Hi all,
Here is my dilemma, I want to run an app X (e.g. Paper Toss) but it requires capability Y (e.g. my location or phone identity) that compromises my privacy and is not really needed for the core functionality of the app.
It would be great to be able to wrap the app with security wrapper that will allow me to control what actually signals it has access to and what other it just gets fake data (similar to Google Latitude that allows you to set an arbitrary fake location).
Any thought? How feasible it is to implement?
I would think that this is doable, at least with the AOSP based ROMs such as CM.
I would appreciate such a privacy-enchancing feature.
I'd like to see such a feature too. A lot of apps seem to ask for permissions that have nothing to do with the core functionality of the app. See the Wall Street Journal article on smart phone privacy (can't post a link yet) for examples.
I think it would be a good idea to suggest this to CM to see if they would include it. Would you be able to develop this?
Don't know if it is related to this thread or not but Android Police reports about similar upcoming feature of cyanogen
http://www.androidpolice.com/2011/0...rmissions-cue-mass-force-closing-as-a-result/
cm7 nightly 82 allows control (deny/allow/revoke)permissions for individual apps......this if what you're looking for..
Its the new feature mentioned in the post above this one
Hi,
I've recently been paying some attention to privacy-related applications which have been appearing: things like Permission Denied (com.stericson.permissions), Privacy Blocker (com.xeudoxus.privacy.blocker), DroidWall (com.googlecode.droidwall.free) and Connection Tracker (com.borgshell.connectiontrackerfree - I've only just looked at this one).
Each of these applications provides some really good features. Permission Denied is good for blocking certain permissions (though not selecting which permissions at run-time). Privacy Blocker does a great job of identifying the specific operations being attempted within a permission (e.g. getLine1Number etc.) and is pretty good at patching on the phone to provide fake/fixed data. DroidWall is excellent (and I think for most people, entirely sufficient actually, although WhisperMonitor may improve on it). Connection Tracker - I really don't know.
However, each of these have their limitations. Permission Denied isn't very granular with its permissions (although as granular as the Android security model on which it operates). Privacy Blocker is susceptible to code using reflection (I believe) to hide some API calls, as well as requiring the target apps be patched before being run. DroidWall - well, like I said, it's fine.
I was imagining that one way of possibly overcoming some of these limitations would be to intercept API calls made by applications, and then (a) prompt the user as to whether they wanted to allow them and (b) allow the user to choose to always allow, and (c) allow the user to return false/static data and pretend to the calling application that the API call ran fine, etc. With integration with a centralised system it would also be potentially possible to allow a list of API calls used by a program to be generated which would be impervious to call hiding techniques because evenually the API call must be made, no matter how circuitously the call may be constructed.
The question at the heart of this, of course, is this: Does anyone know if API calls in Android can be intercepted without actually having to make a lot of modifications to the guts of Android itself. Chances are I'll probably poke around and have a look myself, but I'm very new to Android development and figured that there may be a good reason no-one has built an application to do specifically this yet and I'd rather find out before I spend a few hundred hours bashing my head against walls someone else has already pounded on.
(Naturally, not all API calls would necessarily be intercepted for all users. If this were to be built into an application, then probably by default only privacy-related calls would be trapped. An approach similar to Privacy Blocker of using baksmali and parsing to identify easily-findable API calls would also allow users to choose which permissions to allow in advance.)
Cheers.
first: I can't add links here since I'm new user, so I'll give you only keywords
I believe that you are looking for the project pffmod
I think the project TaintDroid is the one that you look for run time analysis
If you know some kernel development, I would like to cooperate with you to build a ROM that can intercept applications using API, I also want to create something like Privacy Blocker (static analysis) but instead of patching the application the ROM will give a fake answer or exception or null value or what ever based on rules in a table.
What do you say?
There is also the MockDroid project
This project actually does something like pffmod
I can't check either pffmod or MockDroid since I have Samsung Galaxy.
I'll look into it deeply later on.
xda-developers 15
Forum Home Home Android Development and Hacking Android Apps and Games What Android security setup do you use/recommend?
MESSAGESTHREADSFORUMS
You have no unread messages.
