Related
Guys,
Does anyone know of a software package for windows or even an app for the android that will basically lock down the phone so no apps can be installed unless there is a password entered (by I.T. Administrator etc)? We are trying to rollout android phones but would like to limit app installation.
Thanks
Yeah sure remove the VENDING.apk in the system/app folder, root permission is needed for this though, I use a program called root explorer, and this will remove the android market from the phone/tablet.
But there would still be other ways to install apps, that would be just removing the most obvious
This package contains a few windows batch files to help you get UnifiedNLP working with (or without) Google Play Services on your phone. Extract it anywhere and run the batch files as needed. Everything required is included in the download but you will need root ADB capabilities. Learn more about ADB here:
http://wiki.lineageos.org/adb_fastboot_guide.html
For the record, I use this on Nougat. More specifically, LineageOS 14.1 so I can't say how it will work or what is necessary on other versions or roms.
Included Batch Files
To use these scripts your phone needs to be connected to your computer.
Install.bat - Install apks and addon.d updater script
Patch.bat - Patch framework-res.apk
DisableGoogle.bat - Disable Google location services and permissions
EnableGoogle.bat - Enable Google location services and permissions
Restore.bat - Delete apks, restore stock framework, enable services and permissions
GetDiff.bat - Create new patch file.
Background
UnifiedNlp is a network location provider that can be used instead of the Google network location service that's included in Google Play Services. The version used here is the GApps version that can be used along side Google Play Services.
https://github.com/microg/android_packages_apps_UnifiedNlp
Installing the Apps
Run Install.bat
UnifiedNLP has to be installed as a system app. This script installs it in /system/app along with some backends. It also installs an addon.d script so it will survive system updates if your rom supports it. Once installed, you can find the app in your app drawer. See the thread on XDA to help set it up.
https://forum.xda-developers.com/android/apps-games/app-g-unifiednlp-floss-wi-fi-cell-tower-t2991544
Patching the Framework
Run Patch.bat
To use a location provider, it's package name has to be included in the "config_locationProviderPackageNames". This script patches framework-res.apk to include the UnifiedNLP package name. I've created a thread on the LOS subreddit asking for this to be included by default but until then we'll have to patch each update.
https://www.reddit.com/r/LineageOS/comments/5u919y/support_for_unifiednlp/#ddto2rc
If patching fails run GetDiff.bat to create a new patch file:
When prompted, open arrays.patched.xml in your text editor (Notepad++ recommended)
Find 'config_locationProviderPackageNames' section
Add a new item 'org.microg.nlp'
Save and continue
Run Patch.bat again
Disabling Googles Location Service
Run DisableGoogle.bat
When you enable network location in settings you also enable Google's location service. There's no simple way to enable one without the other... Bit of a monopoly and totally wrong if you ask me, but that's the way it is. So we have to disable a couple of Google services to get UnifiedNLP working.
So now we should have UnifiedNLP working but we still have Google Play Services stalking us and constantly checking our location. This is what gives us all those NLP related wakelocks. To prevent this we just have to revoke coarse/fine location permissions for Google Play Services. DisableGoogle.bat also does this.
Disclaimer:
Needless to say, if you try this you do so at your own risk. I take no responsibility for anything.
It's always a good idea to make a full backup before doing anything like this to your phone.
Download
nlp_patch.zip
Resources:
Everything required is included in the download but if you'd like to download full versions or find out more, checkout the links.
Apktool: https://ibotpeaches.github.io/Apktool/
UnixUtils: http://unxutils.sourceforge.net/
jPortable: http://portableapps.com/apps/utilities/java_portable
ADB: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
Reserved
Download updated: There was a very silly error in Patch.bat.
I'm just posting to say that my ROM won't boot after applying this patch. Fortunately, I had a backup. I'm running Resurrection Remix on a Note 4 (N910T), which is v7.1.1 and based on a mix of LineageOS and Emotion/Emotroid (the latter is AOSP). I followed the instructions to the tee. I already had adb and fastboot installed. The patch did succeed. I also tried clearing cache and dalvik cache in TWRP, but still couldn't boot. I do have GApps installed. What could have gone wrong?
