[APP][7.0+] Permission Manager X - manage AppOps and manifest permissions - Android Apps and Games

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
eXtended Permission Manager - a small app to manage permissions and AppOps.
Features:
Using eXtended Permission Manager, for each installed app, on single screen, you can:
View, grant or revoke manifest permissions
View AppOps permissions and choose one of multiple modes
Set your desired reference value for every changeable permission
The app evolved from a shell script to a GUI for my personal needs. After a ROM upgrade or changing device, it's a time-taking process to review all installed apps for granted permissions and revoke the unnecessary ones (after all privacy matters). To come up with a solution, you can set reference states of permissions which can be quickly backed up and restored. Colored bars at left indicate reference states and make it quite easy to review packages and permissions at a glance.
Manifest permissions are those normally called permissions e.g. Storage, Camera etc. AppOps (app operations) is a robust framework Android uses at back end for access control. With every Android release manifest permissions are becoming more dependent on AppOps. So it's fun to control both simultaneously and see how they relate to each other.
In short, AppOps provide a fine-grained control over many of the manifest permissions. Plus it provides additional controls like background execution, vibration, clipboard access etc. Explore the app to see more.
And yes, the basic functionality of Permission Manager X is completely free and open-source. No ads, no trackers, no analytics. You are encouraged and requested to support the development. Source code is available at below Github link.
Required Privileges / Permissions:
In order to let Permission Manager X serve you at its best, either the device must be rooted or you need to enable ADB over network.
android.permission.INTERNET is required to use ADB over network. The only connection made outside the device is to check for app updates.
Download & Screenshots:
XDALabs | Github (Free) | PlayStore (Paid)
Guide / Help:
PMX Help

RESERVED

RESERVED2

RESERVED3

RESERVED4

RESERVED5

Thanks for a well thought out useful app
Used it when switching to Android 11 on a new device. Was able to achieve required permission state in a few minutes

mirfatif thank you for providing this app!
Would it be possible to use this app to forbid apps to run at start-up?
If yes, how?

androidtel said:
Would it be possible to use this app to forbid apps to run at start-up?
If yes, how?
Click to expand...
Click to collapse
Yes. Using PMX you can set BOOT_COMPLETED (if available), RUN_IN_BACKGROUND and RUN_ANY_IN_BACKGROUND. This answer explains in detail: Disable autostart on boot and restrict background execution.

@mirfatif Hi, when I start your app and give it root permission, it still says "Getting root privileges failed". What can I do?
The app is running on Xiaomi.eu MIUI 12.5/Android 11 with Magisk 21.3.

@burn2k please get the latest build from Telegram support group: https://t.me/PermissionManagerX

mirfatif said:
@burn2k please get the latest build from Telegram support group: https://t.me/PermissionManagerX
Click to expand...
Click to collapse
V1.05-beta2 works
Thank You

Extremely useful app, this thread should get much more interest.
Thank you @mirfatif!
Also great to have it available on F-Droid!

Hello and thanks a lot for your app, so great to use.
The features that may be very useful to add are:
- being notified when an app is installed to set permissions;
- being notified if an updated app from a store have new permission to set;
- order apps by : installation date / updated date / name / number of permission allowed to app;
- navigate by app or by permission;
- set automatic recovery.

Yoannjap said:
Hello and thanks a lot for your app, so great to use.
Click to expand...
Click to collapse
Thank you for the feedback and suggestions.
- being notified when an app is installed to set permissions;
- being notified if an updated app from a store have new permission to set;
Click to expand...
Click to collapse
Paid version contains a feature named Scheduled Checks which covers both of these.
- order apps by : installation date / updated date / name / number of permission allowed to app;
Click to expand...
Click to collapse
Paid app contains Sort By option in the menu which includes all of these parameters except the last. We can add that one too.
- navigate by app or by permission;
Click to expand...
Click to collapse
You can start typing a permission name in Search Box. All apps with that permission are shown. Paid version also shows search suggestions when typing a query.
- set automatic recovery.
Click to expand...
Click to collapse
Sorry what does that mean?

Hey there, I am using an app that could load some files without issue on android 10 but this no longer works on android 11 ...
... I thought it might be due to the fact they've changed the permission system to access the phone storage in android 11 ...
any idea if PMX could help me solve that issue ??
Thanks !!
( PS : More details on reddit :
https://www.reddit.com/r/AndroidQuestions/comments/nhsxtx
)

I purchased the app in Google Play, is a great app. I like a lot that I can remove the permissions to read/write on Clipboard. That works great and there are a lot of things that you can control. I which just one thing to be added on the future... an option to allow all the permissions per app and set a separate parameter for how long and then return to the previous values. For example... an app Notepad S app, fully restricted, but before using it be able to click an option to set only to that app full permissions and the amount of minutes, once timeout the app return to fully restricted. For now that is a manual process for some of the permissions. I love the app and hope more people get this from Google Play and support your work.

bebeh said:
I purchased the app in Google Play, is a great app. I like a lot that I can remove the permissions to read/write on Clipboard. That works great and there are a lot of things that you can control. I which just one thing to be added on the future... an option to allow all the permissions per app and set a separate parameter for how long and then return to the previous values. For example... an app Notepad S app, fully restricted, but before using it be able to click an option to set only to that app full permissions and the amount of minutes, once timeout the app return to fully restricted. For now that is a manual process for some of the permissions. I love the app and hope more people get this from Google Play and support your work.
Click to expand...
Click to collapse
Thank you for the feedback. Please check Permission Watcher feature. Download latest beta from Telegram group.

permission enforcement, new app permission enforcement
(1) So if i understand correctly, the permission enforcement is there as the periodic check can notify or even fix the permissions. (2) Now the second important aspect: enforce newly installed apps. In this case, there's just notification? I'd find it extremely useful to be able to drop all (a la XPrivacyLua) or selected permissions (via template a la AppOps app) from the new app until it's manually reviewed (which could be never - no problem). Not only because the new apps get often started asap and do their antiprivacy stuff, but also because some lazy users will simply won't review them at all, and let for example, Facebook malware grab contacts asap.

doggydog2 said:
So if i understand correctly, the permission enforcement is there as the periodic check can notify or even fix the permissions.
Click to expand...
Click to collapse
Yes you are correct. Both Schedule Checker and Permission Watcher help you enforce permissions.
Now the second important aspect: enforce newly installed apps. In this case, there's just notification? I'd find it extremely useful to be able to drop all (a la XPrivacyLua) or selected permissions (via template a la AppOps app) from the new app until it's manually reviewed
Click to expand...
Click to collapse
Good point. Actually it's no way a problem for PMX to drop permissions when it's already showing a notification for a new app. But there is nothing to drop when a new app is installed. All the revokable manifest permissions are already revoked until the user does not grant them. And the AppOps: many of them don't appear until at least once used by the app e.g. VIBRATION and READ_CLIPBOARD. Many others have their corresponding manifest permissions e.g. READ_CONTACTS, which are already revoked, as pointed out.
Profiles / templates is an upcoming feature. We are working on it.
Not only because the new apps get often started asap and do their antiprivacy stuff, but also because some lazy users will simply won't review them at all, and let for example, Facebook malware grab contacts asap.
Click to expand...
Click to collapse
Contacts cannot be read in background without the permission explicitly granted by the user. And even after that, Schedule Checker is there to remind you that you haven't reviewed a newly installed app so far.
Thanks for the feedback. It's appreciated.

