Question for the group.
I like privacy, security and granular permission control.
I have the Sprint version of the Galaxy S6 (SM-G920P) -- rooted, running stock touchwiz.
For years, I used XPrivacy , part of the Xposed framework. I liked the granular controls, but found it clunky and cumbersome.
When lollipop came out- Xposed was temporarily non-functional with Touchwiz, until the great @wanam, @arter97, @romracer etc created the fix) solution. So originally I couldn't stay with Xposed and XPrivacy.
In searching for an alternative privacy/security option, I found LBEsec - a Chinese security company that I wasn't previously familiar with. Problem for them though- is they don't have an official english translation (and I don't speak Chinese). However, the great @vuhien solved this, and has had working English translations (not perfect, but pretty great) http://forum.xda-developers.com/showpost.php?p=46695347&postcount=2010 for LBEsec, and I've been using it for over a year.
I found LBEsec to have a better UI and be way more user friendly than Xprivacy, with more functionality (auto Advertisement scanner and blocker, anti-virus and battery monitors, etc etc)- though it didn't have quite as many granular control options as XPrivacy, but came pretty close.
Now with Marshmallow-- I have the reverse problem. Though LBEsec has apparently been updated for Marshmallow in Chinese and German, none of the English translations seem to work yet fully in Marshmallow (the "active defense"- the core of the security- doesn't seem to be working). XPrivacy however, does seem to be working (though I haven't reloaded it)
So the question for me now is--- stick with LBEsec - with its slick interface functionality and stay on Lollipop? Or is marshmallow worth it and I should switch back to Xposed and XPrivacy? Has XPrivacy gotten more user friendly?
Anyone else have experience with both security platforms and have a preference?
Or alternative?
Thanks!
(*Note- originally posted in sprint galaxy s6 sub-forum but got no answers-- apparently not many people have experience with both so I moved it up here)
I'm wondering the same thing. I found your thread by googling if there were any better options than Xposed.
You might want to put this on one of the general forums so that other Android users can give their opinions. For now, I think I'll install Xposed and Xprivacy on my Asus Zenfone, unless I can find any more information.
Stephandroid said:
I'm wondering the same thing. I found your thread by googling if there were any better options than Xposed.
You might want to put this on one of the general forums so that other Android users can give their opinions. For now, I think I'll install Xposed and Xprivacy on my Asus Zenfone, unless I can find any more information.
Click to expand...
Click to collapse
Well I'm glad someone finally replied to this... I also thought of moving it to the 'security' section.
I will note a couple things in terms of 'update'.
1. It doesn't seem that the formerly great working LBESec has been updated with a new english version in a long long time.
2. Rather than XPrivacy, I've actually been using Protect My Privacy (PMP) , which is a project by either Carnegie Melon or the University of California San Diego to provide cell phone privacy options. It's a bit more user friendly than XPrivacy, though a bit less granular. It also occassionally with a recent update slows the phone some-- I'm hoping that is just a glitch that gets resolved soon.
http://www.protectmyprivacy.org
Related
hi all!
please note: i am nothing near a professional user or even coder! i rooted my phone and i install custom roms on it, and thats about it. in addition to that i am concerned about my privacy. for me it started with the LBE Privacy Guard from the play store, it was quite nice until it stopped working, and made my phone stuck in a boot loop...
i have read and searched a lot of stuff before i decided to write this. but i havent found an easy and understandable how to. maybe that is because there no easy way to this. please go easy on me if there is already a thread for this...
i just installed openpdroid on my samsung galaxy s+ (i9001) and that is just because user bululu has made a patch for the rom i am using (cm10.1 from user davidteri) - thanks to both of them! i installed the patch with cwm (clockworkmod) and afterwards i was wondering there is no privacy setting in my menu or anything that would let me set up permissions. but from all the stuff i was reading before i figured i will need some kind of gui (not sure this is the right word - that goes for most of the stuff, but please correct me where u can, i will try and learn) so i installed 'pdroid manager' from the play store. that would finally let me set permissions for the apps! so far, so good. i am now using openpdroid...
should be all good at this point u might think, but this is where my questions begin ^^ f.ex:
is this the best solution atm? are there more solutions? what are the differences? what can u recommend?
