A quick note
If you've come from Google Play to get support, welcome! I'm glad you made it here.
Please do post a description of the problem you are having, but you may also want to read the section below labelled What should I do when it fails?, as this will make it much easier for me to provide support.
If you're having a problem, the place to post it is here, because if you do so on Google Play then I have no way of responding. Unfortunately, this has been the case where an issue has become apparent, and I have included a fix, but there is no way for me to notify those who had the problem.
In any case, back to our normal program...
What is it?
PDroid Manager is an alternative OpenPDroid/PDroid 2.0 Management App. It is currently the 'official' management app for OpenPDroid, and serves as an alternative to the PDroid 2.0 App for PDroid 2.0.
It is GPL licensed (with additional attribution conditions). Source can be obtained from my github.
What does it need?
First, this relies on either the OpenPDroid Core/Framework patches (recommended), or the PDroid 2.0 Core/Framework patches being present in the ROM. You need to have them installed, either by getting the patches (OpenPDroid, PDroid 2.0), patching and compiling a rom yourself; or using the excellent autopatcher tool by mateorod and pastime to patch an existing rom.
It also requires Android 4.1.2 or 4.2.1.
Status
This app is in a supremely alpha state. It does have bugs. It will crash if you run it without the PDroid core/framework patches. It does have a problem with the way notification icons display if you install multiple apps without configuring them. It will crash in a range of other situations I haven't thought of yet.
It will crash if you try to use it while you have the PDroid 2.0 App installed. (It's a permissions signature thing, and you can't have both installed unless you resign them both yourself: see here for how to do that.)
It has been tested on three devices a Galaxy Nexus running AOKP, and a B&N Nook (cheers to mateorod) and a Nexus 7 running AOSP.
Probably others too now, what with people using it, but I don't have a list for that =)
What is the difference between this and the PDroid 2.0 App
This is an ALPHA status tool, so it has more bugs.
This isn't complete - it is missing useful things like an 'about' box, the ability to check the PDroid core version, backup & restore, all of which are in the PDroid 2.0 App.
It can keep logs of application activities. There is currently no way to view these, though. Logs are now (I think?) supported in PDroid 2.0 App. I haven't tried them though.
You can filter the app list by whether it is a system or user app, and by the type of permissions used. Now also in PDroid 2.0 App.
You can filter apps by the 'type' of permission they use - e.g. 'messaging', 'calls', etc.
The source is available.
It can create and restore multiple (human-readable) backups on your SD card or 'external storage'.
It supports multiple languages, thanks to the contributions of others (languages and contributors are listed below) PDroid 2.0 App now supports German and English (but not Russian and French).
Did I mention it has more bugs?
What is the difference between this and Permissions Denied, and other permission-modifying apps
In brief: OpenPDroid and PDroid 2.0 do not actually change the permissions of apps; rather, they intervene when the apps try to use some of the features allowed by these permissions. For example, it doesn't remove permission for an app to use the camera - instead, it lets the app believe it is using the camera normally but then feeds back a fake image when a 'photo' is taken. Similarly, the app can try to request the phone number from the phone, but PDroid can return either a blank number, or a fake number, to the app. The main advantage of this is that rather than the app crashing, as often happens if it finds expected permissions have been removed, it continues to operate simply using incorrect data as its input.
The downside is that PDroid requires modifications to the ROM, which is difficult.
What should I do when it fails?
First, check if the problem you have discovered is a known issue, by looking at issues on my github. If if has already been lodged, but you have additional information to add, then ideally attach it to the issue in github. Otherwise, you can post it here but please clearly refer to the existing issue in github when doing so.
If it is not a known issue in the github:
You can open an issue on my github, providing a logcat: see how to get a logcat.
You can post on this thread, providing a logcat. I will try to monitor this thread, but if it starts getting out of control then I will probably try to run up a bug tracker somewhere else for people to use (and I will always fall back on the github issue tracker).
When will you stop telling me about the bugs and give me a link?
I have added PDroid Manager to the Play store, so you can obtain it from there (which means easier updating). If you do get it from the Play store, remember that support is provided via this thread, not via the Play store comments. I have only added the app to the Play store as a convenience so people can get updates without monitoring this thread.
Check the attachments to this post for the PDroid ALPHA releases. Make sure you read that ALPHA part.
Source at my github.
Requirements: Android API 16 (i.e. 4.1.2 - haven't tested in 4.2 yet).
What does it look like?
This:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Why did you build it?
The original PDroid app by Syvat, and the subsequent PDroid Addon/Extension/2.0 apps by CollegeDev didn't do everything I wanted them to do. I couldn't modify them because I didn't have the source. I'd never created an app before and I wanted to give it a shot.
Why does it need permission to access my SDCard?
I've added the ability to backup and restore your settings to the external storage. In order to do this, I need to be able to write to, and read from, the external storage. I will be adding a version at some point which doesn't require this permission, and cannot do backups.
Isn't doing backups to the external storage really insecure? Couldn't another program edit my backups?
In general, doing backups to the external storage would be insecure, in two ways: other apps could read your settings from the backup, and other apps could edit the backup so when you restore it your settings are wrong.
The ability for other apps to read your settings is a problem even ignoring backups. The Pdroid 2.0 Core (and the original PDroid Core) do not prevent applications from reading settings without any permissions whatsoever. Yes, any app can read your settings directly from the PDroid service. That is the way the PDroid core is built at present (and I don't much like it, but that's another story).
The second problem is one that I have attempted to address. Each installation of PDroid Manager will generate a 'digital signing key', and any backup you create will be signed with this key. When you attempt to restore the backup, the signature is checked to ensure the backup (or signature) has not been modified. If the signature doesn't match, you are warned and given the opportunity to restore anyway. You cannot export this signing key, because exporting that key to your external storage would make it accessible to other programs, and with it they could re-sign your backups to make it appear that they had not been modified. This means if you uninstall and reinstall PDroid Manager, you will get 'invalid signature' warnings on all the backups made from previous installations. If you don't want this to happen, I recommend downloading and using Titanium Backup - it will store the encryption key (although on external storage, which itself could be a security risk). Thus, unless you uninstall and reinstall your PDroid Manager installation, the app will verify that backups have valid signatures before restoring them. Mind you, a root app could steal the signing key. As is always stated, for root apps it is all up for grabs.
I have a great suggestion! How should I get it to you?
First, keep in mind that there are various degrees of detail which can be provided with suggestions, such as:
A suggestion of a feature which could be included
A description of how the feature should work (e.g. user cases: list XYZ, then user presses N, dialog P opens, etc.)
Storyboards or images of what the feature could look like (even if it just a box diagram done in Powerpoint or something).
A suggestion of an app which implements a similar behaviour that could be used as a reference for implementation
A bit of example code
Suggestions of new features are excellent, and some suggestions need less description than others - e.g. "add a help button to each setting" needs less description than "add the ability to filter by the 'trust' state of the app" (although in both cases, interface diagrams could be helpful: e.g. should the help button go to the left or right of the text label for the setting?)
You don't have to provide all of these details, and indeed even if you do provide some details I may not actually use them (e.g. if your suggested images were very inconsistent with the Android UI idioms, or the rest of the app). You can certainly make suggestions that are quite simple: e.g. I would like to be able to apply settings to multiple apps at once, or I would like to be able to filter by individual settings rather than groups of settings (although the latter would be a good candidate for interface suggestions too). If you are suggesting complex features, though, some suggestion of how the interface should work could be handy too - even if I don't use the suggestions as such, they can be very useful for giving me different perspectives.
