Hi to all, i have maybe a noob question but if someone can ask me i ill appreciate.
When a app have permissions to read browser and bookmarks, they read from any browser instaled on phone or just from native browser??
It´s normal social apps ask for this permissions???
Thanks in advanced
Hey, the official permission description isnt that useful with this permission. In general, every app got its own "area", where data is saved. Without root, there's no way for other apps to get into this area.
Due to this, the permission should only grant access to the built-in browser's history and Bookmarks.
The reason why social media apps ask for this permission, is, to my mind, very obvious, as social networks are always mining data to track its users. So why collect data if you can easily get the users interests by reading his/her history? [emoji6]
Hey, very thanks for your help i really appreciated that.
Cheers
Sent from my SM-N910F using Tapatalk
Related
I just got my first android phone recently, and I've gotten pretty hooked on Grooveshark.
Unfortunately I have a very limited data plan, and as such I need to be sure it doesn't keep streaming if I accidentally lose my Wifi connection.
Does anyone know of any program that could maintain a blacklist/whitelist of apps that are allowed internet acces, that's also dependent on the nature of the current data connection?
After further searching I found DroidWall
I don't know of an application that meets your specific criteria, but perhaps you could achieve your goal with 'Tasker' . It's not an free app, so I suggest you ask around on its forum first.
Droidwall does it
BiggJ said:
After further searching I found DroidWall
Click to expand...
Click to collapse
I use Droidwall, and if I forget and install a new app I go through a "Why doesnt this work" then remember droidwall, open up that app, and it does. There's a widget that lets you toggle the wall on/off. also useful for something that doesnt really need to access the internet, like a game. Lookout might also work, but I havent really dug in to everything it does.
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Kblavkalash said:
Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Kblavkalash said:
So i am just wondering, there are so much different apps for android on the market, and most of them has a lot of access to phone's functions. Now for example i am always logged in to Gmail, and theoretically can a random app scan and copy my gmail's data and send it trough internet? Really curious..
Click to expand...
Click to collapse
edit
MichaelTunnell said:
This question is not really an issue of Android security this is a question about general security. Can an app look at your gmail app directly and copy data and send it out...not exactly no, an app can't forcibly connect itself to another app to scan data.
However...
That question is actually not relevant because such a task is unnecessary for malicious apps. Lets say you install a malicious app that wants to copy your gmail data. What it will do is not watch the app itself but it will watch the network packets being sent to and from the app, logging and tracking those.
This is not the only way to get the data though because any data saved on your sdcard is accessible from an app if you give it permission to do so.
The MOST important thing to look at when installing an app is the permissions the app is requesting when it installs. This can be confusing as well because some apps will request full internet access because they need it but this can also be used by a malicious app to steal your data.
The important thing to do is research. The more you learn about the app the better off you are.
-------
Just to clarify, this applies to all apps of any kind on any platform including but not limited to Android, iPhones, Blackberry, Windows Phone, WebOS, Windows PC, Mac OSX, Linux or etc. - ALWAYS learn as much as you can and are comfortable with before installing anything...if you are not comfortable with a particular app or learning more about it then don't install it. That is not to say it may be malicous, it is just to say it could be a bad idea for other reasons. (for example, if it is a developer tool or a configuration tool that you don't understand or haven't researched enough to understand...then you could potentially damage your device with something that is a legitimate tool)
Click to expand...
Click to collapse
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Security Apps
Hi,
in my eyes the best way is to use programs like PDroid. You cann adjist the rights of every App regarding send SMS for example.
LBE Privacy Guard may be also an Option. (runs not on my Device - SGS+)
(i use Pdroid 2.0)
you should also read the comments in the store, and the needed rights from the app before install. The best Apps to trust are open source apps.
Kblavkalash said:
Good answer, you are right!, but you say do a research before installing, but it's not really possible unless you are a programmer and checking whole code The best rated apps still have many different permission requirement and i have no idea what they are doing.
For example app can request a new password change for example on paypal and steal packets which come to my gmail about new password.^^
Click to expand...
Click to collapse
Research generally involves a Google search...
Editor's Choice in the market are safe bets, you know, the blue icon.
But then there are the millions of other apps, and frankly, I tend to toe the app name plus xda for instance, Google will show you xda threads about the app, if the posts are normal, you can be sure it's not malicious.
