just commandeered by the fbi on the off chance some one committed a crime that could support terrorism.
Uuid sharing bad idea.
How does Android assign the uuid to each app?
And yes I test beta apps to see if they have fixed bugs that are present in stable
I support open source every chance I can.
nutpants said:
Check out Firefox and firefox beta..
Different names, different app.Same developer, Same uuid
Both together on your device at the same time.
Unless there is something wrong with my nexus
You can get both from Google play and see for yourself.
Which means that any developer could do it.
The next question would be how secure is the app signing method. Can it be duplicated? Coerced ? Or just commandeered by the fbi on the off chance some one committed a crime that could support terrorism.
Uuid sharing bad idea.
How does Android assign the uuid to each app?
And yes I test beta apps to see if they have fixed bugs that are present in stable
I support open source every chance I can.
Click to expand...
Click to collapse
Signing process cannot be replicated. However, if you use Google services (including Googleplay), then it is possible to have Google sign a modified application to take over your phone, but this could be defeated completely by removing google services and google services framework and using roms and apps that you have compiled by yourself. Moreover, before compiling, you will have to re-generate all build keys (test key, platform key and media key). In this case, the only way to take control over your phone would be over the air through the operator's sim card and if that fails, then through the king of all - baseband/modem...
nutpants said:
Check out Firefox and firefox beta..
Different names, different app.Same developer, Same uuid
Both together on your device at the same time.
Unless there is something wrong with my nexus
You can get both from Google play and see for yourself.
Which means that any developer could do it.
The next question would be how secure is the app signing method. Can it be duplicated? Coerced ? Or just commandeered by the fbi on the off chance some one committed a crime that could support terrorism.
Uuid sharing bad idea.
How does Android assign the uuid to each app?
And yes I test beta apps to see if they have fixed bugs that are present in stable
I support open source every chance I can.
Click to expand...
Click to collapse
Just to clear the record: previously I said that signatures make no difference to uid. This was not entirely correct.
Signatures identify a unique developer. Package name/internal app name identify a unique application. The only way an app can get a shared uid is if it has the same signature, i.e., made by the same developer. In other words, an app cannot have a shared uid with an app by another developer.
Now, security: apps using a shared uid share data/database with each other; they also share the same permissions. This creates no additional security threat.
Your example of a dev creating a good app and then adding a bad/data stealing app that would have the same permissions as the good one. This absolutely makes no sense, as data stealing features could be easily implemented in the good app. In addition, the bad app cannot have higher level permissions than the good one.
If you, however, don't want to have shared uid for 3rd party apps, there is an easy way do that: all you need is to sign any third party app with your own signature, which will prompt android to assign a different uid.
optimumpro said:
If you, however, don't want to have shared uid for 3rd party apps, there is an easy way do that: all you need is to sign any third party app with your own signature, which will prompt android to assign a different uid.
Click to expand...
Click to collapse
So if I sign firefox beta, it will automatically have a different uuid,
What happens is I also sign the original Firefox also?
Will that cause the uuids to again be the same or will they both be different?
Can a apk be signed from an Android device?
Is there any other way to change how Android assigns uuids to apps?
(Ie force Android to assign new uuids to every app, extract the rom and change the uuids on the apks so every apk have a truly unique id (which I would expect form something called universal unique id)
Why would anyone ever want a uuid to be shared with another app (Even system apps)?
Thanks for the info btw..
nutpants said:
So if I sign firefox beta, it will automatically have a different uuid,
What happens is I also sign the original Firefox also?
Will that cause the uuids to again be the same or will they both be different?
Can a apk be signed from an Android device?
Is there any other way to change how Android assigns uuids to apps?
(Ie force Android to assign new uuids to every app, extract the rom and change the uuids on the apks so every apk have a truly unique id (which I would expect form something called universal unique id)
Why would anyone ever want a uuid to be shared with another app (Even system apps)?
Thanks for the info btw..
Click to expand...