View all messages.Log Out
XDA PORTAL POSTS
Dirty Unicorns ROM for Verizon S4
XDA Senior Memberjbatsbrings usDirty Unicorns for Verizon S4, an AOSP based ROM with good aesthetics and … more
22 Feb 2015
By Mario Tomás Serrafero
Experiam Black Theme for Sony
CyanogenMod devices aren’t the only ones with awesome theme engines, as the Sony Xperia line of phones … more
22 Feb 2015
By Tomek Kondrat
Beginners Guide to Git and Building a Kernel
XDA Senior MemberNicknoxxwrote up a guide based on his building experiences, where he explains … more
22 Feb 2015
By Mario Tomás Serrafero
Materialistic Xperia Theme
Sony is yet to release the Lollipop update for the Xperia line. While the materialized look is still unknown, XDA … more
21 Feb 2015
By Tomek Kondrat
Post Reply Subscribe to Thread
+1 Like Tweet Rate Thread Add Poll What Android security setup do you use/recommend? OPzakazak
zakazak
Yesterday, 03:38 PM | #1
OP Senior MemberThanks: 14
401 posts Joined: Dec 2010
Hey there,
I have spent a lot of time with security on Windows (research, testing, etc) and have about 10 years of experience when it comes to security, malware & privacy. On Windows I believe to have a very decent setup and there is little that can bypass my security setup. I want to achieve the same on my Android phone (currently Nexus 6) and wonder what you do and recommend to safe your privacy and improve your phone's security.
A little history of my Android security path:
On my HTC Desire HD I used Dr. web, when it got released (being the top product back then). With my Nexus 4 I switched over to Avast being the top product at that time as well as using ParanoidAndroid and it's feature to disable permissions per app (e.g. no location permission for facebook). After some time I felt like Avast was slowing down my phone and replaced it by CM Security. Well CM Security isn't the most transparent app and I am struggling with privacy when using this app.
So now on my Nexus 6 I am using the following setup so far:
App Ops (aka privacy guard) - To disable permissions per app
Override DNS - To change DNS Server for 3G/4G/WIFI to "NortonDNS"
Telegram - For secure chats
SuperSU - For root management
I disabled untrusted certificates (e.g. government) based on what certificates are allowed in Firefox browser (Android 5.x)
Phone is using encryption (Android 5.x)
I would still like to have an app that does scans every few days with high detection rate but low resource usage when on idle. SMS and Phone Call block would be a nice feature as well. Also I would want to "lock" apps with a "password pattern" so other people can't open it.
ESET seems to be lightweight, high detection rate and is a very trustable company. But 15€ a year is a little bit... meh
What setup do you guys use and recommend?
First of all there is no security on Windows. People always making the same mistake, talking and talking about what software they use to improve something and forgetting one big thing, that there are a lot of proof-of-concepts, 0day and other possible attacks out there which can't be easily "fixed" by installing an security product such an AV. There are much known and also much unknown puplic attacks (and some 0day you can pay for) that working at the lowest possible level, such BIOS hacks, HDD firmware and partitions hacks (/TLDS/BACK/and such) that are almost impossible to identified for the normal user and even a professionals it's almost impossible or simply coasts a lot of time. And I know nobody which can spend the whole day to read everything on the net which could be security news related or is able to fix it, because lack of knowledge. Knowlage is even more poverfull than installing any AV or any other products which claims to "secure" something because if you know how the hacks working, you now how to defeat them (mostly without any tools), that usually starts with something like not install software which everyone use (like flash player plugins). Sure, it does not fix the fact that there are a lot of ofter vulnerable software out there, but the risk is lower because lack of hacker interest to infect something that is only used by a few people.
You definitely not need any AV on Android, Android isn't windows and even on Windows most stuff only works if you not use any administrative account. Same like under Android, there is a sandbox which normally protect apps from crashes/evaluation escape and other stuff. Of course there are some hacks and stuff which always works (some low-level attacks like certificate attacks, poisoning and such) but recently there is more and more a focus to get your private data or hack something that affects a lot of people (mentioned certificate hacks).