Thanks!
Hmm... Not sure why it wouldn't work for you. I can only guess that the framework didn't re-compile properly or it wasn't pushed to system properly.
One thing you could try is boot to twrp, mount system and run patch.bat from there.
No GCN push
Hey, thank you very much for your effort! I have used your Windows Batch files in an editor to translate the process to Linux. Everything works flawlessly on my LG G4 with Lineage 14.1!
Without GCM, which is sadly a dealbreaker. It seems to need permission for "com.google.android.gms android.permission.ACCESS_FINE_LOCATION", the other three adb lines in your DisableGoogle.bat can be executed and GCM still works.
So I ask: What do I lose in privacy in not revoking permission for the line above?
If location permissions are allowed then google play services will keep accessing network/gps to keep track of your location. This causes all those nlp wakelocks. I did find however that using UnifiedNLP like this caused significantly less wakelocks than using the google location services. So if that's how you need it then go for it.
BTW, what's GCN push?
Sorry, I meant GCM, Google Cloud Messaging (not Notification).
The main question would be if Google still collects and tracks Wi-Fis, cell towers etc. when I don't revoke this permission. If so, the whole enterprise to get the Mozilla Location Provider to work would be rather pointless. No push notifications for Signal, Tweetings etc. is sadly not acceptable for me.
Ah, I can't comment on GCM as I've never used it but third party app's I use push ok. But that being said, you use GCM so that's what you need to work.
The whole point of this really is to stop google from stalking you (whether for privacy, battery or both). So yeah, I'd have to agree that using this and allowing those google location permissions would be pretty pointless.
Works great on my op3t thanks a million
microG's built in unified nlp and this are same?
vegoja said:
Works great on my op3t thanks a million
Click to expand...
Click to collapse
Good to know, cheers.
sohamsen said:
microG's built in unified nlp and this are same?
Click to expand...
Click to collapse
Yes. If you're using MicroG then this isn't useful for you.
Hi,
This method works if i disabled google play services only.
Disablepatch disabled my gps lock.
any idea?
The download is dead, can you reupload?
Hi. With some little changes (updating java and apktool) I managed to get Patch.bat working on LOS 15.1 *but* my device did not boot anymore once the patched framework-res.apk was in place (and booted again once I piut back the original apk). Did I miss a step? Thks in advance for your help.
@Nyakov: the download isnt dead, try again.
@Julien Faure: You probably didnt do anything wrong. I tried this same patch on Resurrection Remix Nougat many months ago, ROM wouldnt boot. I suspect that you need to disable Android's signature verification for this to work. Check out Smali Patcher.
Thansk a lot for the quick answer! If possible, I would like to avoid rooting (and thus avoid Magisk): is there a way to disable signature verification w/o it? Something to be done, applied, installed from TWRP for instance.
@Julien Faure: Smali patcher doesnt need root. It doesnt even need Magisk, despite being listed as a Magisk module on XDA.
Follow the steps in the SP thread. Since all you want is signature verification disabled, only check that box. Once it is successful, it will create a zip file. Extract the services.jar from that, boot into TWRP, replace your services.jar with the new one, set permissions on this file to 0644.
In the zip SP produces, there will also be zero byte (0 in size) files. These are placemarkers that tell Magisk to systemlessly delete these files. But since you wont be using Magisk, you need to look in /system/framework and manually delete these files. So just find the ones that match the paths and names of the zero byte files in the zip, delete them. If you cant find all of them, just skip the ones not present.
Because you are modifying the system partition, you may also need to disable dm-verity and/or Verified Boot (AVB). But since you're patching LOS, i dont believe it will be necessary.
AnonVendetta said:
@Julien Faure: Smali patcher doesnt need root. It doesnt even need Magisk, despite being listed as a Magisk module on XDA.
Follow the steps in the SP thread. Since all you want is signature verification disabled, only check that box. Once it is successful, it will create a zip file. Extract the services.jar from that, boot into TWRP, replace your services.jar with the new one, set permissions on this file to 0644.