Related

[APP][4.0+][ROOT] Toggle Background Data 5.0 (xda-exclusive free version)

Hi,
I've developed a widget to toggle the background data restriction (called "Data Saver" on Android 7) on Android 5.0/5.1 (Lollipop), Android 6.0 (Marshmallow), and Android 7.0/7.1 (Nougat). It requires root.
This is an xda-exclusive free version! If you want to support me, please consider getting the paid version on Google Play or check out my other apps.
Please note: Redistribution of this app is not allowed!
Paid version on Google Play (more functionality): https://play.google.com/store/apps/details?id=com.cygery.togglebackgrounddata
Device compatibility: second post
This free version only includes the widget. The paid version on Google Play additionally includes a Locale/Tasker compatible plugin, support for shortcuts and support for custom images.
Device Support
Device support depends on a variety of factors, including your specific device model, Android version, installed (custom) ROM, used root provider (su binary), and SELinux configuration. This app includes options to deal with different configurations of some of those factors. Please let me know if this app does not work on your device.
Notes
The widget is passive. Thus, it has to request root every time it is refreshed. Although the battery impact is negligible, this usually results in frequent (Toast) messages indicating that the app was granted root rights. Please refer to your superuser management app if you'd like to disable those messages specifically for this app.
Other issues: When reporting any issues please include the following info in your post: Device, ROM and ROM version, exact version number of this app you use (don't just write "latest"), superuser management app (e.g., SuperSU) and version, content of any shown error messages. Describe in detail what you tried to do, what you expected to happen, and what happened instead. Include screenshots/screencasts where possible and useful to show the issue.
Cheers,
cygery
Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Changelog
v1.0.4.0:
added support for Android 6.0
small fixes and improvements
v1.0.3.0:
small fixes and improvements
v1.0.2.0:
small fixes and improvements
v1.0.1.0:
small fixes and improvements
v1.0.0.0:
initial release
Click to expand...
Click to collapse
Device compatibility:
Please note: This is not an exhaustive list and only mirrors my current state of knowledge. If your device is neither listed in the "compatible" or "incompatible" list its compatibility isn't known yet. If you test it please report and I'll update the lists.
Compatible:
Nexus 5
Nexus 7 (2013) LTE
Incompatible:
(none known yet)
(reserved2)
problem, the program disables the entire Internet
ruslan911 said:
problem, the program disables the entire Internet
Click to expand...
Click to collapse
I'm unable to reproduce this. When I enabled mobile data and restrict background data using this widget I'm still able to use, e.g., Chrome for browsing.
Is your issue that it disables background data for all apps?
cygery said:
I'm unable to reproduce this. When I enabled mobile data and restrict background data using this widget I'm still able to use, e.g., Chrome for browsing.
Is your issue that it disables background data for all apps?
Click to expand...
Click to collapse
yes
---------- Post added at 04:07 PM ---------- Previous post was at 03:51 PM ----------
Strangely enough, the device is rebooted. includes widgets, exclamation Zanko appearing in the top bar in the background stands the only restriction PlayMarket, but PlayMarket traffic passes.
Sorry for my broken English
This app toggles the global background data restriction.
Also, it only affects background data. Thus, normal (foreground) data is still allowed. I assume that's what happening when you're using the Play Store while the background data restriction is on.
Hmm....Very nice
dear cygery,
After use of a widget and after an unblocking of the screen there are duplicating badges.
If to include restriction of the background mode with a standard way, such doesn't appear.
P.S. I bought the program in PlayMarket.
ruslan911 said:
dear cygery,
After use of a widget and after an unblocking of the screen there are duplicating badges.
If to include restriction of the background mode with a standard way, such doesn't appear.
P.S. I bought the program in PlayMarket.
Click to expand...
Click to collapse
Yes, I'm aware about this. Unfortunately, there doesn't seem to be something I can do about it. Something in Android sometimes creates the duplicate notification, however, that's likely outside of my control. I have a possible idea for a workaround but I'll need to test this first.
cygery said:
Yes, I'm aware about this. Unfortunately, there doesn't seem to be something I can do about it. Something in Android sometimes creates the duplicate notification, however, that's likely outside of my control. I have a possible idea for a workaround but I'll need to test this first.
Click to expand...
Click to collapse
I've tried to implement a workaround but had no success. There's most probably nothing I can do about this.
According to my tests the "wrong" notification (either a duplicate one when the background restriction is enabled, or a single one when it is disabled) has no impact on the restriction state itself. You might want to try using third-party apps to remove the notification all-together.
I've uploaded an update (1.0.3.0) with small fixes and improvements.
cygery said:
PS: Similar to my other new widgets, I believe that this is the only app/widget which allows to toggle the background data restriction on Android 5.0. Please correct me if this is wrong.
Click to expand...
Click to collapse
Secure settings (paid version) can do this.
There shouldn't be any issues with this app on Android 5.1, however, if anybody experiences issues please post.
Working on Samsung galaxy s4 whit cm11 4.4.4 ?
Sendt fra min GT-I9505
Working just fine on 5.1 on CM 12.1
cygery said:
I've tried to implement a workaround but had no success. There's most probably nothing I can do about this.
According to my tests the "wrong" notification (either a duplicate one when the background restriction is enabled, or a single one when it is disabled) has no impact on the restriction state itself. You might want to try using third-party apps to remove the notification all-together.
Click to expand...
Click to collapse
Thanks for this utility. I do the same thing as your widget does with a combination of Tasker and Secure Settings and can confirm that these duplicate notifications have occurred in all Lollipop version I've tested when I use 3rd party apps like this or my or tasker/secure settings commands to toggle Background Data. I have not logged this but if anyone with more advanced Android knowledge wants a look I can do so.
This might have something do do with the fact that background data is silently enabled/disabled when wifi is connected/disconnected (wifi gets a background data pass-through even if background data is disabled).
or
SU permissions are different on L than KK. I wonder if the duplicate notifications are in part caused by the presence of SuperSU. In Lollipop, the native privacy guard can now control root access like SuperSU does. I wonder if duplicate notifications occurs on devices that use the native system rather than Super SU for permissions.
Just yesterday I was chasing the duplicate notification issue and thought I found a way to clear it without reboot but can not repeat the feat. While share anything useful I find there.
I've uploaded a new version (v1.0.4.0) which adds support for Android 6.0 and some small fixes and improvements.
cygery said:
I've uploaded a new version (v1.0.4.0) which adds support for Android 6.0 and some small fixes and improvements.
Click to expand...
Click to collapse
Thanks. BTW - In re duplicate BGD notifications there is some combination of actions involving a very specific order and timing of enabling/disabling wifi, and toggling background data from Data Usage settings page and interacting with the BDG status bar notification. I've managed to do this 3 times in dozens of tests but unable to reproduce reliably. Will report If I can do this repeatedly. Now, I'm off to test the new data toggle widget.
cygery said:
I've uploaded a new version (v1.0.4.0) which adds support for Android 6.0 and some small fixes and improvements.
Click to expand...
Click to collapse
I use your other apps as well. For some reason I cant use this one. It installs fine, doesn't work though. It doesnt show up as an an installed app in the app drawer. (except in TitaniumBackup, but even when you cant launch the app) Using galaxy s6 5.1.1 (Toggle data, and toggle network apps work, just this one doesnt)