So the "best" someone can do is to read, read, stay up-2-date and use some brain to not install every plugin, not click every popup and not trust every app just because 1000 or more people use it (with five star ratings, even this never protects you against all stuff).
So there is and never will be any guide or recommendation what's safe and what's not. There are opinions and links/pages to read but the rest is matter of taste, brain, knowledge and tests.
Another example is that now people starting with Android 5 people more and more use the encryption but that does not help against data leaks or will stay safe forever.
My opinion is that Telegram and some other mentioned things aren't secure and there are several good reasons but people always want to believe the hype, but's my opinion. And to change the DNS is almost useless, Android uses default the google dns - why change to another DNS if apps like whatsapp, google play services constantly trying to connect to google (for e.g. ads, ping backs, sync,..)? To believe that DNS can't be attacked is a myth, there are several attacks, especially you recommend Firefox - but by default it uses his own DNS system (which needs to be disabled first via about:config).
AppOps is also only necassary if your ROM does not have the CM privacy Feature or a similar feature.
I not understand why you asking for e.g. a phone call blocking software, just use a black-/whitelist or simply go to airplain mode or shutdown the phone (shutdown the phone should be the best against known attacks).
But as said, instead talking about which app which guy prefer (which is useless) we should start a general talk how to secure the whole os and fix possible data leaks instead of taking all over again about something what is million times written on the net.
Hello all! I'm sure most of you are familiar with Google Play Services, the base of Google's Android framework and the brains behind all the Google things you do on your phone. Less of you, however, might also know that Play Services is notorious for being a beast of an application that no one truly knows the function of.
Below here is a rough explanation of Play Services from what I know about it. You can skip this if you already know and move on to the bread and butter of this post.
Play Services is proprietary software, meaning that its source code is not available to the public. All of Google's apps are proprietary like this as well. While developers like Chainfire have legitimate reasons to close off their app source code so others don't steal it, and so does Google, it is extra worrying from a company that makes a profit off of collecting userdata. Many people, including me, do not trust Google with our data, so we try to avoid their products as much as possible.
I thought that it would be nice to create a megathread of sorts with various users' suggestions on how to subvert the constant surveillance of Play Services, while also attempting to maintain the useful functionality of it. Below are some of the primary methods that I have thought of, and that I and some others have tried:
LineageOS/CyanogenMod Privacy Guard - If you are using LineageOS or any derivative thereof, you can go to Privacy Guard and deny certain permissions from Play Services. I and another user have denied permissions from Play Services without side effects, but your mileage may vary. @javelinanddart said on Reddit that Privacy Guard does indeed block permissions from Play Services and other system apps, so rest assured that Privacy Guard actually does something rather than being a placebo.
XPrivacyLua - This is an Xposed module that feeds false data to apps rather than blocking it entirely. I haven't tried this method myself, but the XDA post I linked above reports that XPrivacyLua works, even in tandem with Privacy Guard.
microG - microG is an open-source alternative to Play Services. It emulates many key functions of Play Services - push notifications, location services, etc - without the data collection running alongside such functionality. To clarify, this is a full replacement for Play Services, so you would flash a microG package instead of a GApps package. There are lots of bugs, though, even admitted by the developer. If you want to learn more, I suggest you visit the XDA thread for it, or view the implementation progress for various pieces of functionality.
There is nothing else that I know of, so if anybody knows of another viable method or can provide their own experiences with the above ones, your contributions would be appreciated by me and the rest of the privacy community.
Thanks for thread.
My only reason to use custom ROM is because they are GApps-free. In nearly every other aspect stock ROMs are better. Phones without good custom ROM I simply setup without Google account and install f-droid and yalp stores.
Another idea:
Imagine: Google is not as evil as we think: there are many privacy related settings in your Google account. You can login with a web browser and try through all these settings - and hope.
Device is a Samsung i9305 with RR-N-v5.8.5-final, Magisk v16.0, XPosed, XPrivacyLua, microG (via NanoDroid). No genuine Google services; Google Play Store is the one and only Google application installed.
I hope it suits into this thread (thanks very much for creating it!), and I'd like to share my settings. Please refer to the screenshots; I think it's self-explaining where they where taken from.