In the zip SP produces, there will also be zero byte (0 in size) files. These are placemarkers that tell Magisk to systemlessly delete these files. But since you wont be using Magisk, you need to look in /system/framework and manually delete these files. So just find the ones that match the paths and names of the zero byte files in the zip, delete them. If you cant find all of them, just skip the ones not present.
Because you are modifying the system partition, you may also need to disable dm-verity and/or Verified Boot (AVB). But since you're patching LOS, i dont believe it will be necessary.
Click to expand...
Click to collapse
Wow thanks a lot again. Will report here once I will have tested that.
@AnonVendetta: BTW, are you aware of any ROM (not necessarily for the 5X) which supports the UNLP + GApps configuration "out-of-the-box" w/o having to apply those patches (OP's one + Smali)? Seems to me that a lot of ROMs (if not all) decided to support the "microG as a gmscore replacement" scenario only.
How do you stop updates from automatically applying?
Dankees said:
How do you stop updates from automatically applying?
Click to expand...
Click to collapse
https://forum.xda-developers.com/showpost.php?p=74672462&postcount=5
This worked for me, but that was in the way back of 5.6.0, good luck!
Use a firewall, and block internet access to the two OTA apps. After go to Settings 》 Apps and look for the two OTA apps. Clear cache and data.
@Dankees
TechNash said:
Use a firewall, and block internet access to the two OTA apps. After go to Settings 》 Apps and look for the two OTA apps. Clear cache and data.
@Dankees
Click to expand...
Click to collapse
Huh? How do I use a firewall?
And, which two OTA apps?
Dankees said:
Huh? How do I use a firewall?
And, which two OTA apps?
Click to expand...
Click to collapse
Try NoRoot Data Firewall from the Play Store.
There are two apps that have "OTA" in the name. I forget the full name right now.
Dankees said:
....
And, which two OTA apps?
Click to expand...
Click to collapse
https://forum.xda-developers.com/showpost.php?p=74672462&postcount=5
Hi all. I've successfully rooted my Fire 10 (2017) using retyre's excellent offline rooting guide. I never (and still have not) connected to wifi and sideloaded 5.6.2.0 from what was previously at 5.5.0.0
After root, I've installed Google Play Store with forum.xda-developers.com/showpost.php?p=77125897&postcount=80
Installed Xposed Framework Installer APK, but have yet to install the actual Xposed SDK because that requires an internet connection to retrieve the SDK. And I haven't downloaded a root file explorer yet, either.
Anyways, I've read and read before doing all these things, but there's one more thing to figure out before I finally connect to wifi.
What's the correct way to prevent Amazon from pushing a ROM OTA? I've seen 2 different implementations posted around the forums.
THIS:
TechNash said:
Use a firewall, and block internet access to the two OTA apps. After go to Settings 》 Apps and look for the two OTA apps. Clear cache and data.
Click to expand...
Click to collapse
OR
THIS:
bibikalka said:
Code:
adb shell
su
mount -w -o remount /system
mv /system/priv-app/DeviceSoftwareOTA/DeviceSoftwareOTA.apk /system/priv-app/DeviceSoftwareOTA/DeviceSoftwareOTA.apk_
ls -l /system/priv-app/DeviceSoftwareOTA/
ignore any errors you may get while doing this; after 'su', you should see root (#) prompt here
Click to expand...
Click to collapse
bibikalka follows this up by saying this
bibikalka said:
How to install Xposed & Flashfire for easy backups and ROM updates
How to enable Amazon packages (apk) updates but prevent the ROM updates (keeping root & rootable rom).
1) Edit /system/build.prop and change ro.build.version.number to have "9" as the first value instead of "5", as recommended in this link
2) Reboot
3) Enable OTA by ensuring that /system/priv-app/DeviceSoftwareOTA/DeviceSoftwareOTA.apk is renamed back to apk from apk_
4) Reboot
At this point the Fire will download a lot of apk packages, and will update Amazon system components (keeping FireOS version the same).
Click to expand...
Click to collapse
-Someone help explain why one is better than the other?
-Will setting up a firewall prevent Amazon's apps as well as system firmware from being updated?
-Is the firewall implementation equally as effective as changing the DeviceSoftwareOTA.apk to DeviceSoftwareOTA.apk_?