Click to collapse
In order to have a shared uid, both apps must have that permission in their manifests. Having this benefits performance and minimizes space on the device. Since android apps run in a sandbox/virtual machine, you can imagine the slowdown if you have system apps with unique uids.
You shouldn't sign the other firefox with the same key , as you will defeat your purpose.
I am not aware of a procedure to sign the app on the device, however, you can search xda. You can certainly sign the app on linux or windows. You can also generate multiple keys for signing.

Need Help: BEEN Infected by MALWARE Lenovo tab model a5500-hv android version 4.4.2

model number : lenovo a5500-hv
android version: 4.4.2
baseband version: a5500-hv.v34, 2014/05/08 22:28
kernel version: 3.4.67
build number: a5500hv_a442_000_011_140508_row
As shared in subject, my tab ANDROID is infected by malware where multiple issues have starting lately
a) Constant popup message stating" Unfortunately, com.system.update has stopped"
b) Constant popup message stating" Unfortunately, org.snow.down.update has stopped"
c) Constant popup displaying to INSTALL application" com.android.keyguard"
d) Automatic checking (on) in Settings> Security> Allow installation of apps from unknown sources, despite my regular check off( its gets reactivated again). Device Administrators viewed are Android Device Manager (ticked), Daemon Service( twice listed- unchecked).
e) Installed Malwarebytes Anti-malware, upon scanning detected these 11 malwares, which it is unable to delete ( Norton is unable to detect those even). Any open app which I try to use after some seconds are abruptly closed.
Malware name- Path
Android/ Backdoor.Triada.c - /system/priv-app/higher.apk ( File linked to be uninstalled- AppManage)
Android/ Backdoor.Triada.js - /system/priv-app/BCTService.apk ( File linked to be uninstalled- bcct_service)
Android/ Trojan.Rootnik.I - /system/priv-app/Bseting.apk ( File linked to be uninstalled- com.android.sync)
Android/ Trojan.SMSSend.ge - /system/app/com.android.token.apk ( File linked to be uninstalled- com.android.taken)
Android/ Trojan.OveeAd.F - /system/priv-app/com.mws.tqy.vsdp.apk ( File linked to be uninstalled- com.system.update)
Android/ Backdoor.Triada.J - /system/priv-app/com_android_goglemap_services.apk ( File linked to be uninstalled- GoogleMapService)
Android/Trojan.Dropper.Shedun.dc - /system/priv-app/parlmast.apk ( File linked to be uninstalled- GuardService)
Android/Trojan.Dropper.Agent.MJ - /system/priv-apk/Sooner.apk ( File linked to be uninstalled- PhoneService)
Android/Trojan.OveeAd.J - /system/priv-apk/com.tsr.eny.hyu.apk ( File linked to be uninstalled- system.bin)
Android/Trojan.Guerrilla.Q - /system/priv-apk/NAT.apk ( File linked to be uninstalled- SysTool)
Android/Trojan.Triada.m - /system/priv-apk/com.glb.filemanager.apk ( File linked to be uninstalled- UPDATE)
PS: If I try to connect to Internet, app icons are downloaded and auto open displaying porn images.
Please assist to REMOVE the MALWARE INFECTION. Tried FACTORY DATA RESET from Settings, but no help. Tab not rooted.