Stuff like that...
Also, fake market comments are really easy to spot and are a dead giveaway
Sent from my GT-I9000 using xda premium
Using XPRIVACY*****won't be adding any more stuff to this guide for a while. will continue this when i have enough free time*******
XPRIVACY is undoubtedly the best privacy app out there. Its because of the options it supports almost all the android versions.
But it is not as easy to understand as App Ops or Pdroid privacy guard. Thats why inspite of my many attempts to use it, i gave up after few hours or days and switched back to App Ops.
It has come along way from when i made those attempts, it has become more user friendly and interactive but so many options which is its biggest plus point, also makes it hard for new users to switch from other privacy app to XPRIVACY.
I recently made a small guide about HOW TO USE APP OPS MORE EFFECTIVELY.
So the next obvious step was GUIDE on XPRIVACY. i have been putting it off from many days but now no more will add more videos whenever i can but its about time i that i finally get started with it.
I hope this guide will help my fellow XDA members to make the required switch or to introduce them to the world of XPRIVACY
Installation instruction, minimum requirements and other usefull stuff can be found at the official thread of XPRIVACY
What this Guide is ABOUT???
>This guide is for NOOB users, so that they can understand how to use XPRIVACY. Also as i ahven't purchased the PRO version yet this huide will only cover functions of FREE version. I will be buying the PRO version soon and then it will cover use of PRO features as well
>I will try to explain different restriction using different apps.
>Examples will be video of the app with and without those restrictions and the effect that those restriction will have on that app
>NOTE 1 - this is not full blown guide and it is just to get you started. However it can turn into full blown guide depending on the inputs from various users and also after a certain time as i get better in using this app.
>Note 2: Differnet categories are explained using different app. Most of the times category name will be used as heading as you can see in 3rd point, but at some places where permissions like location, contacts , clipboard etc are explained i will use these words only as these words will result in easier understanding.
> More and more videos will be added as i find the appropriate app and a way to demonstrate the use of a particular permission using that app.
LETS STARTYoutube playlist link
1) Faking or restriction location
I am pretty sure this is going to be very useful to many people for playing location based games or to become mayor of certain place in foursquare and i am sure you can think of using it in many other apps.
Please note that you cannot fake location for some apps like google maps and facebook. these are the only two apps that i know of. you cannot fake location for these two apps but you can restrict it.
Also as you can see in the video you will be able to fake location in foursquare but when you will try to access google maps view from inside Foursqaure app you will get no location. But still you can check in and get suggestion from foursquare based on your fake location. default fake location is CHRISTMAS ISLAND. but you can change it through XPRIVACY(which is covered in the video).
2) Blocking access to the different accounts configured in your device
For this i have used Chrome beta as you can see in the video that blocking the account permissions will result in chrome not seeing the different google accounts that are present on my device. Thus i am unable to sign in chrome beta to sync my bookmarks and other stuff.
You can use this to block access from those app which try to gain access to the different accounts configured in your device.
Note: if you block access to 9gag, Ifunny etc apps like these for which you sign in using your configured google account. You wont be able to sign in those apps as these apps won't be able to see the configured account.
Although if a you sign in using username or email id which you use only for that particular app. You can block restrict this permission as it will have no negative effect on that app behaviour
3) Xprivacy Category - View Browser
For explaining what this permission does i have used DIGG app. This permission will restrict app from opening external links. or more precisely hyperlinks from withing app. If this permission is restricted you will be displayed warning from xprivacy when you try to open any link from withing the app(shown in the video).
4) More Videos to come soon..........
More videos to be added whenever i can find time and based on users input. I am also a beginner when it comes to XPRIVACY so be patient with me and if you have any ideas to make this thread better please do share it with us.
Once you have enough understanding to use Xprivacy on daily basis you can head over to XPRIVACY thread and post you advanced question there.
Currently i have some personal stuff to take care of so updating this thread is on hold. Will update it with more videos as soon as i can. I have made the videos just need to edit them and upload.
Reserved
reserved
Other Useful threads by Me
[GUIDE] Using Apps Ops (or Privacy Guard) 4 blocking wakelocks & saving battery
[App] Samachar - Indian News app and more
thanks
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
drreality said:
thanks for this helpful tutorial.
can u please tell me if I could use xprivacy to block adds on apps , cheers
Click to expand...