If you have a suggestion then please describe clearly the suggested feature, interface or behaviour change, or whatever your suggestion it may be. If it requires a new UI screen, or a change to an existing one, descriptions of how it should work, drawings or imagery (or pointing to another app) are very welcome.
In order of 'most desirable' to 'least desirable' (from my perspective) I suggest:
Post the suggestion to my github
Post the suggestion on this thread
PM me (this is low on the list because if I get a flooded PM box it will be hard to find anything).
Finally, remember nothing says "I'd love this feature to be in the app" like a patch to implement it
Can I contribute a translation?
Absolutely! I welcome translations! The process for doing a translation will depend on whether you have a github account or not.
Currently we have translations being contributed for:
English
French (jpeg729 and patrickpr)
German (TamCore)
Hungarian: appelsson
Russian (Beasty)
If you have a Github account
You can fork the PDroid Manager project, and create a "values-xx" directory for the relevant language (e.g. values-de for German). Into that directory, you will need to copy:
Files containing text displayed to the user are:
access_notification_text.xml, which is the text for notification messages provided to the user when an app attempts to accesses a particular type of data.
arrays.xml, which currently contains the text of the drop-down lists used for filtering, and the 'Untrusted, Trusted, No Settings' text displayed.
settings_strings.xml, which contains the text descriptions of each setting, and the associated help text. (I have *just* pushed an update to github for this file, so if you want to translate it make sure you do a pull).
strings.xml, which contains the 'general' strings used in the app.
Once you have created those files, you can commit them, and then create a 'pull request' so I know they are ready to be integrated. I'll then integrate them.
If you don't have a github account
You will need to download the four files linked above, and translate the strings in them. Once you have done that, post to this thread with the files attached.
Remember:Keep in mind that if you have the files sitting around for a while in a partially translated state, they could change in development! When doing translations, make sure you have the latest version from the server. If you find that the strings etc have changed on the server, and you have done a partial translation, you can use a tool like WinMerge to merge the new changes into your file without a lot of work.
Also, if you are creating translation files, please include yourself as an @author in the header to the file, or nominate the details you would like to have recorded against your authorship. Also note that basically the entire app is under a GPL license, and I will only accept material which is licensed under a GPL or BSD license, to make sure that people are free to copy and edit the code as they see fit.
What do you have planned next?
Fix bugs
Add a 'preferences' and 'info' screen to check PDroid core/framework version, etc mostly done
Add help to the individual settings, so users can understand what they mean DONE!
Add the ability to view log and delete logs
Add the ability to create 'profiles' - i.e. pre-configured groups of settings, which can then be applied to an app
Add batch processing, so profiles can be applied to multiple apps in a single action Released in 0.9.3
Add filtering of apps by individual settings, not just by 'setting group'.
Add filtering of apps by setting state (i.e. trusted, untrusted, no settings)
If you want you can give it a go. Read the source. Have fun. Just don't complain that you haven't been warned about it being buggy.
2013-01-15 v0.2.9.9 ALPHA
Changes
Added support for 4.2.1 - not that it stopped you installing it anyway, but for Google Play it mattered =)
Added Spanish support, thanks to alceasan.
2013-01-12 v0.2.9.8 ALPHA
Changes
Fixed a force-close affecting everyone as a result of a corrupted APK. Sorry about that, all!
2013-01-12 v0.2.9.7 ALPHA
Changes
Added Hungarian language support thanks to appelsson.
Updated French language support thanks to jpeg729.
Fixed (I think) a bug in which the app crashed when an installed app does not have an icon.
2012-12-15 v0.2.9.5 ALPHA
Changes
Theoretically fixed a bug which I was unable to reproduce (but I think I know why) which caused a crash rather than a friendly message when a user attempted to run PDroid Manager without the PDroid core installed.
CHANGE LOG
2012-12-15: v0.2.9.4 ALPHA
Changes
Added detection of whether necessary permissions to write to the PDroid core were present, and provide a friendly message if they are not. (These permissions are absent if PDroid 2.0 App is installed before PDroid Manager, not uninstalled before PDroid Manager is installed, and the two packages have not been re-signed with the same key).
Otherwise, this version is identical to v.0.2.9.3. It was just added because I saw some crashes due to PDroid 2.0 App being installed with Google Play users.
2012-12-14: v0.2.9.3 ALPHA
Changes
The main stand-out of this release is batch processing: further details about that are after the list.
Instead of crashing if you don't have PDroid installed, it will now give you a message telling you that you need to install it.
Batch processing: you can now select a bunch of apps, and change their settings. Long-press on an app to enter selection mode, touch other apps to select or deselect them, then use the action bar options to choose what to do.
Added a 'purge settings' option to preferences. This deletes all settings for all apps.
Changing language now triggers a restart of the app (after prompting the user) to immediately switch language
Restructured the filtering interface to work better on smaller devices, and generally look nicer.
Info/help buttons for settings only appear on larger devices now (due to screen real-estate issues). Clicking on the name of the setting will display the help on smaller devices.
Performance improvements
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing). Still.
I think there is still something funny going on with the 'trust' indicator after you save an app, but that may be a new issue. Still.
App names in the application list don't get reloaded when the phone locale changes, which means they stay in the old language until manually refreshed. I'm no longer going to call this an issue, because it is handled by the OS.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
Key points about batch processing:
When you select some apps and choose 'custom settings', only the settings relevant to the apps will be displayed (unless you choose 25+ apps; then it was too slow to work out which ones were relevant).
Only those settings you select new values for will be changed. Those with no pressed buttons will be left alone.
You can 'deselect' a button in batch mode by pressing it again (effectively clearing that setting row, so it will not be changed).
Batch processing can be a bit slow, but unfortunately that is a consequence of the Privacy service to which PDroid Manager connects. I have modified this service to improve performance, but I'm still testing the changes so the app does not require those modifications.
You can't avoid overriding the 'logging' and 'notification' settings when doing batch processing at this stage. I will resolve this soon.
2012-12-07: v0.2.8 ALPHA
This is a minor update: It provides an updated German translation from TamCore, and
Changes
Updated German translation from TamCore,
fixes the Application List scrolling back to the top when you open details for an application, thus losing your place.
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing). Still.
The app will probably crash if PDroid is not installed. Still.
I think there is still something funny going on with the 'trust' indicator after you save an app, but that may be a new issue. Still.
App names in the application list don't get reloaded when the phone locale changes, which means they stay in the old language until manually refreshed. Still.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
2012-12-03: v0.2.7 ALPHA
A couple of new features in this one, and returning to just one version (rather than multilingual and English). The backup and restore features are shiny and new, and *should* work, but be cautious when using them. I've tried them out quite a bit, with custom settings etc, but there could be bugs there that will cook all your PDroid settings. If you find one, please, please report it (see the section on reporting bugs).
Changes
Added a 'preferences' screen, with 'About' box, 'Credits', and a link to this thread
Added language selection (i.e. overriding phone language), again in the preferences screen. Note that for the language to change, you need to force-close and restart PDroid Manager after switching languages. I'm looking at how to resolve this.
Added backup and restore of settings. This requires access to your external storage, hence the new permission. I will be adding supporting code at some stage to allow a separate version without backup and restore to be easily generated for those who are uncomfortable with SDcard access by the app. You can read more details about the backup approach in the Why does it need permission to access my SDCard? and Isn't doing backups to the external storage really insecure? Couldn't another program edit my backups? sections.