furthermore i try to figure out how to encrypt email on android. most things i read point to k9 mail and using agp (or apg? is this the same?). i did some research on that topic an it seems to be the 'android privacy guard'. more questions here too...
it seems to be out of development, since the last changes are from 25.12.2010. is there a newer alternative for that or something i missed? or maybe it is still the thing to use or it is quite finished in its current state?!? but i dont wanna clog my device with old or unsupported software until i am 99% sure on what to do...
so basically i am asking if there is a nice and user friendly (with images) 'how to' for this kind of stuff i was just missing or is it just impossible (at the current state) to do such thing? if both answers are 'no' i'd like to start something like that, of course with your help that is...
because it seems the info i found is not coherent, its all bits and pieces one needs to bring together (in the right order and with compatible software). at least thats what it feels like for me as non-professional user and linux noob. i have no problem with puzzling stuff together but i also would like to help others who would like to do increase their security and get different opinions on whats the best way to do some things...
so if any of u got an opinion to any of the above please let me know! and help or links would be greatly appreciated! lets see if we can bring some things together and make our devices, our communication and our data more secure! and please note: this should not be device specific, my device and rom was just for information and for better understanding my starting point. this should be as broadly defined and open minded as possible. so everybody could partake and make use of it...
thanks for reading!
kind regards
bad1080
If you already got your Nexus 5 or installed a custom Kitkat ROM you already have noticed that your favorite battery stats tool, whether it is BetterBatteryStats, GSam of wakelock detector, does not work.
Well it is not uncommon for some API to be changed so when a new Android version comes out it usually takes us a few days to get hands on a device and fix things.
But this time is different and important enough for me to take time to summarize the situation.
A little history
Android has a service called 'batteryinfo' that collects a lot of info about what goes on on your phone. That service is not perfect but it provides some pretty important information about what is important to our battery monitoring apps: an insight into what drains our battery.
Our apps communicate with that service and therefore claim the android.permission.BATTERY_STATS permission protecting the access to that service. This permission is of the category "dangerous", notifying users of the fact that they should check why an app requires that permission. For a battery monitoring app it is logical to require it.
This change of course impacts devs as their apps became unusable with that release with no perspective for a fix without an expensive workaround (as e.g. already implemented in BetterBatteryStats 1.15+).
But more alarming, it prevents users to get an insight in what drains their battery and make decisions to keep or drop apps depending on the 'cost' in terms of battery life!
If I was a conspiration theorist I may believe that this change was made on purpose to prevent users from seeing how all the pre-installed apps - including those from google - affect their user experience by reducing the battery life / usability.
What happened
With kitkat starting to ship things happened pretty fast and first feedbacks started to emerge reporting that the service could not be contacted. It took me some time to get hands on a kitkat phone (in fact I flashed my gnex with an inofficial ROM and had to make sure that the errors I got were not cause by that ROM and corresponded to the behavior on a Nexus 5.
After some research two changes in 4.4 are responsible for the problem:
1. batteryinfo was renamed to batterystats
2. the BATTERY_STATS permission has been unavailable to apps (moved from protectionLevel 'dangerous' to 'signature|system'
This is the change preventing apps to be granted that permission: https://android.googlesource.com/pl...it/+/3714141d287c965ea3451831dd5167f63f8db87b
As you can see the change refers to an issue number but this issue is not documented in the public tracker (welcome to not-really-open-source).
I have posted a request on the android-platform forum to request a clarification on why that change was made (https://groups.google.com/forum/#!topic/android-platform/f-7Td9aeFKY) but DID NOT GET ANY satisfying feedback. Therefore I have filed an issue in the public bug tracker for this change to be rolled back (https://code.google.com/p/android/issues/detail?id=61975&thanks=61975&ts=1383910497).
I kindly invite you to upvote this request by staring it.
Please star it, adding a comment "I vote for this" or "Please undo this" to the thread does not do any good:
- comments are not counted, only stars
- that forum is not there to express opinions, it's for bug reports and requests. Unrelated matters like opinion will have no other result than annying the reader.