[APP] microG GmsCore - lightweight free software clone of Google Play Services

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Introduction
microG GmsCore is a FLOSS (Free/Libre Open Source Software) framework to allow applications designed for Google Play Services to run on systems, where Play Services is not available. If you use your phone without GAPPS this might become a useful tool for you.
microG GmsCore is one of the two core components of the microG project.
More up-to-date descriptions and instructions might be available on the wiki
Instructions
Preparation:
You need a 4/5/6 ROM that is GAPPS-free. Either don't install them or remove them, if your ROM ships them. Please note that microG GmsCore might run on a cleaned stock ROM, but it might also brick it or cause random bugs. Be aware that only latest Android versions (4.4+) are regularly tested and thus prioritized over older versions when issues occur.
You need a ROM that supports signature faking. Some custom ROMs are patched to support signature faking out of the box, including all OmniROM-based ones. Stock CyanogenMod denied the inclusion, as the possibility of third-party play services implementations is considered a security issue (read here about why it's not). Please ask your ROM developer if unsure. The latest version of signature spoofing for Android < 6.0 has to be enabled at the bottom of the developer settings first. If your ROM does not support signature faking, but you use Xposed, you can grab a Xposed module here.
If you are a ROM developer or just do custom builds for whatever reason, you can download and include the patch from here and here for Android 5.1 or here for Android 6.0.
Remove UnifiedNlp. In case you installed it before. You can keep your backend modules installed, microG Services will be able to use them later and provide the same feature set (to be precise, microG Services includes UnifiedNlp).
Installation:
The installation does not require any modification of the /system partition. All installations should be done using the default app installer included with Android or using `adb install`. This means you need to enable third-party sources or developer mode first.
Install GmsCore.apk as provided in the download section below.
If you want to use Google Cloud Messaging ("Push-Notifications"), Install GsfProxy.apk as provided in the download section below. The GsfProxy version does not need to match the GmsCore.apk version.
If you have BlankStore installed, continue with the next step.
If you want to be able to access the Play Store, install BlankStore from its thread. It is not a requirement that you set it up correctly and this is not covered by this instructions. If you need help ask in the original thread.
If you don't care about Play Store access, Install FakeStore.apk as provided in the download section below.
Open the microG Settings, which are available in the launcher now. If you want to use any Google services (Log-In, Cloud Messaging), tick both checkboxes for background services. This is the only supported setup, but you are free to disable them if you like playing with fire. You can also open the UnifiedNlp settings to enable the location backends of your choice. If you don't have any yet, check out F-Droid. For further questions and concerns regarding UnifiedNlp, use its corresponding thread.
Reboot your device. If you skip this step, everything unwanted is possible.
Using it:
You can test Google Cloud Messaging using this test application. Push notifications do not require account registration.
You can add an account through the system settings. Some applications might ask you to do so, if you don't.
Use your applications as you like. But note that apps that use Cloud Messaging must be installed after GmsCore, else they will not work. Some hint of applications that can run due to microG GmsCore: TextSecure/Signal, Play Music, YouTube
When using AdAway make sure to put mtalk.google.com on your whitelist, else problems are likely to occur when using Google Cloud Messaging. Thanks @benstyle1 for the hint.
Downloads
See this wiki page for Downloads. You can find details on the F-Droid repository on https://microg.org/fdroid/.
Signing key
The NOGAPPS and microG Project use a shared signing key. Apps and the F-Droid repository are signed using this key. You can verify app signatures using the Checkey app (not when signature spoofing is enabled) and the F-Droid key in F-Droid repository details.
The SHA-256 hash of the key is:
9B D0 67 27 E6 27 96 C0 13 0E B6 DA B3 9B 73 15 74 51 58 2C BD 13 8E 86 C4 68 AC C3 95 D1 41 65
Current implementation progress
Please check this wiki page for up to date implementation progress.
Please report bugs
This project is still rather unstable. Please report bugs as they occur. Whenever you report a bug, please tell us what application caused the bug, including its exact version. If you're the developer, name the play services library you are using. Please do not bother the original app author when it might be related to microG services. If the problem is related to geolocation with UnifiedNlp, report it in the UnifiedNlp thread, even if you're using it through GmsCore.
Thanks
Big thanks to everyone who continuously supported me doing this, by donating, pull-requests or just feedback.
XDA:DevDB Information
microG GmsCore, App for all devices (see above for details)
Contributors
MaR-V-iN
Source Code: https://github.com/microg/android_packages_apps_GmsCore
Version Information
Status: Beta
Current Beta Version: v0.2.13.203915
Beta Release Date: 2020-10-19
Created 2015-10-04
Last Updated 2020-10-20
Nice! Even original Play Store started to work with this! Not fully, but now you can login, search for apps and see already installed ones. Just download doesn't work yet. Keep up good work! Original GMSCore is android cancer.
Thanks for the new thread on this!
I am wondering why the code for GsfProxy, which looks rather simple, is not included as part of GmsCore. . .
Also, there are some older apps that I have that use Maps API v1, so I have installed it from the link at http://forum.xda-developers.com/showthread.php?t=1715375 I assume some rework would be needed to fold that into GmsCore but that would be another nice feature. The convenient thing about gapps is that it comes as a single package, having to install multiple items from the microG project makes things a little else friendly.
FWIW, I've been using the downloads from http://files.brnmod.rocks/apps/GmsCore/Latest/ and have been very pleased with GmsCore (and UnifiedNlp before it). Now that there is an official version tag, I wonder if F-Droid will pick this up. That would make it easy to keep it relatively current.
n76 said:
I am wondering why the code for GsfProxy, which looks rather simple, is not included as part of GmsCore. . .
Click to expand...
Click to collapse
The whole purpose of GsfProxy is to not be included in GmsCore: For GCM to work properly you need three packages installed: "com.google.android.gms" (GmsCore), "com.android.vending" (FakeStore/BlankStore) and "com.google.android.gsf" (GsfProxy). This is how Google build it up, don't ask me why.
A good store app requires working play services first. So one step at a time
Could Be Anyone said:
I'm not saying let's rush and have both but I just thought from what I read that blank store will be depreciated in favor of something better but having play services replacement is great.
Click to expand...
Click to collapse
I believe you are correct, Blankstore will be replaced by something in a while and it is only being maintained if/when a Google change requires it.
selemine said:
A good store app requires working play services first. So one step at a time
Click to expand...
Click to collapse
Exactly! Once Play Services are working well and there is someone to work on it, a successor to Blankstore should appear.