Actually no restrictions to microG, only to Play Store.
Remarks: µG has no restrictions in the firewall (AFWall+ Donation Beta); Play Store only granted internet access via WiFi and VPN. Just for completeness; running a RaspberryPi in the home network with Pi-Hole installed and acting as the DNS-server in the network. Unless using the home network i.e. using a foreign WiFi network or mobile data, ALWAYS establishing my own secure VPN to my RaspberryPi (with PiVPN installed) via OpenVPN and again the Pi acting as the DNS-server. If interested in further details please refer to this thread.
Thanks for this.
I was considering asking for a forum section here devoted to privacy, but it doesn't seem like a popular subject here. (After all, most of the people who have already picked the most snoopery OS in the world could be assumed to be not particularly worried about privacy. ? )
I come from a different motivation: the hope that by using a somewhat hackable OS, one can theoretically modify it in ways to achieve one's objectives, including privacy. But the last few years have made it rather clear that the Big G is working determinedly to foil such efforts.
Lately that seems to take the form of pushing more and more essential services into the Gplay frameworks, and deprecating perfectly working things like GCM in favor of intertwining it with Firebase, which may saddle us with that analytics data vacuum in order to get another essential service, push notifications.
Re: revoking permissions from Gplay frameworks, I feel like Google's determination to get their hands on data by hook or by crook (eg their ignoring of user preferences to disable various radios and enabling them in the background anyway, to track location and such) means they will quite possibly circumvent these preferences at some point as well.
As I mentioned in another thread I've experienced various problems in the past when I tried to aggressively restrict perms on the Gplay services using CM/LOS Privacy Guard, but perhaps some of that came from choosing interactive restriction prompts rather than blanket revoking. I do know that so many essential services are tied-into the Gplay frameworks these days that blocking tons of perms will inevitably cause breakage of some things depending how you use your device.
Jrhotrod said:
...
There is nothing else that I know of, so if anybody knows of another viable method or can provide their own experiences with the above ones, your contributions would be appreciated by me and the rest of the privacy community.
Click to expand...
Click to collapse
Due to your request above, please allow me to draw your attention to two threads by me. In these threads I tried about one and a half year ago to initially capture but also to update how I believe to have enhanced the battery duration, privacy and security of my GT-i9305 and how I went for a GApps-free device with microG.
Over the time until today, some of the described implementations, applications and measures became absolete or were replaced by others (e.g. using NanoDroid - or Nanomod as it was called in the beginning, since it has come out). Some changes occured due to the step from Marshmellow to Nougat or the non-availabilty of the official Xposed framework for Nougat in the very beginning. However, over all the time I've tried to maintain both threads updated and amended but currently not to much occuring on that frontline, probably because I've received a privacy status on our devices that obviously satisfies me in my personal opinion.
Oswald Boelcke said:
Due to your request above, please allow me to draw your attention to two threads by me. In these threads I tried about one and a half year ago to initially capture but also to update how I believe to have enhanced the battery duration, privacy and security of my GT-i9305 and how I went for a GApps-free device with microG.
Over the time until today, some of the described implementations, applications and measures became absolete or were replaced by others (e.g. using NanoDroid - or Nanomod as it was called in the beginning, since it has come out). Some changes occured due to the step from Marshmellow to Nougat or the non-availabilty of the official Xposed framework for Nougat in the very beginning. However, over all the time I've tried to maintain both threads updated and amended but currently not to much occuring on that frontline, probably because I've received a privacy status on our devices that obviously satisfies me in my personal opinion.
Click to expand...
Click to collapse
Wow, this is really great! Very high-quality thread.
Will add to OP later today
I apologise for the double post (original in my thread here) but I guess it also suits in this thread.
Found the below quoted post by @jawz101 in the XPrivacyLua thread here. Pretty interesting, and therefore I like to share:
Looking around on Data Transparency Lab website http://datatransparencylab.org/ - they fund grants for research in privacy stuff.