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing). Still.
The app will probably crash if PDroid is not installed. Still.
I think there is still something funny going on with the 'trust' indicator after you save an app, but that may be a new issue. Still.
App names in the application list don't get reloaded when the phone locale changes, which means they stay in the old language until manually refreshed. Still.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
2012-11-30: v0.2.6 ALPHA
This release has two versions: Forced English (PDroid_Manager_0.2.6_en) and multilingual (PDroid_Manager_0.2.6_multilingual). The multilingual will automatically use the language matching the phone where possible. The 'en' version uses the exact code I intend to apply to allow users to override the automatic language selection. Basically, this is the same as having a button to force the app to always use English, except the button isn't on the user interface and is always pressed. If you find this isn't always showing English, please let me know so I can fix it.
Changes
Incorporated updated help text (fine work by wbedard, to which I made minor edits. Thus, errors are probably mine not wbedards).
Added German translation (thanks to TamCore) and French translation (thanks to patrickpr on GitHub; note I removed a few words from the translations because the English help text changed, so may have introduced gramattical errors into patrick's French).
Added automatic language data re-loading. To optimise speed, some language-specific text is stored in the database. To make sure that stays up to date, the App will check if the language has changed, and regenerate that database data if it has. If this doesn't happen for you, and the interface stays in English when you switch your phone to German, etc, please report it..
Added different button sizes for 'large' vs 'non-large' devices. This means that buttons will appear larger on most 7-inch tablets (and maybe 10-inch tablets too; my 10-inch isn't working right now) than on phones.
Modified the code to use Android 'Fragments': hopefully, this will be invisible to users at this stage; however, in future it will allow easier development of a multi-panel tablet interface. This is a pretty major change, so may have introduced bugs. Sorry.
Updated notification bar icon to match Google's style guide.
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing). I will fix this soon, honestly.
The app will probably crash if PDroid is not installed.
I think there is still something funny going on with the 'trust' indicator after you save an app, but that may be a new issue.
App names in the application list don't get reloaded when the phone locale changes, which means they stay in the old language until manually refreshed. I'm undecided as to whether to I consider this a bug or not. Feedback (or patch to fix it) welcome.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
2012-11-25: v0.2.3 ALPHA
Changes
Added improved text for the access notifications
Added a help button for each setting with a summary of what the setting does (I know it is ugly, and I plan to fix that soon).
The application list status indicator should now work under all normal circumstances
Dialogs have been added when loading, saving etc. to avoid interactions that could cause crashes
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing).
The app will probably crash if PDroid is not installed.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
2012-11-19: v0.2.2 ALPHA
Changes
Re-added some debug logging (but still much less than was there originally).
Added the ability to delete privacy settings from an app, both in the application settings detail screen, and on the long-press menu on the application list.
The application list status indicator (i.e. trusted, untrusted, no settings) now updates after the long-press menu is used, or the settings are changes in the detail display
An 'all' option has been edited when filtering by the type of settings (e.g. messaging, media, etc).
Known bugs
The trusted/untrusted is sometimes incorrect - 'trusted' apps may appear as 'untrusted'.
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing).
The app will probably crash if PDroid is not installed.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
2012-11-16, later: v0.2.1 ALPHA
Removed writing to the device log (so logcat will not be hideously large)
Contribution to PDroid Manager acknowledgements (in alphabetical order):
mateorod: testing assistance, great ideas, building Autopatcher.
patrickpr: French translation
TamCore: contributing Android.mk, markdown for tables in README.md which were unreadable, German translation
wbedard: textual descriptions of the individual settings
Still playing with the 2e version. I like what you have done with this a lot. Having an open source version will keep us from being in-between working versions, like we were between gingerbread and the auto-patcher release.
An open source alternative like this keeps that from ever happening again.
I had noticed that CollegeDev had not added preloaded-classes to his PDroid2.0 build patches, a potential security leak. Without any access to the source or even version control with the patches I didn't have much recourse to correct the issue. I was left to suggest it in his thread and hope for the best. While he never brought it up again, I did finally see that the suggested change was integrated, but it struck me that having version control for the patches would be for the best as well.
In the spirit of having the entire process open AND available, I have pushed repos for the updated original PDroid patches, worked on by pastime1971 with some help from me, and the PDroid2.0 build patches (which I call PDroidCorePatches) by CollegeDev (which are already open-source, just not available with version control AFAIK) pushed as well.
If CollegeDev or you update the build patches for 4.2, we can either use those repos or start new ones, if necessary. But I am more than willing to add read/write to both of you. Wbedard has ported the PDroidCore patches to AOSP, but I will wait and see if he wants to put up a repo first before adding a new one (or possiibly a aosp-4.1.2 branch).
My hope is that the move towards complete open-source could galvanize all of us who work on PDroid to work together instead of splitting our efforts...we'll see how that goes.
Anyway, great job! I will eventually push the entire history (gingerbread to today) but for right now only 4.1.2 is up.
Original PDroid
PdroidCore
If anyone who has been working with us on Pdroid wants push access, pm me. Anyone who wants to contribute that I don't know yet, submit a pull request and we'll get to know you.
I think having the patches be attached to the same repo as the Auto-patcher and smali patches makes sense, but I am open to suggestion.
FFU5y said:
It is GPL licensed (with additional attribution conditions)
Click to expand...
Click to collapse
dear OP,
i was under the impression that GPL2 did not allow additional obligations (like attributions) being added to the burden of the receivers of the licensed code. however, i think GPL3 made special provisions for some extra obligations in other common permissive free software licenses (manly attributions) to make them compatible with GPL3, so there are some attribution provisions in GPL3 i think.
an example of GPL2 ban on additional restrictions: GPL3 enforces further obligations on receivers, such as non-tivoization, and thus is itself incompatible with GPL2 for the previously stated reason.
could you please clarify the method you chose to extend GPL with attributions in this case? thank you!
Lanchon said:
dear OP,
i was under the impression that GPL2 did not allow additional obligations (like attributions) being added to the burden of the receivers of the licensed code. however, i think GPL3 made special provisions for some extra obligations in other common permissive free software licenses (manly attributions) to make them compatible with GPL3, so there are some attribution provisions in GPL3 i think.
an example of GPL2 ban on additional restrictions: GPL3 enforces further obligations on receivers, such as non-tivoization, and thus is itself incompatible with GPL2 for the previously stated reason.
could you please clarify the method you chose to extend GPL with attributions in this case? thank you!
Click to expand...
Click to collapse
The code is GPL3 licensed, and the additional attribution (and differentiation) requirement are under GPL3 Section 7 (b) and (c).
If there are specific contexts in which people would like to use the app that are excluded by GPL3, they are welcome to contact me about alternative licensing arrangements. Of course, as soon as others contribute GPL3-licenced code then that will get a lot more difficult, but right now that is an option.
I hope that answers your question, but if not let me know.
This is so absolutely awesome, thanks a lot FFU5y!
The filtering options for user/system apps and permission type are exactly what I needed. Further ideas would be:
search app by name
advanced filtering for a single specific permission, e.g. "start on boot"
batch operations: e.g. block network & gps location permissions for all apps
dbx4 said:
This is so absolutely awesome, thanks a lot FFU5y!
The filtering options for user/system apps and permission type are exactly what I needed. Further ideas would be:
search app by name
advanced filtering for a single specific permission, e.g. "start on boot"
batch operations: e.g. block network & gps location permissions for all apps
Click to expand...