What devs should know
1. BATTERY_STATS has been moved to protectionLevel=18 (signature|system) and is not accessible to apps anymore
2. On KitKat copying an app to /system/app does not grant protectionLevel=18 anymore. This has been changed in KitKat and the target directory to gain those rights is /system/priv-apps
3. The service delivering battery stats was called 'batteryinfo' in previous Android version and is called 'batterystats' in KitKat
[update 2013-11-16]
*dream out loud*
In an open source world the community owns the source right? Wouldn't it be cool if some senior android devs would review this change and - assuming there is no good reason for it - would revert it in their fork to provide their users with what I believe is an important feature?
[/update]
I really would like to hear from some senior devs maintaining a repo about the idea of taking control and reverting that change
Google has release 4.4_r1.2 and still no joy.
Changes are here:
https://android.googlesource.com/platform/frameworks/base/+/android-4.4_r1.2
Re-enable BATTERY_STATS in a custom ROM
I wrote up a post in another thread about what a ROM developer can do to re-enable Battery Stats (non-root) in a custom Rom. Very simple, but wanted to point it out should anybody be wondering...
http://forum.xda-developers.com/showpost.php?p=48029013&postcount=26
For CM2016' KitKats only
chamonix said:
I really would like to hear from some senior devs maintaining a repo about the idea of taking control and reverting that change
Click to expand...
Click to collapse
http://forum.xda-developers.com/and...kelock-blocker-official-2016-nightly-t3393825
Does it make sense ?
Thanks for any help.
oF2pks said:
http://forum.xda-developers.com/and...kelock-blocker-official-2016-nightly-t3393825
Does it make sense ?
Thanks for any help.
Click to expand...
Click to collapse
Can you help me understanding what this mod/change is about? My suggestion was about reverting a change that was made by google to restrict the access to a certain permission. You link is to a post with a title suggesting something like blocking the ability for apps to hold wakelocks. Such a stunt would be a really bad idea IMHO but maybe I missed an important point
idea of taking control
chamonix said:
suggesting something like blocking the ability for apps to hold wakelocks. Such a stunt would be a really bad idea IMHO
Click to expand...
Click to collapse
Thanks for feedback; i'm real fan of wakelock-blocker's theory, and was wondering if :
- is it useful ?
- can it help user to take control on any kind of restriction ?
I found that completely awesome under KK (static use) but i was very disappointed on testing with LP (anarchic behaviour). BetterbatteryStats was the best observer i found around, and i thought that both were complementary; indeed Beanstalk did use use both with KK: wakelock-blocker' mod and performance/wakelock(similar to your top-app) from Omnirom. But with Omnirom, the mod was rejected : https://gerrit.omnirom.org/#/c/9266/ ; to quote you ("some senior devs maintaining a repo about the idea of taking control"), this link show how much they do ?
Recently, I discover that Beanstalk (6?) was pushing this complementary further forward: https://github.com/scotthartbti/and...mmit/5fb687ae0940a12c8f7c9e457b6d5f12f028736b
I hope there was not too much confusion or loose in my first post and i believe BetterBatteryStats is a better option that can be toggled at any time. (I won't get a lot of thanks with my KK thread....)
Does a comprehensive and plain english list exist anywhere that tells who is who and why they have a security certificate installed on my android phone?
I've asked this before and never found an answer. I find it odd that it isn't questioned and recently when installing FoxFi, it was made more poignant when many became up in arms about the FoxFi cert and the notification that some unknown entity could be monitioring activity. FoxFi is pretty clear about why that cert is there and I can't say that for the factory installed ~200 certs.
Also, is there a comprehensive list anywhere that tells what factory installed and system apps do? Many have very obscure names and even names which are quite misleading upon actually discovering what they really do. I'm sure I can't be the only one that would like to know exactly which apps are safe to freeze, disable or uninstall and upon doing so, what functionality will be lost or what other apps will no longer work, if any.
I think Google needs to step things up in these two areas so people can actually know. The work in the area of app permissions is a step in that direction, but, still a long way from full and forthright disclosure aimed at educating all android device owners.
Thanks for any direction you can provide.
Hmmmmm.... its merely about the desire to know why every android I've owned for coming on ten years now has security certs installed belonging to the DOD, Japanese Government, Experia, Equifax and many more that I have no idea who they are unless I want to research each and everyone of them. Even doing so in most cases still doesn't reveal why those entities have a cert on my phone and what it actually means. I wonder what happens if they are removed and why they are there in the first place.