Click to collapse
You can block internet permission. That will block ads but that can also make app useless if it needs internet to function.
Why don't you use adaway or adblock pro to block ads?
I know this is a dumb question but I've been using Xprivacy for a few years now and I never could figure out what the two boxes to the right of the application names are for. I believe one is for restrict and one is for allow? If someone could let me know which each of those boxes means it would be much appreciated.
Good question. The two-column system is a later addition to xprivacy and many of the newbie tutorials don't cover it.
Let's take a simple example like location.
For starters, let's say the second column is unchecked. This is the easiest situation to understand. Then what happens depends on the first column.
The first column -- if it's checked then xprivacy will always deny access to location and will instead feed the app fake information as set up in the xprivacy settings.
If however the first column is unchecked then the app will be able to get to your actual location.
This is what you want with an app where the answer to "can it use this permission?" is always the same (either "always" or "never"). Second column unchecked, first column choice telling the app yes or no.
The second column controls the pop-ups that you see with xprivacy. If the second column is checked then you'll get a pop-up asking whether to allow the app the permission or not (whether or not the first column is checked).
There are four choices -- "allow", "deny", "don't know", and "oops I timed out".
"oops I timed out" will give the app whatever the answer in the first column is. You can tell what the first column is because the app says "Timeout will: allow/deny" depending on whether the first column is unchecked/checked.
If you click "allow" in the pop-up then xprivacy unchecks the second column in its settings, unchecks the first, and gives the app access to your true location. The popup will then not appear again unless you recheck the second column in the xprivacy settings.
If you click "deny" then xprivacy unchecks the second column, checks the first column and feeds the app fake location. Again you'll not see the popup again.
If you click "Don't know" then I *think* xprivacy denies access (whether or not the first column is unchecked) and leaves the second column checked, so it will ask again the next time.
How did I find this out? Well I didn't read it from a FAQ! I just downloaded xprivacy yesterday and I found it incredibly difficult to work out from scratch. In the end I just downloaded an app which prints out your gps location and nothing else, and I just experimented with it. The above is a report on my conclusions. I hope it helps other people because it is the post which I wish I could have read this time yesterday.
Note that other permissions might work slightly differently. For example it is not really possible to feed an app fake internet information, as this would require carrying around a fake internet on your phone. You can get a quick idea about what data can be faked by looking at the xprivacy settings. For example, you can fake your phone number and your MAC address. But as I've said you can't fake your internet and you can't fake your storage either -- which is quite a good idea because if you pretend to let an app write to your SD card and then pretend to let it read it and it can't find what it just wrote, this is bound to lead to trouble, probably more trouble than if you'd just denied it access in the first place.
Nice tutorial
@yannick.12
Many many thanks for you're well explained tutorial.
This is was definitley needed because is still (incredibly) very hard to find out some good guide out there, expecially for the "second column" options, as you mentioned.
Thank you, again my friend :good:
I got also another question (if someone knonw the answer) about the "shared rules". I mean, if I download the rules for some app, from the XPrivacy server, it's supposed to be the settings that someone has configure, ok. But what if I send my rules and, later in time, I download it again for that app? I got my rules (the rules that I uploaded before) or I got the " common" rules setted shared by the XPrivacy?
Sent from my Xperia E4g using XDA-Developers mobile app
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
rUx_Gaming said:
Is it possible for xPrivacy to allow app's permission? I'm using a phone that runs android 5.1.1 and some apps just don't ask for permissions which makes it impossible for me to access storages. It will only respond that app has no permission to write over storages which makes the app not functional.
Click to expand...
Click to collapse
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
Won't work like that.... And that issue is still there.. Even with pie... App's developer fault..
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
rUx_Gaming said:
Thanks for info. Is there any possible workaround for this other than contacting the devs to fix storage permission issue?
Click to expand...
Click to collapse
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
No, give permission manually from app info
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
rUx_Gaming said:
I guess there'snothing I can do other than look for an alternative app, android 5.1.1 won't let you edit app permission.
Click to expand...
Click to collapse
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Kapiljhajhria said:
I mean give app permission from app's info. I think u can do that... Dont remember 5.1.1 interface now but it should be possible
Sent from my Redmi Note 5 Pro using Tapatalk
Click to expand...