Solution
Last night i got some pesky malwares. For now i think i removed them. Get Avast and see what it can find. After that try to remove the files from file explorer and the most important thing - go to Settings-Security-Device Administrators. From there remove everything and now from Avast you should be able to remove the infected apps. Hope i helped
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Tried cm's stubborn Trojan remover from play store and it did the trick- as in disabled the infected processes but at end took my mail ID with followup request if raised to get the device cleaned from malware. Cross checked from Malwarebytes and kaspersky, and looks seemingly clean with no active culprits. Though not checked with WiFi or data connection through sim.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
The apps require extensive access to the devices on which they run, and they are able to harvest a great deal of data about users’ interests, demographics and location. Cheetah Mobile’s business model is not significantly different from the way in which some major American tech companies such as Facebook monetise their free products. However, Cheetah Mobile is different from American tech companies in that its headquarters are located in China and its data servers are primarily located there as well, and its main business partners are major Chinese tech firms. The Chinese government, according to sources, accesses its companies’ data for internal security, economic competitiveness or other purposes. Cheetah Mobile, and similar companies, represents a major point of entry for China to access American app marketplaces and their users to gather information. However, U.S. government officials in national security and intelligence agencies are highly aware of surveillance and hacking both inside and outside China, presumably coming from actors affiliated with the Chinese state.
Click to expand...
Click to collapse
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Ashish1+1 said:
Thanks, No I did not root my phone but judging by the way removal came (easy) I too was bit surprised with outcome. No sooner I decided to remove the cm app Trojans and malware again became evident meaning it was just being suppressed in a way not removed and now again came back (when removed).
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry to hear this. However I think it is possible that the CM app did its job as those malicious apps have probably already rooted your phone, so CM may have just used that root access without informing you, though whether or not other apps like CM app can still use that root, I'm not sure, it depends if its been left "on". I did watch a video on youtube for CM Stubborn Trojan app and the guy had to root his phone first. (You could try some/several of the root checker apps, if you want to know). So lets assume the CM app worked properly and removed trojan as it could get root without giving you a root request notification.
It's entirely possible that your reinfection is from your external SD card or via some other means eg. your router has had some ports opened or some other means. (Sorry I should have said reset router when I said change router password [do this for all routers you use & update firmware & ensure remote access is off (ref. dirty cow) while you are about it too!]
So I would reinstall CM Stubborn Trojan (lets assume it removes malware as it has root, even if it just blocks them it helps us) so you can then reflash official stock ROM for your country (& update to newest version if available), you must flash the FULL stock ROM so all partitions are reflashed. partial stock or custom ROM will not do this & potentially leave you open to reinfection! Reflash the FULL STOCK ROM is the only way to "easily" be sure you have cleaned the malware from your phone. NOTE: just doing a factory reset will NOT remove the malicious apps if they are in operating system folders, this only works for malicious apps in user data areas! Then you must make sure all possible ways you can be reinfected eg via sync, external SD cards or storage, your PC, router etc are cleaned/blocked/reset/updated
If you are not getting updates for your ROM you might want to consider installing a custom ROM (AFTER you have flashed the stock ROM!) from a reliable & trustworthy source, if available for your model, so that you get security patch updates. But you need to research and consider the risks of things like bricks, security etc for yourself first.
Hope this helps you clean your phone
Sometimes, it's times, it's the firmware itself that is infected
IronRoo said:
Did it root your phone first? Else I can't see how it would be able to get to those apps installed as system. If so, if it was me, I'd unroot my phone at the very least & uninstall the CM apps since they do not have a good reputation so far as data snooping goes and excessive app permissions etc goes.
eg (from The Capitol Forum)
see the alteco report (about investment risks but they ran tests on other apps that didn't do anything, what battery savers don't help!!! :silly: )
https://drive.google.com/file/d/0B_zW4GWDn5wpVDBiLUpDcE9IS0E/view
Now I haven't used the app you quote but if it didn't root your phone then it can't have removed the malware and they are likely up to their old tricks ie the app doesn't really work, they have just been blocked or something. (Ask yourself why aren't there other apps from well known companies that can remove trojans in system on play store?) ANd with their dodgy reputation for ads, & selling user data if it did root your phone you may only be slightly better off!!?? But at least it should only be your user data they are gathering and not your bank account number to try and get ya money like the malware guys!
Anyhow happy for you if you really are free of malware and don't forget to change all your passwords for all accounts, your routers etc else you could be reinfected by the time you read this!
