If I install some tweaks with root access and then block internet access of those tweaks. I think whatever possible risk these apps pose is neutralized by the fact that the stolen info (if any) will stay on the device and will not be transmitted to a remote server.
I worry about apps that require internet operation for their basic functionality in general (these apps are not necessarily or exclusively for rooted phones. Can be any app for Android, from Play store or a third party store). I do not block their internet access for obvious reasons as they do not work in that case. But I do not provide root access to them. So if I deny root access to these apps or if an app never prompts me for it, is it possible for these apps to stealthily obtain super user permission, reach and control the kernal, or see other apps data (sandbox breach)? A virus can do this even on unrooted phones. Will the root installed on a device will help a virus to circumvent superuser access protection even when the same is denied?
hellodrsoul said:
If I install some tweaks with root access and then block internet access of those tweaks. I think whatever possible risk these apps pose is neutralized by the fact that the stolen info (if any) will stay on the device and will not be transmitted to a remote server.
I worry about apps that require internet operation for their basic functionality in general (these apps are not necessarily or exclusively for rooted phones. Can be any app for Android, from Play store or a third party store). I do not block their internet access for obvious reasons as they do not work in that case. But I do not provide root access to them. So if I deny root access to these apps or if an app never prompts me for it, is it possible for these apps to stealthily obtain super user permission, reach and control the kernal, or see other apps data (sandbox breach)? A virus can do this even on unrooted phones. Will the root installed on a device will help a virus to circumvent superuser access protection even when the same is denied?
Click to expand...
Click to collapse
In order to answer this question fully, I would need to explain many things that you're probably not interested in. Understanding android as an ecosystem requires a decent understanding of Unix-like security concepts (such as UID and GID) as well, but I can maybe answer some questions regardless.
In order of importance, here is what you should check upon first to make sure the possibility of a Rootkit (what it's called) is slim to none:
SeLinux status should be enforcing ; why? Even if your device isn't rooted, malware could still spawn dangerous processes with elevated privileges (uid 0 or root) and install themselves. You can find out if your ROM is permissive or not by using the command getenforce after using su in a terminal app. If it returns Enforcing or 1 then you're good to go.
Make sure that the magisk manager app is from a legitimate source (github). Some malware/rootkits disguise themselves as magisk and inject malicious code in your system, rendering the whole grant/deny process useless.
Only grant root access to trusted apps.
Magisk has very strong checks in place to make sure all root access requests/operations are funneled through only the manager. Leaving what happens after you grant access up to User discretion. Which is why point 3 is important.
Slim K said:
In order to answer this question fully, I would need to explain many things that you're probably not interested in. Understanding android as an ecosystem requires a decent understanding of Unix-like security concepts (such as UID and GID) as well, but I can maybe answer some questions regardless.
In order of importance, here is what you should check upon first to make sure the possibility of a Rootkit (what it's called) is slim to none:
SeLinux status should be enforcing ; why? Even if your device isn't rooted, malware could still spawn dangerous processes with elevated privileges (uid 0 or root) and install themselves. You can find out if your ROM is permissive or not by using the command getenforce after using su in a terminal app. If it returns Enforcing or 1 then you're good to go.
Make sure that the magisk manager app is from a legitimate source (github). Some malware/rootkits disguise themselves as magisk and inject malicious code in your system, rendering the whole grant/deny process useless.
Only grant root access to trusted apps.
Magisk has very strong checks in place to make sure all root access requests/operations are funneled through only the manager. Leaving what happens after you grant access up to User discretion. Which is why point 3 is important.
Click to expand...
Click to collapse
Thank you for the reply and your insights. On my device;
1. SeLinux status is enforcing
2. Magisk is from the official gethub source.
3. Root access is granted to only 5 apps, all are reputable as for as I could ''investigate''
I have about 30 other regular apps (not requiring root) installed, most are from Play store but some are from Fdroid and some are moded apks (please don't judge me on it. I like trying apps before purchasing). The moded apks have no root access during the installed period as these are apps for nonrooted devices, apparently. I directly purchase apps that require root access.