I'd like to help but even though I can get a number of things to compile through either the old Android CLI development system or Android Studio I haven't figured out how to get most of the components in the microG project to compile on my computer. Seems like I've bolloxed something needed to make gradle, etc., to work properly. If/when I get time I guess I should wipe the whole machine and start over on setting up a development environment.
In the meantime, I am amazed by the work @MaR-V-iN had done with the microG project. I don't miss having GAPPs on my phone at all.
Thanks for sharing
Thanks, subscribed.
Dead Cookies leave no trails...
Koloses said:
Nice! Even original Play Store started to work with this! Not fully, but now you can login, search for apps and see already installed ones. Just download doesn't work yet. Keep up good work! Original GMSCore is android cancer.
Click to expand...
Click to collapse
I tried this out yesterday after you posted it to verify your findings. I received some random play store error code.
When I wanted to do this again today, instead of the error message, a dialog popped up asking me to "renew" my account. I continued and skipped the payment details. After that I was able to download and install applications. Can you try this out on your device as well. If it does not work automatically, this might also be related to a second checkin. In this case, can you try dialing *#*#CHECKIN#*#* or on a tablet open a root shell and invoke `am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://2432546`. If this changes anything for you, please report back what you did.
Hi,
Unfortunately, I couldn't get push messaging to work properly; after installing as described I was able to sign in to textsecure, but I only get new messages when the app is opened and in foreground. Further, in push notification tester I only get the first 3 checks. Another problem is a huge battery drain since I installed it, as you can see in the picture. If I can provide more info, specific logs, I'd love to do so. Great project, thanks for your efforts.
ROM: omnirom 5.1
Device: Samsung GT-I8190
Never installed original gapps on this setup, using blankstore, which works without problems
Sent from my GT-I8190 using XDA Free mobile app
I just tried reinstalling Play Store after having your gmscore for a while on my device and Google Play is fully working now
I guess it's running second check in later on and that makes play store work. Anyway, awesome job, not falling back to blankstore at this point. Amazing work! Thanks!
microG Services Core keeps crashing when trying to sign into my Google Account.
---------- Post added at 04:32 PM ---------- Previous post was at 04:25 PM ----------
Rebooting fixed it.
benstyle1 said:
Unfortunately, I couldn't get push messaging to work properly; after installing as described I was able to sign in to textsecure, but I only get new messages when the app is opened and in foreground. Further, in push notification tester I only get the first 3 checks. Another problem is a huge battery drain since I installed it, as you can see in the picture. If I can provide more info, specific logs, I'd love to do so. Great project, thanks for your efforts.
Click to expand...
Click to collapse
These problems are likely caused by a bug in the gcm background service. Can you please grab logcat for output containing Gcm (from a unix shell `adb logcat | grep Gcm > gcm.log`) and send this to me (PM, it might contain sensitive data). Rebooting afterwards might fix the issue. Normally `mcs` shows up in BetterBatteryStats with about 1% max, the other wakelock never appeared in BetterBatteryStats on my test device.
dank101 said:
microG Services Core keeps crashing when trying to sign into my Google Account.
Click to expand...
Click to collapse
This happens when no checkin happened before. make sure you have automatic checkin enabled in settings, rebooted and then got a network connection. You can also force checkin manally by dialing *#*#CHECKIN#*#* or on a tablet open a root shell and invoke `am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://2432546`. The problem is known and will be fixed in the next alpha.
MaR-V-iN said:
These problems are likely caused by a bug in the gcm background service. Can you please grab logcat for output containing Gcm (from a unix shell `adb logcat | grep Gcm > gcm.log`) and send this to me (PM, it might contain sensitive data).
This happens when no checkin happened before. make sure you have automatic checkin enabled in settings, rebooted and then got a network connection. You can also force checkin manally by dialing *#*#CHECKIN#*#* or on a tablet open a root shell and invoke `am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://2432546`. The problem is known and will be fixed in the next alpha.
Click to expand...
Click to collapse
I turned everything on and rebooted and it worked.
Maybe could be used on jolla?
Sent from my A0001 using XDA Free mobile app
Themirk91 said:
Maybe could be used on jolla?
Sent from my A0001 using XDA Free mobile app
Click to expand...
Click to collapse
Try it.
cAn I use this to play CLAsh of claN???
MaR-V-iN said:
I tried this out yesterday after you posted it to verify your findings. I received some random play store error code.
When I wanted to do this again today, instead of the error message, a dialog popped up asking me to "renew" my account. I continued and skipped the payment details. After that I was able to download and install applications. Can you try this out on your device as well. If it does not work automatically, this might also be related to a second checkin. In this case, can you try dialing *#*#CHECKIN#*#* or on a tablet open a root shell and invoke `am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://2432546`. If this changes anything for you, please report back what you did.
Click to expand...
Click to collapse
Dialing *#*#CHECKIN#*#* got rid of that random error code but now the play store FCs after accepting permissions.
Nice work but I don't that be Google will be happy to know the existence of this Suite of Apps.
Second: I think these new services/apps are using direct HTTP(S) calls to Google's WebServices ...so what will happen if G frequently change/add some code/parameter and/or add a crypted token to the communication? It will be not easy to follow all G updates in the next years.
Third: using an alternative GoogleServices leaves the credentials/data and all user informations in an unknown/untrusted group of people's hands. G could not be the most transparent "group of people" (about privacy and data retention), but......
I think G will force you to stop this project or (it's the most simple way) G will add special crypted tokens (not only the OAuth one) to all its WebService calls...or other things to prevent your framework to work.
I respect all projects but IMHO touching user's credentials, personal informations, payments and other critical things it's not a good thing that an user should trust on if not managed by someone trusted (I repeat: G could not be the most trusted "person" but at least it follows laws and be punished by them if G do illegal things with data/credential/payment....and I don't think it will be the same for the authors of this project).
I think this could be a big and great project but just for educational purpose to write "wrappers" around WebServices...but not a thing to be used in a real-life environment where real credential and payment data are sent, used and watched by these new Services...
Well that's why it's open source - you can inspect the source code to ensure the alternative services aren't doing anything shady with your details.
And if you don't trust the precompiled APKs, you have the option of compiling the source code.