...I found an app called AntMonitor, an academic research project that does a MITM SSL cert + local VPN to look at sensitive traffic - even that which is encrypted. https://play.google.com/store/apps/d...it2.anteatermo
Anyways, it shows some apps trying to send my gps coordinates even though it doesn't have Android permission. Like, my coordinates are actually attempting to be sent encrypted to a destination. XPrivacyLUA doesn't trigger so I can only assume they grab my coordinates in a way that circumvents the traditional Android permission model.
To test, just try the app and open a few apps. I think it's apps with the Facebook graph API that is maybe doing it.
If you like ANTMonitor another app that does an SSL cert+ VPN is Lumen Privacy Monitor- a project by Berkely, but it doesn't seem to detect raw coordinates like ANTMonitor does.
Click to expand...
Click to collapse
However, I suggest to also follow the discussion/conversation between jawz101 and M66B, which has developed after this post.
Oswald Boelcke said:
Found the below quoted post by @jawz101 in the XPrivacyLua thread here. Pretty interesting, and therefore I like to share:
However, I suggest to also follow the discussion/conversation between jawz101 and M66B, which has developed after this post.
Click to expand...
Click to collapse
This is certainly an important discovery, thanks for the news.
Now for the sidenote that's 10x longer than the main comment. ?
One of the key issues I have with the various "privacy tools" is trying to figure out whether or not I trust all these entities that produce these diagnostic things to not be a solution worse than the problem when it comes to possessing and safeguarding my sensitive personal data.
It's getting to the point where I'm no longer enamored of giving *anyone* access to such stuff if I can help it, no matter *who* they are.
Even if they're not lying about their intentions and their commitment to security/privacy, there are still matters like carelessness/incompetence and targeted attacks to worry about.
@Exabyter: You're statement and expressed concerns are abolutely correct. Nothing to add except that I wouldn't limit it to "privacy tools" but especially include all applications that require root (and get it granted by the user) or all Magisk and Xposed modules. The latter should definitely concern.
My personal decision:
I'm not willing to trust anybody from the very beginning but I'm willing to trust single persons, groups or agencies. I've developed my own, private criteria, to which I stick but I've also admit the final decision isn't always based on rationality but also a lot on my feeling (in my stomage).
I don't held any confidential data on my device but privacy related ones, and I don't use my device for any kind of banking, shopping or payments.
I consider to use tools, modules and applications if their functionality rests within my defined specifications for the use of my device. Then I go for "the shopping tour" while I try to look into the details of the tools under closer examination, which includes where is it from, who's the developer etc.
I'll continue with the measures already described in one of my threads.
Oswald - I think we have largely similar stances on such things. In my case I will sometimes sway towards the pragmatic over the pedantic when the pedantic involves so many inconveniences that the tech becomes more of a burden than a help to me.
For example, I really don't like the idea of 3rd-parties keeping data pertaining to my daily geographic movements, but I also use several tools and services that by their nature rely on location data which could in some cases end up in the hands of parties I'd rather didn't have access to it. So I have to regularly weigh the apparent cost/benefit of such services and there are certainly some of them which have a high enough value to me that I willingly lower my default "protection level" in order to keep the other benefits of such tools/services.
Certainly microG is an important tool in that toolchest as it has a major disruptive impact on some of the most common ways Google and other parties snoop on users. But some of its imperfections also threaten to keep me from my ultimate goal of carrying a single phone which performs all the tasks I need to accomplish with it without undermining my privacy in a major way. (And ultimately, my freedom and agency as a citizen in a nominally and allegedly "free and democratic society", which is the actual "big picture" problem with privacy incursions in general IMHO)
I have spent several years now, with varying degrees of effort and success, trying to come up with a hardware/software solution to this problem, and I've never reached a point where I'm fully satisfied with the results. The fact that I am still carrying several mobile devices with me everyday is proof enough that I haven't achieved my objective in this regard and it gets tiring. As does all the time spent on venues such as XDA, researching, discussing and keeping-up with all the relevant issues, not to mention the large amount of time spent tinkering with HW/SW in order to keep all the special measures working. (And after we finally get things working more or less the way we want, we are faced with the particularly customized hardware wearing out, becoming unsupported, 3rd-party ROM and other compatible and necessary software being abandoned/deprecated, and so on and so forth.)