Are there any loopholes in this setting? Do moded apks and apps from Fdroid (or other third-party sources) are as safe as on non-rooted devices? Or it is more injurious to use such apps on rooted devices than on non-rooted devices?
My POV: Any app what grants these dangerous runtime permissions - defined in app's AndroidManifest.xml -
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
can be considered to be a trojan.
Hence it's highly recommended to remove all apps with those permissions.
hellodrsoul said:
Thank you for the reply and your insights. On my device;
1. SeLinux status is enforcing
2. Magisk is from the official gethub source.
3. Root access is granted to only 5 apps, all are reputable as for as I could ''investigate''
I have about 30 other regular apps (not requiring root) installed, most are from Play store but some are from Fdroid and some are moded apks (please don't judge me on it. I like trying apps before purchasing). The moded apks have no root access during the installed period as these are apps for nonrooted devices, apparently. I directly purchase apps that require root access.
Are there any loopholes in this setting? Do moded apks and apps from Fdroid (or other third-party sources) are as safe as on non-rooted devices? Or it is more injurious to use such apps on rooted devices than on non-rooted devices?
Click to expand...
Click to collapse
After an App is installed, it will be granted all the requested permissions (dangerous or not) regardless of it being a root or non-root App. If you're afraid of the App making permanent damage to your phone, then you won't have to worry about that. If what concerns you is the theft of your data (contacts, media, banking details and such), then there are ways around that as well.
Android 5.0+ devices have a peculiar solution to that problem in a form of different/work profiles. Solutions such as Island or Riru storage isolation minimize the risk of i.e. modded apps by creating a new user profile with an isolated environment, think of like a small VM environment where you specify what the App has access to in terms of storage and permissions.
Personally, I won't install a modded apk for any reason, the risk isn't worth the reward IMHO. Apps from F-droid are usually safe to install, since they're scanned for malware on the website itself.
Hope I helped you with this answer.
Slim K said:
Slim K said:
Android 5.0+ devices have a peculiar solution to that problem in a form of different/work profiles. Solutions such as Island or Riru storage isolation minimize the risk of i.e. modded apps by creating a new user profile with an isolated environment, think of like a small VM environment where you specify what the App has access to in terms of storage and permissions.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
My primary concern is theft of my data such as credentials of banking apps, some app posting nudes to my whatsapp contact, my photos circulating on the web and may be pasted in a nude video or something.... It may sound like a paranoia, but still I want to plug any patent holes if I can....
I tried the storage isolation app you suggested. Unfortunately it does not isolate some of the root apps I have on my phone (they do not appear in the app management section).
The easier solution may be a sandbox environment where a particular app could be run without other apps seeing it. I have about 10 apps in total that I think should run in an environment where neither of the root apps nor any moded app with accessibility access should see them or their data.
Does the Island app you mentioned can achieve this environment? Or is there any other solution?
Kind regards.
Related
I want to know about android apps Full access permission?
What should I beware of?
I heard that some access are considerally danger which will record down your internet banking details (When you use Internet Browsers) & SMS.
Please kindly describe about "Full access permission"
Thanks alot!
Every app you want to install has its own permissions shown in very detailed form before installation. Never heard of full access permission- but is sounds very unlikely that an app will require this kind of approval, so avoid installing it.
If you still want to get risky, and you got android 4.3 and above. I suggest downloading 'App ops' from the market, which will let you control apps permission using google's privacy feature.
Sent from my GT-I9300 using Tapatalk
Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
kbntk said:
Hello,
I think about rooting my device.
However I also think about how secure the custom roms builds or rooting apps are.
E.g.
In the modaco forum there is a tool called Superboot r2 to root the motorola moto g device.
How can I know/trust that this tool doesn't contain any spyware/malware or other malicous code?