[APP][4.0+][NO ROOT] PrivateMe - Hide Apps, Clone Apps, Hide Photos

Hi everyone,
We have been working on something :victory:
This is PrivateMe. It aims at giving you the control of your privacy. The apps hidden in it will not be seen on your launcher, recent apps list, app management in system settings and any other app trace on your phone system. Moreover, PrivateMe allows you to run multiple accounts at the same time with two cloned apps, hide private pictures, and provides other multiple solutions for privacy protection.
It is the world's first App that provides the complete app hiding solutions without ROOT!
# Highlight about PrivateMe feature:
- Instead of locking the apps, PrivateMe can completely hide them just for your own.
- Effectively hide apps without root but even better experience.
- Perfect notification hiding solutions, make apps 'disappear' from your phone completely.
- Remove apps from 'Recent Task', to protect your apps trace at all aspect.
- Built-in safety lock to block snooper, ensure no one can enter your secret.
- Run multi accounts at the same time in one phone, receive both notifications without interference.
- Easily manage your private photos, without concern of leaks.
# The newly added feature of v1.2
- Quick Touch, the shortcut plugin to help you use the features of PrivateMe efficiently. When using PrivateMe or apps in PrivateMe, you can quickly switch to any other apps in PrivateMe.
- Cover PrivateMe, when enabled, PrivateMe will not be seen on your launcher, you can access it through a disguised calculator.
- Boost feature, one tap to release memory of system and PrivateMe, make your phone run more smoothly.
# The newly added feature of v2.0
- Combined Hide and Clone to the feature of Create Apps in PrivateMe, easy yet discreet
- Added Task Manager, easily manage application processes
- Added Mock Notification feature, mock app notification to make your messages more secure
- Added White List of Boost feature, avoid important apps being ended accidentally
# How to hide apps completely? - On this version we combined Hide and Clone to the feature of Create Apps in PrivateMe, here is the steps for hiding apps
Click the ‘+’ button on home screen to enter App Creating list. From here, you can choose to create local apps into PrivateMe or create new apps in PrivateMe through App market without records. When creating completed, this app can be used in PrivateMe normally, it is independent and has no relation with the app in system. To completely hide apps, you can uninstall it on your phone system, or later opening this app in PrivateMe to choose to uninstall from system.
# FAQ:
1. Why does PrivateMe request so much access permissions?
- PrivateMe requires these necessary access permissions to ensure a normal operation for the hidden apps and cloned apps.
2. Why does PrivateMe take up larger storage, traffic and battery consumption relatively?
- The used storage, flow and power calculated under PrivateMe are consumed by the hidden apps and cloned apps.
3. Why does PrivateMe have the option to Prevent Uninstallation?
- If PrivateMe gets uninstalled, all your data in PrivateMe and the apps being used in PrivateMe will be cleared together. We strongly recommend you to enable Prevent Uninstallation to avoid any inconveniences caused by data loss. While enabled, PrivateMe can still be uninstalled in the app itself.
# Requirement: On Android 4.0 and later
# Download: To ensure that you can use the latest version, you can grab it from Google Play:
# Contact us: Hey all, we're developers and we'd like features of our application to be better compatible. If you have feedback please feel free to say so in this thread or post feedback to us privately, E-mail to [email protected] or like us on Facebook @privatemeapps, any comments are welcomed :highfive:
# Screenshot of PrivateMe:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nice job! Without root is really an exclusive bright spot. Maybe to add some permission management feature can make it more perfect
Yes, I need it.
SadieChen said:
Nice job! Without root is really an exclusive bright spot. Maybe to add some permission management feature can make it more perfect
Click to expand...
Click to collapse
We are very engaged at keeping this app updated according to constructive user feedback. Thanks for your idea
welcome more features, for more details maybe you can chat with our team:highfive:
Travis Thomas said:
Yes, I need it.
Click to expand...
Click to collapse
Use the app, and tell us what you think, we will be very happy
# The main detailed features of PrivateMe:
1. Hide apps - Protect your privacy, hide apps on your device, like Tinder, etc: hide apps you’ve already installed, hide new apps by installing it from Google play without records
2. Clone Apps - Log in multi accounts of social networking apps or game apps at the same time on one device, like Facebook, etc: run multi accounts at the same time on one phone, receive both notifications without interference.
3. Hide pictures - Protect your private pictures from being seen, avoid embarrassing situation that other people find them accidentally.
4. Mock Notifications - When enabled, you can mock the notification content to make no one notice your messages, which will just be seen by your own.
5. Cover PrivateMe - When enabled, PrivateMe will not be seen on your launcher, you can access it through a disguised calculator. No one can find it and get password to access.
P.s. This thread is for your open discussion about PrivateMe, if you spot any bugs or unwanted user experience, or would like to add more features to the app, please feel free to throw your ideas back and forth and I'll do my best to keep up with them.
:victory: Thanks, just click the thanks button, we will be very happy!
Hi,
Tested the 'Clone App' feature, it works great, now I don't have to log out/in for my game (virtualregatta)