Click to collapse
Cheers dbx - glad you're finding it useful.
These are good ideas (and indeed, I started on 'searching app by name' but de-prioritised it for release). I'll add them to my github issues list as enhancements (so they are listed somewhere centrally).
I'm not really sure at this stage how I'd go about implementing the filtering for a single specific permission, mainly because I'm not sure how to represent it in the user interface without cluttering it up.
One way may be to have a specific view for filtering by setting, which shows a list of settings, and then upon choosing a setting shows only the apps to which that setting relates (e.g. choosing 'GPS location' from the list of settings shows only those apps which have that as a valid setting - i.e. those with permission to access the GPS).
I'm afraid those features will probably take a little bit of time to develop, but hopefully you'll find the app useful in the meantime while I'm working on them.
Version 0.2.3 ALPHA has been relased:
CHANGE LOG
2012-11-25: v0.2.3 ALPHA
Changes
Added improved text for the access notifications
Added a help button for each setting with a summary of what the setting does (I know it is ugly, and I plan to fix that soon).
The application list status indicator should now work under all normal circumstances
Dialogs have been added when loading, saving etc. to avoid interactions that could cause crashes
Known bugs
When multiple apps are installed one after the other, the notification to update settings of previous installations is replaced (rather than additional icons appearing).
The app will probably crash if PDroid is not installed.
Also see my github list: https://github.com/wsot/pdroid-manager/issues
Hi, PDroid is a very important app, and I wanted to thank you for making an open source alternative with much more features.
Wish I was a dev, so I could help you more, but I will gladly test it the moment the autopatcher supports 4.2.
Sent from my GT-I9000 using xda app-developers app
Dr.69 said:
Hi, PDroid is a very important app, and I wanted to thank you for making an open source alternative with much more features.
Wish I was a dev, so I could help you more, but I will gladly test it the moment the autopatcher supports 4.2.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Cheers =)
I'm eager to give it a run on 4.2 as well, but I am aware that CollegeDev is working on a new release of the PDroid 2.0 Core and App, so I'm not going to try to port the core to 4.2 until the update is released (otherwise there may be a lot of re-working needed, and if CollegeDev is porting it already then I'd just be duplicating work).
In the meantime, I'm going to try to get some fixes and new features into PDroid Manager which can then hopefully move smoothly to the 4.2 version.
Hello, i'm using Permission pro to remove rights i don't want from program, do your program works the same way, or rights are removed by an other way ?
Also, some Gameloft games have managed to get their start at boot rights back, with every programs i used, i was never able to kick them, so this is somewhat important to know, for me, if it will fail the same way.
Don't know if it's possible to do, but people not using Jelly Beans cannot block notification from a program, amybe we could get it with PDroid manager ?
Magissia said:
Hello, i'm using Permission pro to remove rights i don't want from program, do your program works the same way, or rights are removed by an other way ?
Also, some Gameloft games have managed to get their start at boot rights back, with every programs i used, i was never able to kick them, so this is somewhat important to know, for me, if it will fail the same way.
Don't know if it's possible to do, but people not using Jelly Beans cannot block notification from a program, amybe we could get it with PDroid manager ?
Click to expand...
Click to collapse
The quick answer: PDroid and PDroid Manager do not block notifications from programs. In new version of Android, there is a feature to limit which applications can create notifications. If there are a lot of 'marketing' notifications you should report the app to Google (I think you can report it at the Play store) because they are starting to move against that kind of activity.
Anyway, continuing...
PDroid 2.0 (and PDroid Manager) work quite differently to permissions pro. First, PDroid 2.0 (which is the Android modification that PDroid Manager configures) requires a modification to be made to the ROM on the device. This allows for the Privacy Service to limit the access apps have to private information, even when they have Android permissions to access the information. The PDroid Manager App (or the alternative, PDroid 2.0 App) allows you to choose what private information is provided to what app.
So, in order to use PDroid Manager, you need:
A ROM patched to add the Privacy Servire, which you can achieve by either patching the source code yourself using the patches in the PDroid 2.0 thread and compiling the rom, or potentially by using mateorod and pastime's excellent autopatcher
PDroid Manager (or the PDroid 2.0 App) to configure
The advantages of PDroid over Permission pro is that with PDroid, the app still has the same Android permissions, but when the app requests data from the Android operating system the privacy service provides back blank or incorrect data. This means that rather than the app crashing, as often happens when its permissions are changed, it keeps running.
The main disadvantages of PDroid compared to Permission pro is that it requires changes to the Android frameworks, which means you need to be willing and able to modify your ROM in order to use PDroid. It is not 'easy', and it also means there is a delay before new Android version are supported because the patches for the framework need to be modified to support the updated framework.
I hope that helps.
Hello, thanks for your answer, on the autopatcher page, it's not clearly written if it will work on OEM's rom (but it's clearly written it won't on samsung/htc one)
I'm currently usng ASUS' stock rom and guevor's kernel, any chance to have it working ?
If the service reply false information, it's still able to block an app at boot ? to make it unable to start itself at boot ?
Magissia said:
Hello, thanks for your answer, on the autopatcher page, it's not clearly written if it will work on OEM's rom (but it's clearly written it won't on samsung/htc one)
I'm currently usng ASUS' stock rom and guevor's kernel, any chance to have it working ?
If the service reply false information, it's still able to block an app at boot ? to make it unable to start itself at boot ?
Click to expand...
Click to collapse
Autopatcher will probably not work on an OEM ROM at this stage, unfortunately. That is something mateorod has been working on, but I believe it is still a work in progress. You can give autopatcher a try nonetheless, though. If it can't patch it, it will tell you. Also, if you search around the forums for your device, you may find someone has created special patches just for that device.
If you can get the ROM modded to include PDroid, then one of the features allows you to prevent an app being notified of when the device finishes booting. For those games, that means they would not be started when the device finished booting. However, it is possible that they may use a range of other ways to make sure they start which PDroid doesn't affect.
Probably the best way to deal with these types of problem apps is to use a tool that can 'freeze' the apps, and then just 'unfreeze' them when you want to use them. If they are giving you notification bar spam, you should definitely consider reporting them at the play store, too. Notification bar spam is against Google's current policies for the Play store.
Sorry I can't give you better news - patching of already-compiled OEM ROMs is not my focus area.
Hello, i already reported gameloft for their notification ads, and a video game doesn't need to be notified of system's start. Fact are they are "super dev" in play store and i doubt google will do anything.
PDroid seems more complete than Permission Pro, to make programs unable to acces data.
So, if i understand correctly, when i refuse a right to a program, the service will give blank information instaed of letting it see the real information. Does it have a big impact on the performances ?
I wouldn't mind switching rom, but it seems that no rom is able to install and keep all the data/configuration, means you have to use the custom rom since start or you're stuck if you want to keep things.
Edit : Seems Pdroid 2 is for 4.1.2+, my device use 4.0.3, will keep this thread bookmarked and will come back once i'll have enough courage to switch rom (since ASUS won't let us get the update anyway)
Hy!
enough if I flash in recovery the my ROM's update zip?
root required ? :fingers-crossed:
hmm
it looks like it works.
Thanks.
ROM:cm10 Flinny 129.
is possible into other languages translate?
acultr said:
is possible into other languages translate?
Click to expand...
Click to collapse
It's easy. Translate this file and open a pull request or attach it here.