How do you guys look at the security of custom roms and other apps which root your device?
Click to expand...
Click to collapse
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
Elzbach said:
Customizing and rooting one's phone can be done very securely. Even more now than a few years ago. I would be wary about apps that can root your phone with a buttoon press. Unless, of course, there is a really long thread about it on xda. The same with apps not from the Google store. You should run a virus scan on any apks you get in general. They can contain malicious code that can mess up your device and steal your information.
Once you root your device, it's a good idea to look into the XPrivacy app. You can use it to control the individual permissions of all of your installed app. There are a lot of other security measure you can take too. Do research on what would be relevant to your device.
Click to expand...
Click to collapse
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Thank you for your replies guys.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
kbntk said:
Thank you for your replies guys.
I agree rooding the device decreases the overall secruity of the device.
On the other hand, rooting the device gives access to the apps that give you control over the system and data on it. For example as Elzbach wrote, with the app XPrivacy I can control what apps have access to my personal information.
Now - without root - when I instal a new keyboard or launcher with widgets, I'm warned that these apps can have access to my personal information and can use them malicously. For me that means, that even without root using normal apps I can get big security risk when using some apps from play store.
Do you build the custom android version by yourself from the source or use builds provided on this forum or modaco or use another way?
Click to expand...
Click to collapse
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
jcase said:
XPrivacy, and apps like them introduce additional security concerns of their own. Android is not designed to work the way they force it too, introducing many new unknowns.
New keyboard, launchers introduce an infinitely smaller risk than any root app, and unlike with root apps you are warned and privileges are handled by an established well tested permission system. Comparing the two is completely silly.
Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all.
A completely valid scenario (one we have seen in the wild): An app with 0 permissions, but the ability to use su could download and dynamically execute new code to perform the malicious activities. IE Google bouncer, and any anti virus software would be @#[email protected] out of luck on that one. All because a user decided to completely break the basic security model, by installing su.
The only customized version of Android I use, is a customized emulator I use for analysis, and that only used when I suspect something could damage an actual test device.
I do not mess with customized versions of Android on real hardware, I only build when testing patches I plan to push to the AOSP gerrit for review.
Click to expand...
Click to collapse
Well I stand corrected.
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
I could be completely wrong
But as I understand dev a pick the permissions they need for the app to work correctly. They declare the permissions they need to the Android system. And then they can only use those permissions and no others. However they don't need to use all of the permissions but they can if they want to.
Btw apps from google play are in no way safe.it has no bearing if you do or don't have apps from unknown sources on your device. fact is google in no way checks the source code of apps on the play store.now maybe the run a virus checks but honestly that means nothing as moron could code in malicious code that would not trigger a scanner (and Trojans are far more prevalent for Android than viruses). If the source code is not available then no one knows what an app could be doing.
90% of my apps come from fdroid, who builds everything from source.
In the discussion above I should also note (but could be wrong about this completely) that system apps (the ones that come with your phone) all have root(administrator) permissions by virtue of being system components.
So rooting may decrease your security but personally I think factory roms are far too unsecure to start with and will never have a device that is not rooted. The benefits far out weight the risks for the careful user. Until such time as the source code is released.
Unless you trust google, face book, Samsung, Twitter, and a host of other baked in developers who get to put apps on your phone at the factory.
Or Apple who has their own way of making money off your every move, or microsoft with win 10 that also sells your habits.
jcase said:
Rooting a device greatly decreased the overall security of the device. You are breaking the basic security design of Android, you are incorporating new code (mods etc) from developers who may not be properly trained, many who jsut copy past code from elsewhere without understanding what exactly is going on. Potentially (almost certainly with most custom roms) introducing new vulnerabilities.
I'm going to have to flat out disagree. Once you have rooted your device, security has greatly been decreased. What would be a minor vulnerability in a normal app, can become a huge vulnerability in an application that has been granted permission to use root. Same goes for the Superuser control application.
Click to expand...