-Is changing the build number in /system/build.prop to 987654321 all we actually need to do to protect us from firmware updates?
I did my best to compile all my relevant questions in one lengthy post hoping that it will help someone else in the same position as I am somewhere down the line.
Jned said:
https://forum.xda-developers.com/showpost.php?p=74672462&postcount=5
This worked for me, but that was in the way back of 5.6.0, good luck!
Click to expand...
Click to collapse
This method worked for me after rooting using the offline root guide. When I go into System Updates and click check, it just says "Check for updates failed." It does require root, so make sure to use the "su" command before the others or it will give you an error. I am on 5.6.0.1 by the way.
Hylex said:
Hi all. I've successfully rooted my Fire 10 (2017) using retyre's excellent offline rooting guide. I never (and still have not) connected to wifi and sideloaded 5.6.2.0 from what was previously at 5.5.0.0
After root, I've installed Google Play Store with forum.xda-developers.com/showpost.php?p=77125897&postcount=80
Installed Xposed Framework Installer APK, but have yet to install the actual Xposed SDK because that requires an internet connection to retrieve the SDK. And I haven't downloaded a root file explorer yet, either.
Anyways, I've read and read before doing all these things, but there's one more thing to figure out before I finally connect to wifi.
What's the correct way to prevent Amazon from pushing a ROM OTA? I've seen 2 different implementations posted around the forums.
THIS:
OR
THIS:
bibikalka follows this up by saying this
-Someone help explain why one is better than the other?
-Will setting up a firewall prevent Amazon's apps as well as system firmware from being updated?
-Is the firewall implementation equally as effective as changing the DeviceSoftwareOTA.apk to DeviceSoftwareOTA.apk_?
-Is changing the build number in /system/build.prop to 987654321 all we actually need to do to protect us from firmware updates?
I did my best to compile all my relevant questions in one lengthy post hoping that it will help someone else in the same position as I am somewhere down the line.
Click to expand...
Click to collapse
The methods can be ranked in terms of update prevention:
1) DeviceSoftwareOTA.apk_ blocks anything an everything, forever and ever
2) build.prop version blocks FireOS ROM updates (no threat to root), but does not block individual Amazon apk updates for various packages, so something like Amazon store may still update
3) firewall method is intermittent, and often people complain that it would still update even with the firewall blocking - this one is absolutely not recommended
I will do the build.prop edit then. Thank you!
Hylex said:
Hi all. I've successfully rooted my Fire 10 (2017) using retyre's excellent offline rooting guide. I never (and still have not) connected to wifi and sideloaded 5.6.2.0 from what was previously at 5.5.0.0
After root, I've installed Google Play Store with forum.xda-developers.com/showpost.php?p=77125897&postcount=80
Installed Xposed Framework Installer APK, but have yet to install the actual Xposed SDK because that requires an internet connection to retrieve the SDK. And I haven't downloaded a root file explorer yet, either.
Anyways, I've read and read before doing all these things, but there's one more thing to figure out before I finally connect to wifi.
What's the correct way to prevent Amazon from pushing a ROM OTA? I've seen 2 different implementations posted around the forums.
THIS:
OR
THIS:
bibikalka follows this up by saying this
-Someone help explain why one is better than the other?
-Will setting up a firewall prevent Amazon's apps as well as system firmware from being updated?
-Is the firewall implementation equally as effective as changing the DeviceSoftwareOTA.apk to DeviceSoftwareOTA.apk_?
-Is changing the build number in /system/build.prop to 987654321 all we actually need to do to protect us from firmware updates?
I did my best to compile all my relevant questions in one lengthy post hoping that it will help someone else in the same position as I am somewhere down the line.
Click to expand...
Click to collapse
I said Firewall because he didn't have root. A non-root firewall works, but isn't the most reliable.
Since you have root, go ahead and delete those two apps altogether. Use something like Titanium Backup, and then uninstall the OTA Apps. Make a backup in case you ever want automatic updates again.
Hi community!
Just installed the Samsung UI 3.0 Update.
One UI: 3.0, Android 11, Security Patch Jan 21.