I would reflash the stock ROM to be sure (backup ALL your pics, txts address, whatsapp etc etc)
I would also be interested to know how the app worked, if you can explain it. Did it say it would ROOT your phone? (there is nothing in their write up to say it will, Google would not allow an app that can root on play store, as far as I know) Do you have an app that can read what system apps are installed, like Link2sd? Does that show any of the malicious apk?
Click to expand...
Click to collapse
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Josh Ross said:
In this case, I would agree with just a complete factory reset or ROM reflash. Like it is simply too much of an issue to try removing and recovering everything. Especially, once it's deep within your system....
Click to expand...
Click to collapse
This was what I did finally, I went to service centre and spent bucks. They reloaded the firmware I suppose ( not flashing it) and instantaneously it was as good as new. I think, malware was itself part of original installation like uc browser- it was there. It just activated after some time or may be I clicked on some advertisement while running app and then the hell happened.
Any ways, its working fine, added an adblocker, restricted usage to few apps and keeping my fingers crossed for future.
Sent from my A0001 using XDA-Developers Legacy app
Yeah, the bloatware that you get with some phones nowadays is unbearable. If there is an option, go with a rooted phone, custom ROM, some couple custom solutions for protection and you will be good to go. And they work better than defaults most of the time. Good luck! Hopefully, we will only be hearing good news from you
PGHammer said:
In my case, I have a similar issue - however, it's an infected SYSTEM file - which Malwarebytes spotted (but is unable to remove), and is NOT related to the KingRoot dodgy file. It's actually two different Trojans - both in /system/priv-app (settings.apk and smsservices.apk) - the first is the more problematical. (It's problematical because it's a critical system file/app/service - killing it without a replacement is NOT an option.) How the heck do you replace such a critical system file when it got itself hijacked?
Click to expand...
Click to collapse
I'd reflash stock.

Replacing kingroot with SuperSU

This guide is intended for a common user and it is assumed that the person has no knowledge of code at all or even what Android is
Please keep this in mind while reading this thread
It is not in my nature to spoon-feed. Please understand that I can't answer the same question multiple times for you, use the search button and if you still can't find it then ask here
We're gonna need
Mod Edit - Removed
Thanks for understanding
They will probably update their app now to block the cloned app but when that happens I'll tell you another method
Why am I doing this? I believe the root app should just be an interface between the user and the root app should not act on its own. The user should have choice of what root app he wants and trusts
Kingroot is untrustworthy. It has network access permission, which can be used to download malware. It's fake cleaner slows down your phone. The app runs in the background and drains your battery. It spams your notifications. On top of that it doesn't allow you to get rid of it. It gives a false sense of security. Kingroot is nothing but malware
On top of that it installs purify, another fake app that claims to boost your phone
It doesn't work. Android creates cache because Android needs it. If you clean this cache Android will generate the same cache again. What purify cleans is essential os files that the system has to regenerate
In doing this you waste battery and CPU cycles
And the newly created "junk" as claimed by purify is actually system critical cache that the system will be forced to rebuild if it's deleted
Never use their code, they will harm your device and you won't even know
As a kernel developer, I know how security on android works. Kingroot cannot introduce extra security
Let me phrase this in a noob-friendly way
Android is a dalvik and java hybrid virtual machine running on top of a Linux kernel
Let's call Android the userspace
Stuff like selinux can only protect the userspace. Selinux isolates every app so no app can tell what the other app is doing. This is where anti-virus fails. Selinux isn't going to allow your antivirus to see what other apps are doing
Antivirus does not decompile apks, all release apps made by developers experienced in their field use something called proguard which makes decompiling very hard
Let's imagine an ideal case where the userspace is protected. Even then your kernel is technically "outside" the java VM (not exactly but I'm explaining to the average Joe). The antivirus doesn't even know what the kernel is doing. Even with root selinux won't allow you to read the whole kernel log
Oh, you want to hear more?
Kingroot is not selinux-aware
Many apps won't be able to work if selinux is in place. SuperSU, magisk and phh are fully selinux-aware and all apps work reliably on them
In short kingroot can't even root correctly
Closing for now.