Click to collapse
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Without root you can't add any security to Android. Which has very little security to start with. Permissions are vague and can't be denied on a per app basis short of not installing the app.
System apps have no way of being removed without root unless you do it before flashing, and without root you can't do a complete backup of your system.
Even if you don't root a device yourself Trojans can gain root with many of the same exploits, root themselves and cause whatever havoc they desire.
An app only gets root if you allow it even after rooting your device. It will pop up and ask you if you want to allow or deny or always allow or deny. a Trojan that can create root will do can do it regardless if you root your device yourself, I have no idea if such a Trojan tried to get root if supersu, or superuser will pop up and ask.
A firewall requires root and that alone is worth rooting for me.
But then I have very few apps that I allow online.
Can root cause serious damage to your device? Yes
Can you administrator your device without root? No
Every Linux has root capabilities,
if you own it you should be able to administer it to the best of your abilities and to do that you need root.
Custom Roms are updated far more often that oem roms and as such generally have the newest fixes and updates for security.come that to factory roms that may update once or twice in their expected lifetime, regardless of how many security holes are found in the rom.older devices(read older as a synonym for 2 years old) may never get another update and the only way to protect yourself with out a custom Rom is to buy a new device.
For example Android 5.01 has a major memory leak.and even with that and other bugs and security issues Samsung had not updated the north American galaxy s5 (just over a year old,) above 5.01 yet and may not until marshmallow comes out (Which will mean almost a year after the security and memory leak were found). And until then you walk around using a device with major security issues and a major memory leak.
XPrivacy is not about Security. "Security" is never linked to Xprivacy on Github. "XPrivacy can prevent applications from leaking privacy-sensitive data". Saying the opposite is a lie.
Whether you have root access or not you can almost do nothing against serious attacks BUT having root access allows you to control some things like Internet connection, restricted access,...
Finally do not confuse Custom ROMs and Root. You can run a custom rom without root and vice versa. As explained above custom ROMs are more updated so you can enjoy more patches and new security features like SElinux.
Kayak83 said:
Apologize if I'm resurrecting an oldie but this is a topic I've been contemplating for a while now. I used to root, looking back to my old OG Droid days. But I find newer devices sufficient as to not root anymore (mostly). I'm currently debating rooting a Samsung Tab S 8.4 to remove Touchwiz and hopefully speed some things up and maybe further control the CPU.
If the user is rooted and they only install apps from the marketplace that are known to be safe (I assume)- i.e.- not downloaded from some misc internet site and from "non-trusted sources," would this still be able to happen?
- "Any developer, in a matter of minutes, put together a root app requesting 0 permissions, that can gain permissions or otherwise use APIs requiring permissions at runtime without declaring them, and disable or work around any "security" any XPrivacy type app claims to provide. Once rooted, apps like XPrivacy provide a complete false sense of security. Given you need root to use them... they provide no real security at all."
I guess I'm just not sure how google approved apps, or if they even do. And what's the process of showing app permissions in the Play Store these days, since permissions are front and center when you download an app. Do dev's just flag permissions on their own will or is it built into the Android code? I would ASSUME the android code when posting to Play Store decides permissions for the dev. I would be horrified if Android relied on good will for people to post permissions solely from the dev's input.
Click to expand...
Click to collapse
Go to F-Droid or fossdroid instead of Google Play to avoid crappy apps and unwanted connections. Apps on F-Droid are safer. Google has an automatic system to scan apks when they are uploaded but it doesn't detect everything... Be sure that if you didn't update the version number of your apk you will be blocked though lol
Permissions are stored in the AndroidManifest.xml. If the developer doesn't want to state the permissions he needs then nothing will be shown into the Manifest. That's why it's important to use 3rd party apps to control what apps really do.
Would never use my phone without a firewall installed. I want to have control over what apps can access the net and which cannot.
So rooting is a must for me.
Have no gapps installed and privacy is important to me.