Hello all! I'm sure most of you are familiar with Google Play Services, the base of Google's Android framework and the brains behind all the Google things you do on your phone. Less of you, however, might also know that Play Services is notorious for being a beast of an application that no one truly knows the function of.
Below here is a rough explanation of Play Services from what I know about it. You can skip this if you already know and move on to the bread and butter of this post.
Play Services is proprietary software, meaning that its source code is not available to the public. All of Google's apps are proprietary like this as well. While developers like Chainfire have legitimate reasons to close off their app source code so others don't steal it, and so does Google, it is extra worrying from a company that makes a profit off of collecting userdata. Many people, including me, do not trust Google with our data, so we try to avoid their products as much as possible.
I thought that it would be nice to create a megathread of sorts with various users' suggestions on how to subvert the constant surveillance of Play Services, while also attempting to maintain the useful functionality of it. Below are some of the primary methods that I have thought of, and that I and some others have tried:
LineageOS/CyanogenMod Privacy Guard - If you are using LineageOS or any derivative thereof, you can go to Privacy Guard and deny certain permissions from Play Services. I and another user have denied permissions from Play Services without side effects, but your mileage may vary. @javelinanddart said on Reddit that Privacy Guard does indeed block permissions from Play Services and other system apps, so rest assured that Privacy Guard actually does something rather than being a placebo.
XPrivacyLua - This is an Xposed module that feeds false data to apps rather than blocking it entirely. I haven't tried this method myself, but the XDA post I linked above reports that XPrivacyLua works, even in tandem with Privacy Guard.
microG - microG is an open-source alternative to Play Services. It emulates many key functions of Play Services - push notifications, location services, etc - without the data collection running alongside such functionality. To clarify, this is a full replacement for Play Services, so you would flash a microG package instead of a GApps package. There are lots of bugs, though, even admitted by the developer. If you want to learn more, I suggest you visit the XDA thread for it, or view the implementation progress for various pieces of functionality.
There is nothing else that I know of, so if anybody knows of another viable method or can provide their own experiences with the above ones, your contributions would be appreciated by me and the rest of the privacy community.
Thanks for thread.
My only reason to use custom ROM is because they are GApps-free. In nearly every other aspect stock ROMs are better. Phones without good custom ROM I simply setup without Google account and install f-droid and yalp stores.
Another idea:
Imagine: Google is not as evil as we think: there are many privacy related settings in your Google account. You can login with a web browser and try through all these settings - and hope.
Device is a Samsung i9305 with RR-N-v5.8.5-final, Magisk v16.0, XPosed, XPrivacyLua, microG (via NanoDroid). No genuine Google services; Google Play Store is the one and only Google application installed.
I hope it suits into this thread (thanks very much for creating it!), and I'd like to share my settings. Please refer to the screenshots; I think it's self-explaining where they where taken from.
Actually no restrictions to microG, only to Play Store.
Remarks: µG has no restrictions in the firewall (AFWall+ Donation Beta); Play Store only granted internet access via WiFi and VPN. Just for completeness; running a RaspberryPi in the home network with Pi-Hole installed and acting as the DNS-server in the network. Unless using the home network i.e. using a foreign WiFi network or mobile data, ALWAYS establishing my own secure VPN to my RaspberryPi (with PiVPN installed) via OpenVPN and again the Pi acting as the DNS-server. If interested in further details please refer to this thread.
Thanks for this.
I was considering asking for a forum section here devoted to privacy, but it doesn't seem like a popular subject here. (After all, most of the people who have already picked the most snoopery OS in the world could be assumed to be not particularly worried about privacy. ? )
I come from a different motivation: the hope that by using a somewhat hackable OS, one can theoretically modify it in ways to achieve one's objectives, including privacy. But the last few years have made it rather clear that the Big G is working determinedly to foil such efforts.
Lately that seems to take the form of pushing more and more essential services into the Gplay frameworks, and deprecating perfectly working things like GCM in favor of intertwining it with Firebase, which may saddle us with that analytics data vacuum in order to get another essential service, push notifications.
Re: revoking permissions from Gplay frameworks, I feel like Google's determination to get their hands on data by hook or by crook (eg their ignoring of user preferences to disable various radios and enabling them in the background anyway, to track location and such) means they will quite possibly circumvent these preferences at some point as well.
As I mentioned in another thread I've experienced various problems in the past when I tried to aggressively restrict perms on the Gplay services using CM/LOS Privacy Guard, but perhaps some of that came from choosing interactive restriction prompts rather than blanket revoking. I do know that so many essential services are tied-into the Gplay frameworks these days that blocking tons of perms will inevitably cause breakage of some things depending how you use your device.
Jrhotrod said:
...
There is nothing else that I know of, so if anybody knows of another viable method or can provide their own experiences with the above ones, your contributions would be appreciated by me and the rest of the privacy community.
Click to expand...
Click to collapse
Due to your request above, please allow me to draw your attention to two threads by me. In these threads I tried about one and a half year ago to initially capture but also to update how I believe to have enhanced the battery duration, privacy and security of my GT-i9305 and how I went for a GApps-free device with microG.
Over the time until today, some of the described implementations, applications and measures became absolete or were replaced by others (e.g. using NanoDroid - or Nanomod as it was called in the beginning, since it has come out). Some changes occured due to the step from Marshmellow to Nougat or the non-availabilty of the official Xposed framework for Nougat in the very beginning. However, over all the time I've tried to maintain both threads updated and amended but currently not to much occuring on that frontline, probably because I've received a privacy status on our devices that obviously satisfies me in my personal opinion.
Oswald Boelcke said:
Due to your request above, please allow me to draw your attention to two threads by me. In these threads I tried about one and a half year ago to initially capture but also to update how I believe to have enhanced the battery duration, privacy and security of my GT-i9305 and how I went for a GApps-free device with microG.
Over the time until today, some of the described implementations, applications and measures became absolete or were replaced by others (e.g. using NanoDroid - or Nanomod as it was called in the beginning, since it has come out). Some changes occured due to the step from Marshmellow to Nougat or the non-availabilty of the official Xposed framework for Nougat in the very beginning. However, over all the time I've tried to maintain both threads updated and amended but currently not to much occuring on that frontline, probably because I've received a privacy status on our devices that obviously satisfies me in my personal opinion.
Click to expand...
Click to collapse
Wow, this is really great! Very high-quality thread.
Will add to OP later today
I apologise for the double post (original in my thread here) but I guess it also suits in this thread.
Found the below quoted post by @jawz101 in the XPrivacyLua thread here. Pretty interesting, and therefore I like to share:
Looking around on Data Transparency Lab website http://datatransparencylab.org/ - they fund grants for research in privacy stuff.
...I found an app called AntMonitor, an academic research project that does a MITM SSL cert + local VPN to look at sensitive traffic - even that which is encrypted. https://play.google.com/store/apps/d...it2.anteatermo
Anyways, it shows some apps trying to send my gps coordinates even though it doesn't have Android permission. Like, my coordinates are actually attempting to be sent encrypted to a destination. XPrivacyLUA doesn't trigger so I can only assume they grab my coordinates in a way that circumvents the traditional Android permission model.
To test, just try the app and open a few apps. I think it's apps with the Facebook graph API that is maybe doing it.
If you like ANTMonitor another app that does an SSL cert+ VPN is Lumen Privacy Monitor- a project by Berkely, but it doesn't seem to detect raw coordinates like ANTMonitor does.
Click to expand...
Click to collapse
However, I suggest to also follow the discussion/conversation between jawz101 and M66B, which has developed after this post.