jisse44 said:
Hi,
Tested the 'Clone App' feature, it works great, now I don't have to log out/in for my game (virtualregatta)
Click to expand...
Click to collapse
Great! It can help you :highfive:
The next version with more optimized features is coming soon, you can rate us a 5-star on Google Play.
It would be nice if you include secret dial number to open the app or something like that.
murali3127 said:
It would be nice if you include secret dial number to open the app or something like that.
Click to expand...
Click to collapse
+1 :highfive:
murali3127 said:
It would be nice if you include secret dial number to open the app or something like that.
Click to expand...
Click to collapse
You mean to add the secret dial number to access PrivateMe? The built-in safety lock for PrivateMe is available, by which you can set the pattern passwords, go to PrivateMe - Me - Password - enable Pattern password - then you can set your unlock pattern for PrivateMe
Maybe you prefer the number password, or the feature you mentioned refers to other meaning? Look forward to your further reply
Then our team will discuss upon it to optimize...
Trigtech said:
You mean to add the secret dial number to access PrivateMe? The built-in safety lock for PrivateMe is available, by which you can set the pattern passwords, go to PrivateMe - Me - Password - enable Pattern password - then you can set your unlock pattern for PrivateMe
Maybe you prefer the number password, or the feature you mentioned refers to other meaning? Look forward to your further reply
Then our team will discuss upon it to optimize...
Click to expand...
Click to collapse
I want PrivateMe to be accessible through secret ways and to be hidden from launcher and everything. Like typing a code on dial pad and you are prompted for pattern or password. I think applock has this kind of feature.
murali3127 said:
I want PrivateMe to be accessible through secret ways and to be hidden from launcher and everything. Like typing a code on dial pad and you are prompted for pattern or password. I think applock has this kind of feature.
Click to expand...
Click to collapse
Oh nice! This feature to hide PrivateMe itself I will discuss with our team, keep your expectation for what's next for the app
Aaaa... So you're a developer! Nice...
Xingle said:
Aaaa... So you're a developer! Nice...
Click to expand...
Click to collapse
Nice to see you again. I have translated and sorted all the 900+ xposed modules in xposed repository. I told you so, I love XDA
Hey If Wanna A Translator to translate your app to arabic language PM me.
mhmdalsfaf said:
Hey If Wanna A Translator to translate your app to arabic language PM me.
Click to expand...
Click to collapse
Thanks much. In the near future, we will go on the Voluntary Translation Plan, by that time will invite you to join us
Trigtech said:
Nice to see you again. I have translated and sorted all the 900+ xposed modules in xposed repository. I told you so, I love XDA
Click to expand...
Click to collapse
Awesome
Btw there's a typo on one of the screen shots on play store....
Trigtech said:
Hi everyone,
We have been working on something :victory:
This is PrivateMe. It aims at giving you the control of your privacy. The apps hidden in it will not be seen on your launcher, recent apps list, app management in system settings and any other app trace on your phone system. Moreover, PrivateMe allows you to run multiple accounts at the same time with two cloned apps, hide private photos, and provides other multiple solutions for privacy protection.
It is the world's first App that provides the complete app hiding solutions without ROOT!
# Highlight about PrivateMe feature:
- Instead of locking the apps, PrivateMe can completely hide them just for your own.
- Effectively hide the apps without root but even better experience.
- Perfect notification hiding solutions, make apps 'disappear' from your phone completely.
- Remove apps from 'Recent Task', to protect your apps trace at all aspect.
- Built-in safety lock to block snooper, ensure no one can enter your secret.
- Run two accounts at the same time in one phone, receive both notifications without interference.
- Easily manage your private photos, without concern of leaks.
# FAQ:
1. Why dose PrivateMe request so much access permissions?
- PrivateMe requires these necessary access permissions to ensure a normal operation for the hidden apps and cloned apps.
2. Why does PrivateMe take up larger storage, traffic and battery consumption relatively?
- The used storage, flow and power calculated under PrivateMe are consumed by the hidden apps and cloned apps.
3. Why does PrivateMe have the option to prevent uninstallation?
- If PrivateMe gets uninstalled, the system will clear the data of hidden apps and cloned apps together. We recommend you to enable Prevent Uninstallation to avoid any accidental uninstallation, click "Me-Prevent Uninstallation-Enable". While enabled, you can still uninstall PrivateMe in Prevent Uninstallation.
# Requirement: On Android 4.0 and later
# Download: Use the attached APK, or download it on Google Play by searching "PrivateMe": https://play.google.com/store/apps/details?id=com.trigtech.privateme
# Contact us: Hey all, we're developers and we'd like features of our application to be better compatible. If you have feedback please feel free to say so in this thread or post feedback to us privately, E-mail to [email protected], any comments are welcomed :highfive:
# Screenshot of PrivateMe:
Click to expand...
Click to collapse
Great App, [Clone Apps] is very useful and stable, Maybe making this feature a standalone application is better.
Xingle said:
Awesome
Btw there's a typo on one of the screen shots on play store....
Click to expand...
Click to collapse
Oh the spelling mistake...
We have corrected this, thanks