Semseddin said:
This alone is enough for me to stay away from root and its capability to make things worse in my end. Thank you for the professional input on this.
Click to expand...
Click to collapse
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly transmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
optimumpro said:
And you'll be 100% wrong. You are getting a bad advice from someone who sounds like he works for Google. He is wrong and he probably knows it...
Your system apps have root whether you like it or not. So, they can do whatever Google wants them to do with your device. And they can do it silently. So, the question is are you going to have control over your device or google? Without root you can't; with root you can if you know what you are doing. Your main security threat comes from Gapps and the infamous google services framework, which spies on you and regularly tramsmits home (google servers) your every activity. That has to go and for that you need root. Custom rom vs stock. Custom roms don't have Gapps and gsf, so that puts them on pedestal, as compared to stock. Stock rom is android plus manufacturer's bloat which also spies on you and wastes battery. Custom roms don't have gapps and they are open source (like Linux). Have you ever heard about viruses on Linux? Maybe 2 or 3, but thousands in other OSs. As another user noted, linux (on which android is based) has root. So is any major OS. Root is just a key to control your device. It can be set up to restrict everything, even system apps, so the point that having root reduces security is invalid except for one situation, when you don't know what you are doing. Do you want incompetent and malicious evil Google to own your phone? If you do, stay away from root.
Click to expand...
Click to collapse
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Semseddin said:
Thank you for your detailed answer but if i am not mistaken, are you suggesting that a custom rom made by a 3rd party hobbiest developer is more secure than oem's firmware ? If so, i will continue to be mistaken.
Click to expand...
Click to collapse
Most of the time the answer is yes. Also, you could be a developer yourself meaning you can compile your rom from sources with your own modifications. OEMs have user's security on the back burner. Their goal is to monetize the user and in case of mobile devices, there is no way to monetize the user without compromising security. The beauty of a published source code is that anyone could examine it and they do (even if it is not you yourself). Look at businesses: the majority of them use neither windows nor apple. They use Linux, because linux does not monetize the user and it is open sources and by the way, it is maintained by "hobbiest" developers. And naturally, because of this Linux has a vastly superior security and virtually no viruses.
Google is malicious and incompetent, but luckily, Android is based on linux and most of the code there is from linux.
This is of course a separate from root issue, which remains simply an issue of control: whether you want to be in control of your device or not. You can't name any OS that does not provide root to the user out of the box... Just because some (or most) smart phone dumb users don't know what they are doing does not mean that everyone should be denied root on their devices... And by the way, most Google engineers also don't know what they are doing and had it not been for Linux and the community at large, google wouldn't be able to produce anything that moves...
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
Did you root with Magisk? If so, use Magisk Hide feature and check the Axis Bank app. It should start working again.
gunmanrishi said:
Hi devs,
Since I have rooted my device with magisk my axis Bank app says we don't support rooted phone and it doesn't open. Is there a work around for it.
Click to expand...
Click to collapse
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
sandrocks said:
AFAIK In android each app is installed as different user(from Linux system point of view).
Each user(app) has and runs in its own space. And can not access any other user's data.
Root is the user(app) which can access any user's data.
So any app having root access can access any other app's data which can compromise the security mechanisms used by banking applications. So banking apps refuse to start on rooted phone.
I would advice not to use banking apps on rooted phone.
Click to expand...
Click to collapse
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
_mysiak_ said:
If banking app builds its security on this fact, then I wouldn't use it at all. Many banking apps run completely fine with enabled root, some are just more cautious (or paranoid). Just think about security on a Windows PC (admin account, unsecure browser, internet banking in flash ..) - you have no restriction from bank, why should you accept it on a phone?
Click to expand...
Click to collapse
I don't have any experience on windows 8 and 10, and do not know about any banking app for windows 7.
If we are running something as Admin and are able to access app's data(not common data folders like program files or login user data) we are screwed up. In that case most of the DRM protected contents also shall not work. I am not sure pre-installed DRM keys also work as usual after rooting your android phone.