Oswald Boelcke said:
Found the below quoted post by @jawz101 in the XPrivacyLua thread here. Pretty interesting, and therefore I like to share:
However, I suggest to also follow the discussion/conversation between jawz101 and M66B, which has developed after this post.
Click to expand...
Click to collapse
This is certainly an important discovery, thanks for the news.
Now for the sidenote that's 10x longer than the main comment. ?
One of the key issues I have with the various "privacy tools" is trying to figure out whether or not I trust all these entities that produce these diagnostic things to not be a solution worse than the problem when it comes to possessing and safeguarding my sensitive personal data.
It's getting to the point where I'm no longer enamored of giving *anyone* access to such stuff if I can help it, no matter *who* they are.
Even if they're not lying about their intentions and their commitment to security/privacy, there are still matters like carelessness/incompetence and targeted attacks to worry about.
@Exabyter: You're statement and expressed concerns are abolutely correct. Nothing to add except that I wouldn't limit it to "privacy tools" but especially include all applications that require root (and get it granted by the user) or all Magisk and Xposed modules. The latter should definitely concern.
My personal decision:
I'm not willing to trust anybody from the very beginning but I'm willing to trust single persons, groups or agencies. I've developed my own, private criteria, to which I stick but I've also admit the final decision isn't always based on rationality but also a lot on my feeling (in my stomage).
I don't held any confidential data on my device but privacy related ones, and I don't use my device for any kind of banking, shopping or payments.
I consider to use tools, modules and applications if their functionality rests within my defined specifications for the use of my device. Then I go for "the shopping tour" while I try to look into the details of the tools under closer examination, which includes where is it from, who's the developer etc.
I'll continue with the measures already described in one of my threads.
Oswald - I think we have largely similar stances on such things. In my case I will sometimes sway towards the pragmatic over the pedantic when the pedantic involves so many inconveniences that the tech becomes more of a burden than a help to me.
For example, I really don't like the idea of 3rd-parties keeping data pertaining to my daily geographic movements, but I also use several tools and services that by their nature rely on location data which could in some cases end up in the hands of parties I'd rather didn't have access to it. So I have to regularly weigh the apparent cost/benefit of such services and there are certainly some of them which have a high enough value to me that I willingly lower my default "protection level" in order to keep the other benefits of such tools/services.
Certainly microG is an important tool in that toolchest as it has a major disruptive impact on some of the most common ways Google and other parties snoop on users. But some of its imperfections also threaten to keep me from my ultimate goal of carrying a single phone which performs all the tasks I need to accomplish with it without undermining my privacy in a major way. (And ultimately, my freedom and agency as a citizen in a nominally and allegedly "free and democratic society", which is the actual "big picture" problem with privacy incursions in general IMHO)
I have spent several years now, with varying degrees of effort and success, trying to come up with a hardware/software solution to this problem, and I've never reached a point where I'm fully satisfied with the results. The fact that I am still carrying several mobile devices with me everyday is proof enough that I haven't achieved my objective in this regard and it gets tiring. As does all the time spent on venues such as XDA, researching, discussing and keeping-up with all the relevant issues, not to mention the large amount of time spent tinkering with HW/SW in order to keep all the special measures working. (And after we finally get things working more or less the way we want, we are faced with the particularly customized hardware wearing out, becoming unsupported, 3rd-party ROM and other compatible and necessary software being abandoned/deprecated, and so on and so forth.)
Truth to tell I'm a bit bitter about the amount of time/energy I have to spend to achieve something which should have been part of the mobile platforms in the first place. The current de-facto mobile platform duopoly certainly doesn't help matters.
---------- Post added at 03:39 PM ---------- Previous post was at 02:57 PM ----------
Now that I've gotten that philosophical rant out of the way ? ...
So as far as technical specifics:
microG of course is a big help as it either neuters or removes many troublesome anti-privacy vectors. For example, at the present time it does not support Firebase Analytics at all, which means (as far as I can tell) any app that expects to get telemetry on users via Firebase Analytics will not get anything if the app user's device is Gapps-free and using microG instead. (It remains to be seen if adding Firebase Cloud Messaging capability to microG will negate this presumed benefit. Cynics like myself are inclined to think one of Google's key objectives in deprecating Google Cloud Messaging and rolling push notification frameworks into Firebase instead was specifically to undermine the ability of users to avoid/circumvent Firebase Analytics)
XprivacyLUA looks interesting and is on my list to test. I found its predecessor Xprivacy to be an extremely tedious and labor-intensive option so I never seriously pursued it after my initial testing.
There are various tools I find handy to help get a sense of how dangerous certain apps may be to privacy. Here are a few:
AppBrain Ad Detector
https://play.google.com/store/apps/details?id=com.appspot.swisscodemonkeys.detector
Addons Detector
https://play.google.com/store/apps/details?id=com.denper.addonsdetector
Checkey (also on f-droid)
https://play.google.com/store/apps/details?id=info.guardianproject.checkey
Applications Info (also on f-droid)
https://play.google.com/store/apps/details?id=com.majeur.applicationsinfo
Permission Friendly Apps
https://play.google.com/store/apps/details?id=org.androidsoft.app.permission
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Features overviewGrapheneOS is a private and secure mobile operating system with great functionality and usability. It starts from the strong baseline of the Android Open Source Project (AOSP) and takes great care to avoid increasing attack surface or hurting the strong security model. GrapheneOS makes substantial improvements to both privacy and security through many carefully designed features built to function against real adversaries. The project cares a lot about usability and app compatibility so those are taken into account for all of our features.
GrapheneOS is focused on substance rather than branding and marketing. It doesn't take the typical approach of piling on a bunch of insecure features depending on the adversaries not knowing about them and regressing actual privacy/security. It's a very technical project building privacy and security into the OS rather than including assorted unhelpful frills or bundling subjective third party apps choices.
GrapheneOS is also hard at work on filling in gaps from not bundling Google apps and services into the OS. We aren't against users using Google services but it doesn't belong integrated into the OS in an invasive way. GrapheneOS won't take the shortcut of simply bundling a very incomplete and poorly secured third party reimplementation of Google services into the OS. That wouldn't ever be something users could rely upon. It will also always be chasing a moving target while offering poorer security than the real thing if the focus is on simply getting things working without great care for doing it robustly and securely.
This page provides an overview of currently implemented features differentiating GrapheneOS from AOSP. It doesn't document our many historical features that are no longer included for one reason or another. Many of our features were implemented in AOSP, Linux, LLVM and other projects GrapheneOS is based on and those aren't listed here. In many cases, we've been involved in getting those features implemented in core infrastructure projects.
GrapheneOS
Partial list of GrapheneOS features beyond what AOSP 12 provides:
Hardened app runtime
Stronger app sandbox
Hardened libc providing defenses against the most common classes of vulnerabilities (memory corruption)
Our own hardened malloc (memory allocator) leveraging modern hardware capabilities to provide substantial defenses against the most common classes of vulnerabilities (heap memory corruption) along with reducing the lifetime of sensitive data in memory. The hardened_malloc README has extensive documentation on it. The hardened_malloc project is portable to other Linux-based operating systems and is being adopted by other security-focused operating systems like Whonix. Our allocator also heavily influenced the design of the next-generation musl malloc implementationwhich offers substantially better security than musl's previous malloc while still having minimal memory usage and code size.