Microsoft Company Portal app in a separate profile? (S7 Oreo, no root)

Hi,
Here's the problem: my company introduced mandatory installation of Microsoft Company Portal application for devices that want to access company mail etc.
I have a private SGS7, and up until now I used Outlook in Secure Folder - this way I could give company Admin rights, but only to the container. Now usage of MS Company Portal app is mandatory, and the damn app detects: a) if device is rooted (it's not, because I like KNOX) b) if it's run from Secure Folder. If either happens, it will refuse to start.
A friend of mine has Xiaomi phone and he used multi-user profiles so that his private stuff can still be private (without company admin over them), but the feature is disabled in SGS7, and to reenable you need root (so, no-go for me).
Do you have any idea how to keep going? Maybe there's some modification that can be made to Company Portal app to disable Secure Folder check? Or some other way to NOT give the company admin rights over entire phone, but still run Company Portal?
Stasheck said:
Hi,
Here's the problem: my company introduced mandatory installation of Microsoft Company Portal application for devices that want to access company mail etc.
I have a private SGS7, and up until now I used Outlook in Secure Folder - this way I could give company Admin rights, but only to the container. Now usage of MS Company Portal app is mandatory, and the damn app detects: a) if device is rooted (it's not, because I like KNOX) b) if it's run from Secure Folder. If either happens, it will refuse to start.
A friend of mine has Xiaomi phone and he used multi-user profiles so that his private stuff can still be private (without company admin over them), but the feature is disabled in SGS7, and to reenable you need root (so, no-go for me).
Do you have any idea how to keep going? Maybe there's some modification that can be made to Company Portal app to disable Secure Folder check? Or some other way to NOT give the company admin rights over entire phone, but still run Company Portal?
Click to expand...
Click to collapse
https://www.theandroidsoul.com/add-multi-user-galaxy-s7-s7-edge-note-7/
Correct me if I'm wrong, but won't installing TWRP trip Knox?
Stasheck said:
Hi,
Here's the problem: my company introduced mandatory installation of Microsoft Company Portal application for devices that want to access company mail etc.
I have a private SGS7, and up until now I used Outlook in Secure Folder - this way I could give company Admin rights, but only to the container. Now usage of MSCompany Portall app is mandatory, and the damn app detects: a) if device is rooted (it's not, because I like KNOX) b) if it's run from Secure Folder. If either happens, it will refuse to start.
A friend of mine has Xiaomi phone and he used multi-user profiles so that his private stuff can still be private (without company admin over them), but the feature is disabled in SGS7, and to reenable you need root (so, no-go for me).
Do you have any idea how to keep going? Maybe there's some modification that can be made to Company Portal app to disable Secure Folder check? Or some other way to NOT give the company admin rights over entire phone, but still run Company Portal?
Click to expand...
Click to collapse
You can try this app: https://play.google.com/store/apps/details?id=com.oasisfeng.island&hl=en_US
And install the MSCompany Portall app inside Island.
Ex novo said:
You can try this app: https://play.google.com/store/apps/details?id=com.oasisfeng.island&hl=en_US
And install the MSCompany Portall app inside Island.
Click to expand...
Click to collapse
This may not work, I don't have anything M$ on any system I own.
However, you could try using Magisk to root the device and then hide magisk/root from the portal using magisk hide feature. I use it on my system and it roots and hides root etc., from my banking and other apps very well.
I take no responsibility for what happens if you do try.
For more info search XDA.
Hi,
I tried with Island, and initally it was quite promising - allowed to install MSCompany Portal, which run and connected to servers. Unfortunately, the app was unable to send proper device information to Intune (serial, phone number etc.), so it's impossible to check device compliance and authorize. This is despite making Island and Company Portal inside Island as device admins
As for Magisk, using Magisk = KNOW blown, so this is not an option.

Categories

Resources