As far as the many pre-installed apps that I can't imagine many people having a clue as to why they are installed or what they actually do, well, that kinda speaks for itself as well.
Nobody else wonders or does everyone else but me already know?
However, in the mean time, I'll refine my quest to changing permissions and any insightful threads on that for dummies would be appreciated.
Thanks
Hi
Thanks for writing to us at XDA Assist. Unfortunately I can't find anything relating to your question on XDA, it's probably best to ask here:
Android Q&A, Help & Troubleshooting
No response in two days, thread closed.
So I am going to post this here, because the development section is ferboten to people trying to offer useful suggestions. Geez, I hope this is the right section.
Let me set it up. ANDROID IS BASED ON THE LINUX KERNEL. Everything, and I mean everything after that fact becomes android and bloat. Given this as the basis of all things android, I have a simple set of guidelines that should be used to create a solid, reliable, bullet proof operating system for devices able to use the android operating system.
#1. Create the kernel boot section of the basic platform that supports the very basic hardware features, including touch screen, radios, power/charging/battery management, wifi, bluetooth, nearfield, audio, microphone, s-pen,etc. Basics only. Root access is standard and can be turnd on/off just like developwer functions. No special tricks or addon hoops to jump through.
#2 At this point STOP. Every single process or service to be run on the device from this point forward should be able to be individually selectable - or not. Yes, I understand that individual services or apps may have dependancies to other processes and that thouse need to be functional in order for a particular app to work. That is why, each additional service or app must list the dependencies and in the selection process, the installion will be required to verify you have the proper services installed and functioning, if not to list them and allow you to make the decision to proceed. Viola, we have NO MORE BLOAT WARE.
#3 Make selecting additional services/apps selection process a menu driven, tag selectable process. Make the unselection process smart to verify and identify the other apps dependant on the item you are killing/removing.
#4 Allow a built in snapshot option to capture the entire system as you have customized it for yourself and allow it to be backed up to external memory with the ability to bring it back, AT WILL. With no big hassles.
Those 4 items are a good start. By themselves alone, it would put all of us in the drivers seat of controlling and living with our devices.
I am aware that such a system is not for everyone. It does require some basic technical understanding of the process. But for the vast majority of users, I am certain, that an a la carte system is far superior to the bloated monstrosities being forced down our devices.
I would appreciate any refinements to my suggestions.
The silence is deafening. It has been days. Kind of says something, don't you think?
I am so very happy (not) that these boards a compartmentalized to the point where you can't get through.
Pretty much a waste of my valuable time, especially considering the fact that if my suggestions where applied, people would be clamoring for an installation with those features. I guess there is not much true "developer" in xdadevelopers anymore.
Funny guys, with the pay to remove ads spam here. Really? Why? For what.
I leave here disappointed. Not angry. Just sad.
I'm not a developer so I have nothing valuable to contribute to your suggestions in your original post but I can offer an observation regarding your perception of the level of contribution to your thread and that is the fact that is particular area of the forums probably isn't the ideal spot to have a discussion such as this. You figured that out already so sure you can call me Capt. Obvious if you wish but I'm just pointing out that yes the forums are compartmentalized (as you've stated) in such a way that development for each device is separated out. This development is centered around AOSP based ROMs or "stock" ROMs (using manufacturer released source) so if you're looking to have higher level discussions about what AOSP should look like then deep down at this device specific level probably isn't where you want to be. So there's that . . . then there's the fact that for this particular device you can basically hear a pin drop in the sub-forums as it is since nothing much is going on by way of development.
Where specifically such a discussion would see more input I'm not sure, perhaps the main general discussion section?
Thank you for your sobering reply. I get frustrated. Already had my post bounced out of "wrong" forum while trying to speak directly to "developers" (i wanted air quotes because the term does not accuratly describe its target) So I tried this. The note pro 12.0 is still the best hardware giving the ipad a run for its money. The problem its monkeyshines kiddie software running it, or not running, or barely running it. ANDROID, indian word for crappy wannabe software, developed by clueless kids.