Fully out-of-line metadata with protection from corruption, ruling out traditional allocator exploitation
Separate memory regions for metadata, large allocations and each slab allocation size class with high entropy random bases and no address space reuse between the different regions
Deterministic detection of any invalid free
Zero-on-free with detection of write-after-free via checking that memory is still zeroed before handing it out again
Delayed reuse of address space and memory allocations through the combination of deterministic and randomized quarantines to mitigate use-after-free vulnerabilities
Fine-grained randomization
Aggressive consistency checks
Memory protected guard regions around allocations larger than 16k with randomization of guard region sizes for 128k and above
Allocations smaller than 16k have guard regions around each of the slabs containing allocations (for example, 16 byte allocations are in 4096 byte slabs with 4096 byte guard regions before and after)
Random canaries with a leading zero are added to these smaller allocations to block C string overflows, absorb small overflows and detect linear overflows or other heap corruption when the canary value is checked (primarily on free)
Hardened compiler toolchain
Hardened kernel
Support for dynamically loaded kernel modules is disabled and the minimal set of modules for the device model are built into the kernel to substantially improve the granularity of Control Flow Integrity (CFI) and reduce attack surface.
4-level page tables are enabled on arm64 to provide a much larger address space (48-bit instead of 39-bit) with significantly higher entropy Address Space Layout Randomization (33-bit instead of 24-bit).
Random canaries with a leading zero are added to the kernel heap (slub) to block C string overflows, absorb small overflows and detect linear overflows or other heap corruption when the canary value is checked (on free, copies to/from userspace, etc.).
Memory is wiped (zeroed) as soon as it's released in both the low-level kernel page allocator and higher level kernel heap allocator (slub). This substantially reduces the lifetime of sensitive data in memory, mitigates use-after-free vulnerabilities and makes most uninitialized data usage vulnerabilities harmless. Without our changes, memory that's released retains data indefinitely until the memory is handed out for other uses and gets partially or fully overwritten by new data.
Kernel stack allocations are zeroed to make most uninitialized data usage vulnerabilities harmless.
Assorted attack surface reduction through disabling features or setting up infrastructure to dynamically enable/disable them only as needed (perf, ptrace).
Assorted upstream hardening features are enabled, including many which we played a part in developing and landing upstream as part of our linux-hardened project (which we intend to revive as a more active project again).
Prevention of dynamic native code execution in-memory or via the filesystem for the base OS without going via the package manager, etc.
Filesystem access hardening
Enhanced verified boot with better security properties and reduced attack surface
Enhanced hardware-based attestation with more precise version information
Eliminates remaining holes for apps to access hardware-based identifiers
Greatly reduced remote, local and proximity-based attack surface by stripping out unnecessary code, making more features optional and disabling optional features by default (NFC, Bluetooth, etc.), when the screen is locked (connecting new USB peripherals, camera access) and optionally after a timeout (Bluetooth, Wi-Fi)
Option to disable native debugging (ptrace) to reduce local attack surface (still enabled by default for compatibility)
Low-level improvements to the filesystem-based full disk encryption used on modern Android
Support for logging out of user profiles without needing a device manager: makes them inactive so that they can't continue running code while using another profile and purges the disk encryption keys (which are per-profile) from memory and hardware registers
Option to enable automatically rebooting the device when no profile has been unlocked for the configured time period to put the device fully at rest again.
Improved user visibility into persistent firmware security through version and configuration verification with reporting of inconsistencies and debug features being enabled.
Support longer passwords by default (64 characters) without a device manager
Stricter implementation of the optional fingerprint unlock feature permitting only 5 attempts rather than 20 before permanent lockout (our recommendation is still keeping sensitive data in user profiles without fingerprint unlock)
Support for using the fingerprint scanner only for authentication in apps and unlocking hardware keystore keys by toggling off support for unlocking.
PIN scrambling option
LTE-only mode to reduce cellular radio attack surface by disabling enormous amounts of legacy code
Per-connection MAC randomization option (enabled by default) as a more private option than the standard persistent per-network random MAC.
When the per-connection MAC randomization added by GrapheneOS is being used, DHCP client state is flushed before reconnecting to a network to avoid revealing that it's likely the same device as before.
Improved IPv6 privacy addresses to prevent tracking across networks
Vanadium: hardened WebView and default browser — the WebView is what most other apps use to handle web content, so you benefit from Vanadium in many apps even if you choose another browser
Hardware-based security verification and monitoring: the Auditor app app and attestation service provide strong hardware-based verification of the authenticity and integrity of the firmware/software on the device. A strong pairing-based approach is used which also provides verification of the device's identity based on the hardware backed key generated for each pairing. Software-based checks are layered on top with trust securely chained from the hardware. For more details, see the about page and tutorial.
PDF Viewer: sandboxed, hardened PDF viewer using HiDPI rendering with pinch to zoom, text selection, etc.
Encrypted backups via integration of the Seedvault app with support for local backups and any cloud storage provider with a storage provider app
Secure application spawning system avoiding sharing address space layout and other secrets across applications
Network permission toggle for disallowing both direct and indirect access to any of the available networks. The device-local network (localhost) is also guarded by this permission, which is important for preventing apps from using it to communicate between profiles. Unlike a firewall-based implementation, the Network permission toggle prevents apps from using the network via APIs provided by the OS or other apps in the same profile as long as they're marked appropriately.
The standard INTERNET permission used as the basis for the Network permission toggle is enhanced with a second layer of enforcement and proper support for granting/revoking it on a per-profile basis.
Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. To avoid breaking compatibility with Android apps, the added permission is enabled by default.
Authenticated encryption for network time updates via a first party server to prevent attackers from changing the time and enabling attacks based on bypassing certificate / key expiry, etc.
Proper support for disabling network time updates rather than just not using the results
Connectivity checks via a first party server with the option to revert to the standard checks (to blend in) or to fully disable them
Hardened local build / signing infrastructure
Seamless automatic OS update system that just works and stays out of the way in the background without disrupting device usage, with full support for the standard automatic rollback if the first boot of the updated OS fails
Require unlocking to access sensitive functionality via quick tiles
Minor changes to default settings to prefer privacy over small conveniences: personalized keyboard suggestions based on gathering input history are disabled by default, sensitive notifications are hidden on the lockscreen by default and passwords are hidden during entry by default
Minimal bundled apps and services. Only essential apps are integrated into the OS. We don't make partnerships with apps and services to bundle them into the OS. An app may be the best choice today and poor choice in the future. Our approach will be recommending certain apps during the initial setup, not hard-wiring them into the OS.
No Google apps and services. These can be used on GrapheneOS but only if they avoid requiring invasive OS integration. Building privileged support for Google services into the OS isn't something we're going to be doing, even if that's partially open source like microG.
Compatibility layer for coercing user installed Google Play services into running as sandboxed apps without any special privileges.
Fixes for multiple serious vulnerabilities not yet fixed upstream due to a flexible release cycle / process prioritizing security.
ServicesService infrastructure features:
Strict privacy and security practices for our infrastructure
Unnecessary logging is avoided and logs are automatically purged after 10 days
Services are hosted entirely via our own dedicated servers and virtual machines from OVH without involving any additional parties for CDNs, SaaS platforms, mirrors or other services
Our services are built with open technology stacks to avoid being locked in to any particular hosting provider or vendor
Open documentation on our infrastructure including listing out all of our services, guides on making similar setups, published configurations for each of our web services, etc.