Truth to tell I'm a bit bitter about the amount of time/energy I have to spend to achieve something which should have been part of the mobile platforms in the first place. The current de-facto mobile platform duopoly certainly doesn't help matters.
---------- Post added at 03:39 PM ---------- Previous post was at 02:57 PM ----------
Now that I've gotten that philosophical rant out of the way ? ...
So as far as technical specifics:
microG of course is a big help as it either neuters or removes many troublesome anti-privacy vectors. For example, at the present time it does not support Firebase Analytics at all, which means (as far as I can tell) any app that expects to get telemetry on users via Firebase Analytics will not get anything if the app user's device is Gapps-free and using microG instead. (It remains to be seen if adding Firebase Cloud Messaging capability to microG will negate this presumed benefit. Cynics like myself are inclined to think one of Google's key objectives in deprecating Google Cloud Messaging and rolling push notification frameworks into Firebase instead was specifically to undermine the ability of users to avoid/circumvent Firebase Analytics)
XprivacyLUA looks interesting and is on my list to test. I found its predecessor Xprivacy to be an extremely tedious and labor-intensive option so I never seriously pursued it after my initial testing.
There are various tools I find handy to help get a sense of how dangerous certain apps may be to privacy. Here are a few:
AppBrain Ad Detector
https://play.google.com/store/apps/details?id=com.appspot.swisscodemonkeys.detector
Addons Detector
https://play.google.com/store/apps/details?id=com.denper.addonsdetector
Checkey (also on f-droid)
https://play.google.com/store/apps/details?id=info.guardianproject.checkey
Applications Info (also on f-droid)
https://play.google.com/store/apps/details?id=com.majeur.applicationsinfo
Permission Friendly Apps
https://play.google.com/store/apps/details?id=org.androidsoft.app.permission
I got a good Custom rom overview from this post, especially the google spreadsheet: https://forum.xda-developers.com/oneplus-6/how-to/custom-rom-t3867290
I looked into a coupe of those, and found some questioable features. For example: Havoc OS lists something like wather info on lock screen. This made me think about where this functionality would get the telemetry for my location.
TLDR; Are there any Custom Roms that are especially focused on user privacy or with this concern at least in mind?
In general I know about the custom rom Replicant but they only support very old smartphones. I decided that the Oneplus 6 is the perfect phone for me I also want to find the perfect custom rom.
If searched on google and the only the other os showing up is lineage. Other than beeing open source what would be the difference to lets say aosp extended regarding special features and privacy?
I won't be using gapp and i am still thinking about microg. Since Google is such a great company I wont get notifications without going though their ****ing gcm unless sacrificing significant battery life (more info: https://www.reddit.com/r/fossdroid/comments/9ayrgc/privacy_on_gcm_microg/ ).
Hi, I think when it comes to privacy, regular custom ROMs have little impact. As long as you're not using OOS or a port (like MIUI), all ROMs should be pretty good, as long as you don't install gapps.
Lineage has a good reputation, it's well known and they made a lot of basic apps so you don't need to rely on others (they're often based on older AOSP apps). LOS also comes with Privacy Guard, which is similar to the default Android permissions manager, but with a few extra options, including a very basic firewall. If you want to use microG, you have to go for a special edition that you can find here: https://lineage.microg.org/
But other ROMs are fine as long as you have the proper apps installed and a proper setup overall. You can check my thread which is related to microG but also privacy: https://forum.xda-developers.com/oneplus-6/how-to/guide-microg-oneplus-6-source-ligthway-t3874469/
Depending on your current knowledge, it's mostly a lot of reading about what apps you can use, what browser you should use, what firewall, what ad/tracker blocker, etc.
If you're on telegram, I'd recommend you join @nogoolag , it's full of useful notes about what apps to use, what settings are ideal, infos related to VPNs, etc.
EDIT: about weather in custom ROMs: you can usually very easily disable the service or even remove the related APKs, so it shouldn't be a criteria imo.
@Tomatot-
Thank you very much for you awesome reply. Your thread about microg helped me a lot. I will follow your guide there.