Not rooted, stock Samsung-Android from Germany.
The update seems to have messed up some permissions, I can't access the Folder on "storage/<xxxx-xxxx>/Android/data" anymore. The SD card itself works fine, just the file explorer, and some apps that manually read/write data in there won't get access. How can I change it, or CAN I change the permissions without root?
Thanks for your help.
Edit: The app Podcast Addict stores the files in data. In data on the internal or external sd-card, neither can be accessed. The App works. But I regularly copy files manually into a virtual podcast which also are in data. Can't do that atm.
It's totally normal under Android 11. You need to connect your phone on a PC to access this folder.
I see, then Samsungs permission mangement up to this patch was more lax than stocks Android? I found a workaround for my specific usecase. But I still miss being able to access the podcast files via apps like wifi file explorer. I never connect the phone physically to a PC.
Radder124 said:
It's totally normal under Android 11. You need to connect your phone on a PC to access this folder.
Click to expand...
Click to collapse
Seriously, are you joking, that is ridiculous.
Hey guys,
I'm on OOS, rooted with TWRP and I want to uninstall Duo, Youtube Music, Drive and all this other pre-installed crap-apps.
TitaniumBackup does not work anymore (it fails to locate the apks when you click "uninstall") and the often quoted "uninstall system apps with adb"-method just removes the app from user space while it actually remains installed on the device in the root directory and keeps wasting space. So this method does not actually remove apps, it just sorta deactivates them in another way.
So, is there any known method to remove system apps?
Read up on how to use adb commands.. quite simple..
pm uninstall --user 0 package.name.example
You do need a laptop, it you don't have one this app is great... https://play.google.com/store/apps/details?id=com.draco.ladb
lilbrat said:
Read up on how to use adb commands.. quite simple..
pm uninstall --user 0 package.name.example
You do need a laptop, it you don't have one this app is great... https://play.google.com/store/apps/details?id=com.draco.ladb
Click to expand...
Click to collapse
it is not for android 7 (i'm using android 7)
ai.Sanaul said:
it is not for android 7 (i'm using android 7)
Click to expand...
Click to collapse
ADB still works .. or since your on 7 try this https://play.google.com/store/apps/details?id=com.jumobile.manager.systemapp.pro.
Wait you weren't the original poster... But since he has TWRP installed he could just use the file manager and delete the files from there..
lilbrat said:
ADB still works .. or since your on 7 try this https://play.google.com/store/apps/details?id=com.jumobile.manager.systemapp.pro.
Wait you weren't the original poster... But since he has TWRP installed he could just use the file manager and delete the files from there..
Click to expand...
Click to collapse
and this is an alternative of Bloatware Remover app
but thanks for help i will try
lilbrat said:
Read up on how to use adb commands.. quite simple..
pm uninstall --user 0 package.name.example
You do need a laptop, it you don't have one this app is great... https://play.google.com/store/apps/details?id=com.draco.ladb
Click to expand...
Click to collapse
As I've already written.. It does NOT really actually remove the apps from the device:
How to uninstall carrier/OEM bloatware without root access
If you want to get rid of carrier/OEM apps from your phone, here's how you can uninstall bloatware from your device without root access!
www.xda-developers.com
[...] applications truly aren’t fully uninstalled from your device. They are just being uninstalled for the current user (user 0 is the default/main user of the phone). [...]
Click to expand...
Click to collapse
lilbrat said:
ADB still works .. or since your on 7 try this https://play.google.com/store/apps/details?id=com.jumobile.manager.systemapp.pro.
Wait you weren't the original poster... But since he has TWRP installed he could just use the file manager and delete the files from there..
Click to expand...
Click to collapse
Thanks, but according to my knowledge this cannot work either since the app does not require root access. And you cannot uninstall system apps without having root. It probably just follows an adb-like approach.
lilbrat said:
ADB still works .. or since your on 7 try this https://play.google.com/store/apps/details?id=com.jumobile.manager.systemapp.pro.
Wait you weren't the original poster... But since he has TWRP installed he could just use the file manager and delete the files from there..
Click to expand...