No proprietary services
Authenticated encryption for all of our services
Strong cipher configurations for all of our services (SSH, TLS, etc.) with only modern AEAD ciphers providing forward secrecy
Our web sites do not include any third party content and entirely forbid it via strict Content Security Policy rules
Our web sites disable referrer headers to maximize privacy
Our web sites fully enable cross origin isolation and disable embedding in other content
DNSSEC implemented for all of our domains to provide a root of trust for encryption and authentication for domain/server configuration
DNS Certification Authority Authorization (CAA) records for all of our domains permitting only Let's Encrypt to issue certificates with fully integrated support for the experimental accounturi and validationmethods pinning our Let's Encrypt accounts as the only ones allowed to issue certificates
DANE TLSA records for pinning keys for all our TLS services
Our mail server enforces DNSSEC/DANE to provide authenticated encryption when sending mail including alert messages from the attestation service
SSHFP across all domains for pinning SSH keys
Static key pinning for our services in apps like Auditor
Our web services use robust OCSP stapling with Must-Staple
No persistent cookies or similar client-side state for anything other than login sessions, which are set up via SameSite=strict cookies and have server-side session tracking with the ability to log out of other sessions
scrypt-based password hashing (likely Argon2 when the available implementations are more mature)
ProjectBeyond the technical features of the OS:
Collaborative, open source project with a very active community and contributors
Can make your own builds and make desired changes, so you aren't stuck with the decisions made by the upstream project
Non-profit project avoiding conflicts of interest by keeping commercialization at a distance. Companies support the project rather than the project serving the needs of any particular company
Strong privacy policies across all our software and services
Proven track record of the team standing up against attempts to compromise the integrity of the project and placing it above personal gain
Click to expand...
Click to collapse
Installation Instruction and downloads
Dwonload for pixel 5 and other Releases
https://grapheneos.org/releases
GrapheneOS has two officially supported installation methods. You can either use the WebUSB-based installer recommended for most users or the command-line installation guide aimed at more technical users.
We strongly recommend using one of the official installation methods. Third party installation guides tend to be out-of-date and often contain misguided advice and errors.
If you have trouble with the installation process, ask for help on the official GrapheneOS chat channel. There are almost always people around willing to help with it. Before asking for help, make an attempt to follow the guide on your own and then ask for help with anything you get stuck on.
The command-line approach offers a way to install GrapheneOS without trusting our server infrastructure. This requires being on an OS with proper fastboot and signify packages along with understanding the process enough to avoid blindly trusting the instructions from our site. For most users, the web-based installation approach is no less secure and avoids needing any software beyond a browser with WebUSB support.
For those who wants google play store apps please watch this video, Its not recommended but i use it myself on this rom.
GrapheneOS - Full Post Install Setup Guide - Maximize Security and Privacy On Your Android Phone
Source code
https://github.com/GrapheneOS
https://github.com/GrapheneOS/kernel_google_redbull
https://github.com/GrapheneOS/device_google_redfin-kernel
https://github.com/GrapheneOS/device_google_redfin
Credits and Thanks
We would like to give thanks to everyone in the Android community, big or small.
That said, we would like to Thank all These Teams for their contribution to the Open Source Community. Special Thanks to Daniel Micay
MOD EDIT: This is an UnOfficial thread and isn't run by the GrapheneOS team
times out and doesn't flash "system"
jorgeccastro said:
times out and doesn't flash "system"
Click to expand...
Click to collapse
Follow the instructions properly it will flash I am using it right now.
What method did you use to flash the rom?
Use web installer it's easy.
I want to say thank you so much for all of the work on this ROM, it is awesome!
Has anybody gotten root to work on this? I tried patching the boot.img with Magisk, but after I flash the patched boot.img, the bootloader says it can't find a valid operating system?
jailbird2 said:
I want to say thank you so much for all of the work on this ROM, it is awesome!
Has anybody gotten root to work on this? I tried patching the boot.img with Magisk, but after I flash the patched boot.img, the bootloader says it can't find a valid operating system?
Click to expand...
Click to collapse
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.
SyntaxError said:
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.
Click to expand...
Click to collapse
Yep, I know. As the phone mainly stays connected in my vehicle, I was using a framework that allowed me to trigger actions when the charging power comes on (eg, vehicle is started) and goes away (vehicle is turned off). I was hoping to be able to keep that AND keep the extra security .
I completely understand though, thanks!
jailbird2 said:
Yep, I know. As the phone mainly stays connected in my vehicle, I was using a framework that allowed me to trigger actions when the charging power comes on (eg, vehicle is started) and goes away (vehicle is turned off). I was hoping to be able to keep that AND keep the extra security .
I completely understand though, thanks!
Click to expand...
Click to collapse
Aha well there are certain things we have to sacrifice lol for security sake.
SyntaxError said:
Follow the instructions properly it will flash I am using it right now.
What method did you use to flash the rom?
Use web installer it's easy.
Click to expand...
Click to collapse
oh ok, thanks for that info. i was using a screwdriver and hammer...
how to install google playstore
look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work
williejack619 said:
look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work
Click to expand...
Click to collapse
Sorry mate, GrapheneOS is not meant to have any Google framework stuff in it. If you need such and at the same time want more privacy you might want to have a look at CalyxOS, at least there is an option to include microG. Have fun.
williejack619 said:
look im going to be honest with you guys i use my phone as a daily driver and with out gapps its pointless to use this rom i need gapps to download my apps and to restore my info. and i all ready try to install gapps on this rom it doesnt work
Click to expand...
Click to collapse
you can install fdroid and from fdroid install https://f-droid.org/en/packages/com.aurora.store/ and you can have all play store apps without any account or you can sign in and still retain your privacy.
beggar23 said:
Sorry mate, GrapheneOS is not meant to have any Google framework stuff in it. If you need such and at the same time want more privacy you might want to have a look at CalyxOS, at least there is an option to include microG. Have fun.
Click to expand...
Click to collapse
They've documented how to install Google services:
GrapheneOS usage guide
Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
grapheneos.org
williejack619 said:
how to install google playstore
Click to expand...
Click to collapse
was this a troll?
xstrifey said:
was this a troll?
Click to expand...
Click to collapse
maybe lol
SyntaxError said:
The whole point of this rom is security haha so no root only pure security and bootloader will be locked if you followed the instructions.
Click to expand...
Click to collapse
The problem I have with not having root is that google backups suck. An example is google authenticator. It loses all settings and will force the user to redo every site where it was used for 2fa. I absolutely need the ability to restore my apps properly, and I currently use TitaniumBackup for that. I'm also playing around with 'Migrate', but both need root.
adamf663b said:
The problem I have with not having root is that google backups suck. An example is google authenticator. It loses all settings and will force the user to redo every site where it was used for 2fa. I absolutely need the ability to restore my apps properly, and I currently use TitaniumBackup for that. I'm also playing around with 'Migrate', but both need root.
Click to expand...
Click to collapse
I just don't understand why no one understands the meaning of privacy?
This rom is made for privacy and security without Google as in degoogled phone so no root access because the bootloader will be locked after flashing this rom.
And yes you can install play store apps my way or the official way and there is a link to that provided by @k0rner . And yes I understand backup and restoring from Google is a pain so just do a manual restore like I did if you want privacy and if you want root and Google services then this rom is not meant for you and to be used with Google services.
Can I change the aspect ratio to 16:9 in this custom rom?
works long press power turns flashlight on this rom ?
switcher said:
works long press power turns flashlight on this rom ?
Click to expand...
Click to collapse
No. It brings up the shutdown/reboot screen as seen in the stock image.