AdShield - No root ad blocker for samsung (Discontinued)

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AdShield
Project discontinued.
For old users it will work for next 25 years.
For new users try newUser version. If it doesn't work - it won't.
Best version: 1.1.1
Mods don't delete unless all files aren't working. Please
DOESN'T REQUIRE CUSTOM KNOX KEY!
Just download and install​
F.A.Q.
Q: Why is this not in the Google Play?
A: I don't have a developer account because I'm not 18 yet. If you can buy me an account, I'll worship you.
Q: Licence activation failed. What can I do?
A: Uninstall other ad blockers that use KNOX (Adhell, Adhell 2, Disconnect pro), connect to wifi, make sure you're not rooted, reboot, reinstall app. If nothing works - get a custom knox key and use that (how-to bellow). Other than that - I can do nothing.
Q: Which file to download?
A: Download lowest attached file. It should have highest number.
Q: Certain websites are blocked. How do I enter them?
A: Put them in the whitelist. App>Settings>Edit Blocked URLs>Whitelist Custom URLs.
Q: Why so many permissions?
A: All of them are needed.
Q: Does it block ads on Samsung Internet browser?
A: It blocks ads everywhere.
Q: Which Ad Blocker is the best right now?
A: At the moment this. Free, has all the features other ad blockers have and has full material design. See attached pictures of features and history
Q: How does it work?
A: https://seap.samsung.com/sdk/knox-standard-android
How to install:
Download lowest apk file (with the highest number) from down bellow.
Install apk file.
Open app, follow instructions.
Licence doesn't activate/I want to use my own KNOX key:
Sign in with your Samsung account here: https://seap.samsung.com/enrollment
Enroll as a developer.
Generate Knox Standard SDK Enterprise license key here: https://seap.samsung.com/license-keys (use any alias. If you already have a key, you can reuse it)
Follow instructions in app when you first run it or in settings.
How to uninstall:
Open app
Open settings
Press uninstall
Changelog:
Code:
v1.1.3 - 2017-08-29
*Made unblockable apps red (8 bixby related apps)
*You can now disable all other apps (removed issue with random apps not wanting to be disabled)
**Update frequency will now slow down.
--------------------
v1.1.2 - 2017-08-29
*You can no longer block bixby and all related applications (total 8 of them). This is due to Samsung blocking licenses on apps that allow users do that.
*You can continue blocking other system apps
*minSdkVersion set to 21 from 19 because of changed working mechanisms. App won't run on older android versions than 5.0 Lollipop.
*Changes in internal version coding.
*Updated gradle, dependencies.
*Smaller app size.
--------------------
v1.1.1 - 2017-08-29
*You can no longer disable system apps. This is to not get my key blocked. If you are using an older version, please do not disable bixby or any associated apps with default license key. Better - update to v1.1.0 and use your own key. In future release I will enable all system apps except for bixby but only on custom knox key. Please, understand my situation.
*Smaller app size
--------------------
v1.1.0 - 2017-08-28
*Some issues with button behavior fixed
*Some strings changed for better UX
*You can use custom KNOX keys now if licencing fails!
*Smaller app size
--------------------
v1.0.0 - 2017-08-28
*Small material design fixes
*Removed weird shadowy thing in package disabler above navigation bar
*New button icons
*New color scheme
*New material design icon matching color scheme and material design guidelines. Looks good on stock launcher with frames enabled!
*Many string mistakes fixed including but not limited to English mistakes and wrong app name.
*Smaller app size
--------------------
v0.0.2 - 2017-08-28
*Bug fixes
*Some design element fixes
*New package name
*Smaller app size
**It's important for you to uninstall previous version**
--------------------
v0.0.1 - 2017-08-28
*First release
*Changed app name, logo, package id
*Removed donate section, unlocked paid feature
*Renamed home button to match UI
*Added my own default knox key
What to expect in future releases:
Source code (not publicly available yet because I have to figure out how to hide my own key)
Suggested content providers.
Better ad blocking.
Bixby blocking with custom knox key
Theme store killer to keep xda themes
Better uninstalling system
Individual app firewall
More
Known issues:
After uninstalling websites don't get unblocked. Tests needed to confirm this issue
Version information:
Status: Stable
Current version: 1.1.2
Release date: 2017-08-29
First version release date: 2017-08-28
Next release estimated to be 2017-09-03
Credits:
FiendFyre for providing source code of his ad blocker where I took custom knox key system from.
Due to Samsung blocking of AdShield and other apps with package disablers, Bixby blocking is removed. For more information read changelog.
Reserved
This app along with Adhell and any current fork has a bug of blocking certain websites without it being on the blocked list, also even when I have whitelisted it.
Try www.gumtree.com.au can you please fix this
The Fix: The standard blocklist [getadhell] .... had a website in it mtree.com which was inadvertantly blocking gumtree.com. So adding mtree.com to the whitelist circumvents this.
Iwannagiv said:
This app along with Adhell and any current fork has a bug of blocking certain websites without it being on the blocked list, also even when I have whitelisted it.
Try www.gumtree.com.au can you please fix this
Click to expand...
Click to collapse
Thank you for your feedback. It appears that this website is not loading even though it's not in the ad domains list. I will investigate this further. Do you know any other websites that are not loading?
Not at the moment, I did have a list when I tried going over it with the original developer but unfortunately that fizzled out.
Perhaps make the original list removable too since your coding away.
Really appreciate your work and I hope your hard work pays off.
For what its worth, i had the same issue with the UK version of the same site, only i use the app. The only way round it was to remove it from the adblocked apps.
I didn't know the original developer worked for samsung, what a shame he got fired but it was to be expected
Iwannagiv said:
Not at the moment, I did have a list when I tried going over it with the original developer but unfortunately that fizzled out.
Perhaps make the original list removable too since your coding away.
Really appreciate your work and I hope your hard work pays off.
Click to expand...
Click to collapse
TheBlueRaja said:
For what its worth, i had the same issue with the UK version of the same site, only i use the app. The only way round it was to remove it from the adblocked apps.
Click to expand...
Click to collapse
I tried to trace what servers this website connects to and none of them were blocked. Weird.
I'm still investigating this. Whitelist blocked urls in settings
i know this just got released, but has anybody compaired it to samsung's disconnect pro?
Won't activate. I had a working Adhell, now I have nothing. Is AdShield using the same Key as Adhell on my device? Any solution?
ioancr said:
Won't activate. I had a working Adhell, now I have nothing. Is AdShield using the same Key as Adhell on my device? Any solution?
Click to expand...
Click to collapse
It uses a different key. Please update to version 1.1.0 that was released just a moment ago and use your own knox key!
To do that:
Enroll as a developer here: https://seap.samsung.com/enrollment
Generate KNOX Standard SDK key here: https://seap.samsung.com/license-keys
Put it into app and voila!
NeedleGames said:
It uses a different key. Please update to version 1.1.0 that was released just a moment ago and use your own knox key!
To do that:
Enroll as a developer here: https://seap.samsung.com/enrollment
Generate KNOX Standard SDK key here: https://seap.samsung.com/license-keys
Put it into app and voila!
Click to expand...
Click to collapse
Tried that but no matter what I do use default or use custom it fails to activate and then just hangs. Tried uninstalling and redownloading but still no go...
Art3714 said:
Tried that but no matter what I do use default or use custom it fails to activate and then just hangs. Tried uninstalling and redownloading but still no go...
Click to expand...
Click to collapse
Can't help you then. Try Adhell 2.
Adhell 2 and Adshield does not work for me too and only the paid one from playstore worked
NeedleGames said:
Can't help you then. Try Adhell 2.
Click to expand...
Click to collapse
So uninstalled but now accuweather website is unaccessible...how do I undo whatever changes this made???
Thanx
Art3714 said:
So uninstalled but now accuweather website is unaccessible...how do I undo whatever changes this made???
Thanx
Click to expand...
Click to collapse
Restart your phone.
NeedleGames said:
Restart your phone.
Click to expand...
Click to collapse
Really, of course I did that but how do u undo whatever routing changes or blocked sites.
---------- Post added at 09:42 AM ---------- Previous post was at 09:38 AM ----------
Art3714 said:
Really, of course I did that but how do u undo whatever routing changes or blocked sites.
Click to expand...
Click to collapse
It is like the changes are now permanent.
Art3714 said:
It is like the changes are now permanent.
Click to expand...
Click to collapse
I noticed that too. Uninstalled Adhell without disabling url blocking and still had ads not showing up and online adblock check returned "no ads" message too. I think it's because hosts file remains unchanged unless you specifically revert to a backup version.
Art3714 said:
Really, of course I did that but how do u undo whatever routing changes or blocked sites.
---------- Post added at 09:42 AM ---------- Previous post was at 09:38 AM ----------
It is like the changes are now permanent.
Click to expand...
Click to collapse
ioancr said:
I noticed that too. Uninstalled Adhell without disabling url blocking and still had ads not showing up and online adblock check returned "no ads" message too. I think it's because hosts file remains unchanged unless you specifically revert to a backup version.
Click to expand...
Click to collapse
Try installing app and uninstall it from the settings. I'll look at this issue later.
Host file stays same after uninstall... fixed it on mine by restoring to the day before.

[Question] [Magisk rooted Android phone]. Is it possible for an app to obtain root access without asking for it or if root access is denied by user?