Click to collapse
My phone doesn't seem so. Here's how it looks like in the app settings.
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
The Answer Has been moved to a thread dedicated to security question and other advices to modify safely our Android Devices
Here is the post
Raiz said:
It absolutely doesn't, please don't download them, those are mostly commercial sh*t apps full of ads that plays with the fears of users.
Android Security advice :
• Just don't install apps that you don't trust (apk files and weird looking Google play apps)
• Never share your passwords with somebody not trusted, use a different one for each of you accounts.
Find more here :
https://forum.xda-developers.com/general/security
General security and privacy:
• a VPN isn't a magic app that allows you to go completely invisible, even I can find who you are simply by using your latest Instagram post, the government doesn't have money to spend spying on you anyway
• Public WiFi internet browsing is like taking a bath naked around other people, everybody can see what you're doing and can interact with your browsing by sending you pop up messages on your browser. In that case the VPN is useful. But please don't use anything other than your WiFi network to pay online.
• Change password at least once a year
• For God sake be careful on what you share on social medias !
• If someone blackmails you, just ignore him even if he show you he has your real password/footage of you doing nasty things, most of the time they haven't and tries to scare you. But take action on your account, just don't answer them.
• Not having any of your IRL infos online is a good idea, but it tends to be more and more difficult because of Google assistant, and other Google services that are super intrusive (I mean even with your YouTube Google know your tastes better than your buds). But don't panic, if you're not a terrorist or a criminal you're not risking your life.
Keep in mind that your security is fine most of the time if you have solid password, and you don't give them away, but your privacy is not if you have a social media account of any type. If you post something on the internet, remember it'll stay forever out there, whatever you do !
App that I use to keep my Android phone in good health (install them sometimes to clean up/check on my phone's state then I uninstall them):
Google File Go (cleans files)
AccuBattery (check the battery health)
CPU-Z(has everything you want to know about your device)
When I need to backup an app's data or the entire app:
Titanium Backup
Here you go, I gave you very few the security advises, there are plenty more, don't hesitate to check the internet out for more !
Have a nice day
Click to expand...
Click to collapse
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Sent from my OnePlus7Pro using XDA Labs
spart0n said:
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Click to expand...
Click to collapse
I'll update my first post continuously with every recommendation that'll follow on this thread to create the sort of "Index of Android Security". I created a new thread for security questions
Didn't knew about swift backup, what a great app!
patricia123 said:
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
Click to expand...
Click to collapse
Viruses don't really exist in android. You can be targeted with malicious code but that is only if you open, tap on or accept something without knowing what it is.
For instance, someone could send you a link or a photo that has malicious code embedded in it, when you open it or accept it, then the malicious code has access to your device and your data.
As long as you know that you are dealing with a trusted source, you should be fine. But, if you are the kind of user that goes all over the internet opening things without knowing what it is, you will quickly find yourself targeted by malicious code.
Become a responsible, informed user that is aware of the dangers and what kinds of things can be a problem and you should be fine.
Sent from my SM-S767VL using Tapatalk
Hello Everybody,
I would like to ask a question about Android Apps permissions:
If I deny one permission for a particular App, does that mean the App has zero access to the denied permission?
Or is there a possibility for the App to bypass the permission restriction and access the user Data anyway?
Is our Data really safe and respected by Apps whe we deny certain App permissions?
I would like to have a good understanding about the accuracy of Android Apps permission restrictions.
Please let me know.
Thank you
What permissions an app has is determined by app's developer. These are by default granted, but can get revoked by user - what may lead to fact that app no longer works.
Each app runs in a sandboxed VM therefore basically it only has access to the data tied to it, means app A can never access app's B data. User data like photos, musics, videos etc.pp typically can get accessed by all apps because they aren't specific to an app.
jwoegerbauer said:
What permissions an app has is determined by app's developer. These are by default granted, but can get revoked by user - what may lead to fact that app no longer works.
Each app runs in a sandboxed VM therefore basically it only has access to the data tied to it, means app A can never access app's B data. User data like photos, musics, videos etc.pp typically can get accessed by all apps because they aren't specific to an app.
Click to expand...
Click to collapse
Thank you for taking some of your time to explain this to me. I appreciate it.