Click to collapse
That TWRP method sounds promising. Do you happen to know if all app related files are in one place or are they spread accross several folders?
haitower said:
That TWRP method sounds promising. Do you happen to know if all app related files are in one place or are they spread accross several folders?
Click to expand...
Click to collapse
Now with all due respect, you asked for a suggestion on how to remove the apps, they were given to you, you used every reason why not to use them... Have you even tried the various methods or just "read" about them ? Trying out the methods given then verifying through TWRP file manager would be nice learning experience once you "read " up and tinker with TWRP's file manager and different file locations...
But please make a backup before you start and have necessary programs handy in case you remove the wrong file... as it can really ruin your day..
lilbrat said:
Now with all due respect, you asked for a suggestion on how to remove the apps, they were given to you, you used every reason why not to use them... Have you even tried the various methods or just "read" about them ? Trying out the methods given then verifying through TWRP file manager would be nice learning experience once you "read " up and tinker with TWRP's file manager and different file locations...
Click to expand...
Click to collapse
It is simply NOT possible to uninstall system apps without root access. Thats why neither the adb method nor the other suggested app from questionable source can even work in theory. If it were otherwise, you would have found a major flaw in the android system, which, with all due respect, I doubt a tiny little bit.
You could also suggest to swim in a muddy pond for two days and look if this removed the system apps. But I hope you understand that I won't try that approach either because I prefer to not waste my time.
But thanks anyway for the TWRP idea, I'll look into that.
@haitower here's a Magisk module I use to remove a fair number of system apps. See the REPLACE variable in customize.sh
Use the magisk module "debloater". When you are done removing apps (don't really remove) just export the file. It will make text file in your storage. Then if you want to re-install any of the apps just reopen the app and import the file.
haitower said:
Hey guys,
I'm on OOS, rooted with TWRP and I want to uninstall Duo, Youtube Music, Drive and all this other pre-installed crap-apps.
TitaniumBackup does not work anymore (it fails to locate the apks when you click "uninstall") and the often quoted "uninstall system apps with adb"-method just removes the app from user space while it actually remains installed on the device in the root directory and keeps wasting space. So this method does not actually remove apps, it just sorta deactivates them in another way.
So, is there any known method to remove system apps?
Click to expand...
Click to collapse
Maybe @BillGoss will help to clarify things a bit.
As far as i understand. On 8T (or better to say from Android 10 and latter) /system partition is read only and furthermore is located inside Super partition.
I suppose even with root access you will not be able to directly uninstall system apps without remounting /system/ as writable.
From Magisk manual we can learn that:
Since / is read-only on system-as-root devices, Magisk provides an overlay system to enable developers to replace files in rootdir or add new *.rc scripts. This feature is designed mostly for custom kernel developers.
Click to expand...
Click to collapse
For each module, the folder $MODPATH/system will be recursively merged into the real /system; that is: existing files in the real system will be replaced by the one in modules’ system, and new files in modules’ system will be added to the real system.
Click to expand...
Click to collapse
So as Magisk overlays modules /system folder to actual system with debloater module blank files android "thinks" those files specified in MODPATH/system don't exist.
Though a presume, in reality they are there.
So is magisk solutions really delete files from /system and not just "hide" them from Android?
haitower said:
Hey guys,
I'm on OOS, rooted with TWRP and I want to uninstall Duo, Youtube Music, Drive and all this other pre-installed crap-apps.
TitaniumBackup does not work anymore (it fails to locate the apks when you click "uninstall") and the often quoted "uninstall system apps with adb",method just removes the app from user space while it actually remains installed on the device in the root directory and keeps wasting space. So this method does not actually remove apps, it just sorta deactivates them in another way.
So, is there any known method to remove system apps?
Click to expand...
Click to collapse
For Xiaomi phones, first install the “Hidden Settings for MIUI” app.
1. Open “Hidden Settings for MIUI.”
2. Go to “Manage applications” and find the application you want to disable.
3. Tap on the “Disable” button.
BillGoss said:
@haitower here's a Magisk module I use to remove a fair number of system apps. See the REPLACE variable in customize.sh
Click to expand...
Click to collapse
Thank you, very reasonable and necessary.