Again, thanks for the gentle nudge. I appreciate someone willing to conduct a conversation
Are you looking for an Ubuntu or SUSE type of setup?
I think what you are looking for is similar to apt-get type of installs, I could be wrong of course. This might be helpful for many "users". I think one of the barriers is that there are slight differences between the models of tablets, and creating the logic to put in for the sub-dependencies might prove problematic. You might get more answers to this possibility by asking one of the developers directly and sharing with them. Not a developer myself.
Hi,
I don't know if I can ask you about that in this forum :
What are for you the pro and cons about the firewalls AFWall+ and LightningWall ?
Personnaly, I use AFWall+ which seems from my point of view very simple to configure and without impacts on Android configuration. But it could be because I don't have installed AFWall+ ...
I would like to know your opinion.
Thanks.
Envoyé de mon CINK FIVE en utilisant Tapatalk
So you say you use AFwall in one sentence and then you say its not installed. So which is it?
I use it and I have nothing bad to say about it. Its lightweight and no problems at all. I use whitelist though. Not blacklist.
@KernelCorn
Sorry for confusion.
I use LightningWall.
Envoyé de mon CINK FIVE en utilisant Tapatalk
Scroll down to question #37
https://github.com/ukanth/afwall/wiki/FAQ
AFWall+ is a FLOSS software (good) while LW is closed-source.
We discuss about LW in the AFWall+'s thread. Check it out: http://forum.xda-developers.com/showthread.php?p=67252997&postcount=3079
AFAIK CHEF-KOCH is the main contributor to AFWall's Github Wiki.
Thanks all.
I have the feeling of being small after reading some recommanded points.
It's impressive.
I have understood that LightningWall is not open source, and this point could be problematic for a security app.
Sorry for this question :
Could AFWall+ brick my smartphone if I am not an Android expert ?
I'm no Android expert. I rooted my old Sprint S3 a few months ago out of curiosity and AFwall was one if the first things I downloaded. Worst thing I see happening is you block access to something that needs permission. Worst case disable AFwall n settings temporarily until you figure out what box to check/allow. Read and reread the FAQ and setup procedures and you'll be fine. I love it and have had zero issues.
Read the forums here whenever you can and you'll slowly become more and more comfortable messing around with your phone. XDA has become my latest addiction!
iwanttoknow said:
Sorry for this question :
Could AFWall+ brick my smartphone if I am not an Android expert ?
Click to expand...
Click to collapse
Nope but do not forget to backup before testing stuff.
However it takes time to learn how to properly use such a software. I still have a lot of things to learn on Github but I know how to use for basic options (which user/system apps to block, easy custom script...).
If you have root, I do recommend you AFWall+ but you may also want to have a look at NetGuard.
@Primokorn
Thanks for your support
And promise to see light at end of tunnel ?
You wrote that you know how to use for basic options.
Can I find those options in AFWall+ Github ?
BTW I have root.
@KernelCorn
I don't know if I will be XDA addict
but it's certain that I enjoyed your welcome, you and the others.
iwanttoknow said:
@Primokorn
Thanks for your support
And promise to see light at end of tunnel ?
You wrote that you know how to use for basic options.
Can I find those options in AFWall+ Github ?
BTW I have root.
Click to expand...
Click to collapse
You can find recommandations, nothing more. Each user has a different setup so you'll obviously have to dig.
I also suggest you to subscribe to the AFWall+ XDA thread.
@Primokorn
Sorry, but I'm not sure if what you named "AFWall+ XDA thread" matches that :
\Android Development and Hacking\Android Software Development"[4.0+][ROOT][2.2.4-BETA2] AFWall+ IPTables Firewall [19 JULY 2016] by ukanth"
I think so, but could you confirm please ?
Thanks.
iwanttoknow said:
@Primokorn
Sorry, but I'm not sure if what you named "AFWall+ XDA thread" matches that :
\Android Development and Hacking\Android Software Development"[4.0+][ROOT][2.2.4-BETA2] AFWall+ IPTables Firewall [19 JULY 2016] by ukanth"
I think so, but could you confirm please ?
Thanks.
Click to expand...