Again every OS architecture is different and I am talking about android which uses Linux kernel.
Root access is not something about tuning your OS or phone, It comes with much more responsibility.
Root access to one wrong app can screw up many things. Off course you know all this jargon since you are senior member on this forum and I don't need to tell you this.
In Windows all apps can read other apps data, under the current user. They don't need admin access for that. Yet nothing is compromised I guess that Windows/Linux/Android banking apps use good cryptography and preventive measures, so even if someone gets access to the data, be it settings or network packets, you are safe. I am absolutely confident in using banking apps with root, however not so much with apps requesting accessibility permissions or Xposed modules. Those two can IMHO potentially do much more harm.
Long story short, use your brain, don't install everything you find on the Internet, don't allow all permissions without thinking and don't use shady public Wifi hotspots.
Just looking for a way to deboat Xiaomi Miui and Google apps from my device. I've been waiting to unlock it, so still haven't been able to root it.
I found there's an Xiaomi debloater link on XDA that is older via ADB, but haven't tested it. https://forum.xda-developers.com/android/development/miui-xiaomi-global-debloater-the4anoni-t3879739
Also found the Magisk Systemless link, which might be a better option. https://forum.xda-developers.com/apps/magisk/module-terminal-debloater-debloat-t3584163
https://www.youtube.com/watch?time_continue=9&v=VKBdxR373ZM&feature=emb_logo
My preference would be installing a ROM that has this removed already, but if not possible, might have to go with one of these options.
Does anyone know of a better option to these or have any advice?
I basically want to get rid of all manufacturer and Google apps / services and only operate with the F-Droid store and FOSS software.
debloat apps
download Szakis latest tool (available on github or google) and you can remove nearly all apps from your phone
you need java and adb installed on a PC to use
I also used this tool. You can find it here.
I deleted this (see the three pictures):
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
https://tweakers.net/i/LXkBi66Lwhdr...age/wwnGf9djLT5P7ihs5VkudvpC.jpg?f=user_large
https://tweakers.net/i/0lRK1wSAFlZb...age/V7CNBI2ffvb5xc958r0Ti6DH.jpg?f=user_large
Thanks I ended up finding so many different ways to do this I wasn't sure which one would be best. The tools from Szakis definitely look easy to use.
Do you know if you can completely remove the Mi Account from the settings? Just wondering what happens if you disable all the Xiaomi apps as it will likely break that option.
Would be great if Miui 12 could be released without Gapps and the Miui apps. Hopefully there will be some development and a working version of LineageOS
birleytweet said:
Thanks I ended up finding so many different ways to do this I wasn't sure which one would be best. The tools from Szakis definitely look easy to use.
Do you know if you can completely remove the Mi Account from the settings? Just wondering what happens if you disable all the Xiaomi apps as it will likely break that option.
Would be great if Miui 12 could be released without Gapps and the Miui apps. Hopefully there will be some development and a working version of LineageOS
Click to expand...
Click to collapse
You can completely remove many things with this tool. But with the second tab of this tool you can bring back the things you want. It's easy to do.
See also the attached document for more information.
Hi guys, I'm a Linux user, so I should(techinically)be able to debloat any Google or Mi crapware with a few adb commands.
I've disabled, what I can for now, & the Google apps will be pretty obvious. However, couple of points I need clarity on?
1) Are there any insidious, that are doing shady things going to Chinese servers, apps on this that I need to know about? There are even dodgy apps on Oneplus phones, unless you debloat, so I'm pretty certain Xiaomi devices have em.
2) Will debloating, stop me from getting full system updates & not parsing or worse send into bootloop?
Would like to know before I do anything stupid really, cheers...
andi54 said:
1) Are there any insidious, that are doing shady things going to Chinese servers
2) Will debloating, stop me from getting full system updates & not parsing or worse send into bootloop?
Would like to know before I do anything stupid really, cheers...
Click to expand...