If I install some tweaks with root access and then block internet access of those tweaks. I think whatever possible risk these apps pose is neutralized by the fact that the stolen info (if any) will stay on the device and will not be transmitted to a remote server.
I worry about apps that require internet operation for their basic functionality in general (these apps are not necessarily or exclusively for rooted phones. Can be any app for Android, from Play store or a third party store). I do not block their internet access for obvious reasons as they do not work in that case. But I do not provide root access to them. So if I deny root access to these apps or if an app never prompts me for it, is it possible for these apps to stealthily obtain super user permission, reach and control the kernal, or see other apps data (sandbox breach)? A virus can do this even on unrooted phones. Will the root installed on a device will help a virus to circumvent superuser access protection even when the same is denied?
hellodrsoul said:
If I install some tweaks with root access and then block internet access of those tweaks. I think whatever possible risk these apps pose is neutralized by the fact that the stolen info (if any) will stay on the device and will not be transmitted to a remote server.
I worry about apps that require internet operation for their basic functionality in general (these apps are not necessarily or exclusively for rooted phones. Can be any app for Android, from Play store or a third party store). I do not block their internet access for obvious reasons as they do not work in that case. But I do not provide root access to them. So if I deny root access to these apps or if an app never prompts me for it, is it possible for these apps to stealthily obtain super user permission, reach and control the kernal, or see other apps data (sandbox breach)? A virus can do this even on unrooted phones. Will the root installed on a device will help a virus to circumvent superuser access protection even when the same is denied?
Click to expand...
Click to collapse
In order to answer this question fully, I would need to explain many things that you're probably not interested in. Understanding android as an ecosystem requires a decent understanding of Unix-like security concepts (such as UID and GID) as well, but I can maybe answer some questions regardless.
In order of importance, here is what you should check upon first to make sure the possibility of a Rootkit (what it's called) is slim to none:
SeLinux status should be enforcing ; why? Even if your device isn't rooted, malware could still spawn dangerous processes with elevated privileges (uid 0 or root) and install themselves. You can find out if your ROM is permissive or not by using the command getenforce after using su in a terminal app. If it returns Enforcing or 1 then you're good to go.
Make sure that the magisk manager app is from a legitimate source (github). Some malware/rootkits disguise themselves as magisk and inject malicious code in your system, rendering the whole grant/deny process useless.
Only grant root access to trusted apps.
Magisk has very strong checks in place to make sure all root access requests/operations are funneled through only the manager. Leaving what happens after you grant access up to User discretion. Which is why point 3 is important.
Slim K said:
In order to answer this question fully, I would need to explain many things that you're probably not interested in. Understanding android as an ecosystem requires a decent understanding of Unix-like security concepts (such as UID and GID) as well, but I can maybe answer some questions regardless.
In order of importance, here is what you should check upon first to make sure the possibility of a Rootkit (what it's called) is slim to none:
SeLinux status should be enforcing ; why? Even if your device isn't rooted, malware could still spawn dangerous processes with elevated privileges (uid 0 or root) and install themselves. You can find out if your ROM is permissive or not by using the command getenforce after using su in a terminal app. If it returns Enforcing or 1 then you're good to go.
Make sure that the magisk manager app is from a legitimate source (github). Some malware/rootkits disguise themselves as magisk and inject malicious code in your system, rendering the whole grant/deny process useless.
Only grant root access to trusted apps.
Magisk has very strong checks in place to make sure all root access requests/operations are funneled through only the manager. Leaving what happens after you grant access up to User discretion. Which is why point 3 is important.
Click to expand...
Click to collapse
Thank you for the reply and your insights. On my device;
1. SeLinux status is enforcing
2. Magisk is from the official gethub source.
3. Root access is granted to only 5 apps, all are reputable as for as I could ''investigate''
I have about 30 other regular apps (not requiring root) installed, most are from Play store but some are from Fdroid and some are moded apks (please don't judge me on it. I like trying apps before purchasing). The moded apks have no root access during the installed period as these are apps for nonrooted devices, apparently. I directly purchase apps that require root access.
Are there any loopholes in this setting? Do moded apks and apps from Fdroid (or other third-party sources) are as safe as on non-rooted devices? Or it is more injurious to use such apps on rooted devices than on non-rooted devices?
My POV: Any app what grants these dangerous runtime permissions - defined in app's AndroidManifest.xml -
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
can be considered to be a trojan.
Hence it's highly recommended to remove all apps with those permissions.
hellodrsoul said:
Thank you for the reply and your insights. On my device;
1. SeLinux status is enforcing
2. Magisk is from the official gethub source.
3. Root access is granted to only 5 apps, all are reputable as for as I could ''investigate''
I have about 30 other regular apps (not requiring root) installed, most are from Play store but some are from Fdroid and some are moded apks (please don't judge me on it. I like trying apps before purchasing). The moded apks have no root access during the installed period as these are apps for nonrooted devices, apparently. I directly purchase apps that require root access.
Are there any loopholes in this setting? Do moded apks and apps from Fdroid (or other third-party sources) are as safe as on non-rooted devices? Or it is more injurious to use such apps on rooted devices than on non-rooted devices?
Click to expand...
Click to collapse
After an App is installed, it will be granted all the requested permissions (dangerous or not) regardless of it being a root or non-root App. If you're afraid of the App making permanent damage to your phone, then you won't have to worry about that. If what concerns you is the theft of your data (contacts, media, banking details and such), then there are ways around that as well.
Android 5.0+ devices have a peculiar solution to that problem in a form of different/work profiles. Solutions such as Island or Riru storage isolation minimize the risk of i.e. modded apps by creating a new user profile with an isolated environment, think of like a small VM environment where you specify what the App has access to in terms of storage and permissions.
Personally, I won't install a modded apk for any reason, the risk isn't worth the reward IMHO. Apps from F-droid are usually safe to install, since they're scanned for malware on the website itself.
Hope I helped you with this answer.
Slim K said:
Slim K said:
Android 5.0+ devices have a peculiar solution to that problem in a form of different/work profiles. Solutions such as Island or Riru storage isolation minimize the risk of i.e. modded apps by creating a new user profile with an isolated environment, think of like a small VM environment where you specify what the App has access to in terms of storage and permissions.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
My primary concern is theft of my data such as credentials of banking apps, some app posting nudes to my whatsapp contact, my photos circulating on the web and may be pasted in a nude video or something.... It may sound like a paranoia, but still I want to plug any patent holes if I can....
I tried the storage isolation app you suggested. Unfortunately it does not isolate some of the root apps I have on my phone (they do not appear in the app management section).
The easier solution may be a sandbox environment where a particular app could be run without other apps seeing it. I have about 10 apps in total that I think should run in an environment where neither of the root apps nor any moded app with accessibility access should see them or their data.
Does the Island app you mentioned can achieve this environment? Or is there any other solution?
Kind regards.

Categories

Resources