Click to collapse
Correct. Ukanth is the dev (and a nice man )
Sent from my hammerhead using XDA Labs
Hi,
I discovered this article today :
"Similar Android Firewall solutions"
https://github.com/ukanth/afwall/wiki/Similar-Firewall-solutions
Thanks to the author.
It provided particulary for me an explanation about Xposed associated with LightningWall.
"XPosed hacks to intercept directly on the OS layer (e.g. LightningWall). This doesn't need any iptables or additional scripts since the xposed framework provides the hacking ability's."
Hi,
I'm curious to have your point of view about this German article :
https://www.kuketz-blog.de/android-firewall-ohne-root-•-noroot-firewall/
For me with Tapatalk, I realised that there is a problem to display this url; there is a special character in it :
"https://www.kuketz-blog.de/android-firewall-ohne-root-%E2%80%A2-noroot-firewall/"
A lot of people around me don't want to root their smartphone, or they don't even know what is "to root" a smartphone; it's too technical for them.
But they want to be able to decide if they authorize or not some apps to go on the Net.
A lot of them heard about "NoRoot Firewall" and wanted to use it. Do I have to discourage them ?
iwanttoknow said:
Hi,
I'm curious to have your point of view about this German article :
https://www.kuketz-blog.de/android-firewall-ohne-root-•-noroot-firewall/
For me with Tapatalk, I realised that there is a problem to display this url; there is a special character in it :
"https://www.kuketz-blog.de/android-firewall-ohne-root-%E2%80%A2-noroot-firewall/"
A lot of people around me don't want to root their smartphone, or they don't even know what is "to root" a smartphone; it's too technical for them.
But they want to be able to decide if they authorize or not some apps to go on the Net.
A lot of them heard about "NoRoot Firewall" and wanted to use it. Do I have to discourage them ?
Click to expand...
Click to collapse
Google Translate doesn't work due to this special character so I have no idea what this article is explaining.
I would suggest NetGuard, no root firewall and adblocker.
From AFWall's Github
The biggest problem is that such VPN services not work with WiFi tethering or hotspot's.
Click to expand...
Click to collapse
Wrong. Example.
From AFWall's Github
And another con is that you can't run other VPN services and VPN/Proxy's apps at the same time together.
Click to expand...
Click to collapse
Correct.
@Primokorn
Thanks.
You can click on the url of this article by going at the end of another article (see below), and clicking on the link "an German article" in this article :
https://github.com/ukanth/afwall/wiki/Similar-Firewall-solutions
I know it's a little complicated.
BTW in your opinion, is "NoRoot Firewall" a good advice for people who have unrooted smartphones ?
How can we be assured that the used VPN, is not problematic from the privacy point of view ?
Hi,
Others informations I found entitled :
"Any security difference between root based firewall (AFWall+) and non-root based ones (NetGuard)?"
http://android.stackexchange.com/qu...root-based-firewall-afwall-and-non-root-based
And also this one about NetGuard :
https://github.com/M66B/NetGuard/blob/master/README.md#permissions
"NetGuard - no-root firewall" by Marcel Bokhorst gives access to its source code, while "NoRoot Firewall" by Grey Shirts does not, if I am right.
iwanttoknow said:
BTW in your opinion, is "NoRoot Firewall" a good advice for people who have unrooted smartphones ?
How can we be assured that the used VPN, is not problematic from the privacy point of view ?
Click to expand...
Click to collapse
Of course a root firewall has a better control over the apps but a NoRoot Firewall is better than nothing
A firewall isn't really related to your privacy. I'd suggest you to have a look at XPrivacy (same dev as NetGuard - Xposed/root required). Link in my sign.
I already use XPrivacy.
It's great from the privacy point of view, though difficult at first.
But for people with no-rooted smartphones, Xprivacy can't be used.
They only have to be confident about VPN used by firewalls for no-rooted smartphones. Logically in this case, "NetGuard - no-root firewall" might be the best choice, because the code is reviewed by anyone in the community, in comparison to other with closed code.
Hi,
Can anyone tell me if it exists a tool to monitor non-root based firewalls ?
Is it possible to determine what data are exchanged through Android's VPN facilities used by non-root based firewalls ?
Is it possible with tools like "Network Log", LightningWall or AFW+ ?
I don't know if my question makes sense.