Click to collapse
These are what I want to know too, if I get stuck into removing things I want to know if there's a real reason to instead of just hiding the icons and ignoring them.
Also, will it cause it to fail a valid OS check before upgrade - I've definitely seen this on older devices after cleaning bloat that meant updating became more difficult.
Obviously, the phone has processes/applications that are completely integrated into the system itself and that its uninstallation or disabling could affect the entire system, from forced closings, crash or, of course, bootloop.Its very very difficult to said exactly who ones. For example, some apps can be safely disabled but not uninstalled, others completely disabled.
In the end, honestly, it's a matter of experience and trial / error. More than once I have finished with the terminal locked or in bootloop and I have been forced to rehabilitate or reinstall the applications through Shell from the recovery (obviously with unlocked bootloader). Over the years you learn to have some security that applications better not touch them.
On the other, and this is general advice for everyone. Most applications that we can run from the launcher can be disabled, but normally "privacy" problems usually come from applications-activities that do not have icons and that are system processes, some can also be disabled / uninstalled ...
Some of them, however, although they are safe to disable / uninstall, directly affect system functions and can cause some crashes when the system should use them, for example the gallery or the themes.
but for what purpose? If the idea is to clean the desktop or the app drawer they can be hidden, if it is "fear" of data theft or dependence on Chinese servers, it is infinitely more practical to root the terminal and block the desired domains with a simple host file. , which is what I do both at the router level and at the terminal itself.
In my case what I usually do:
1º. Unlock the bootloader and of course root it with Magisk.
2º. Uninstall directly from the application manager itself what the system lets me uninstall and I'm not interested in.
3º. Disable by terminal or Titanium those apps that after years I am sure I do not need and are sure to delete, from time to time I able to add some app new.
4º. Hide the icons of those apps that I prefer not to touch in order not to lose functionality
5º. Add my own host file to block all traffic with Xiaomi servers that I am not interested in, without touching or affecting what I do, such as updates and others.
6º. Installing a simple FW as a supervisor, from time to time is useful for me to know the domains to which each application is connecting and decide whether or not to add it to my host file.
Root is need for 5º and 6º.
Well was able to get the latest rom and root working today.
Played around with the Terminal Deloabter, which seems simple enough. Just trying to work out what apps I can remove to get rid of all Google Services and Xiaomi.
I got rid of many and in the end the phone wouldn't boot up again.
Otherwise I'm thinking of trying a GSI ROM version of AOSP, but they appear to have bugs at the moment.
Will keep trying and see where I get.
If a Miui rom could be created without Google and debloater that would be ideal. Or even with MicroG built in would be perfect
birleytweet said:
Well was able to get the latest rom and root working today.
Played around with the Terminal Deloabter, which seems simple enough. Just trying to work out what apps I can remove to get rid of all Google Services and Xiaomi.
I got rid of many and in the end the phone wouldn't boot up again.
Otherwise I'm thinking of trying a GSI ROM version of AOSP, but they appear to have bugs at the moment.
Will keep trying and see where I get.
If a Miui rom could be created without Google and debloater that would be ideal. Or even with MicroG built in would be perfect
Click to expand...
Click to collapse
From my point of view your mistake has been cleaning without any type of filter and together. In first place, I will never uninstall anything, I will just disable it, and start with what seems obvious that it will not affect the system. Rebooting from time to time and checking that everything works as it should. If there is an error it generally does not cause bootloop, it can be easily enabled again from the system itself.
In the case of Bootloop, as being little changes, it gives you the perfect idea that the application has had the problem, and simply by TRWP you can re-enabled again and "mark" that Apps as essential / necessary . It is practically like I have always been cleaning my systems... with time, patience...
And even with everything, from time to time, I still delete some additional that I see that is totally unnecessary.
Hey for removing Google. I found G-Killer on XDA forums, but looks like it's out of date and not working. Something like this would be ideal. https://forum.xda-developers.com/an...roma-google-services-debloater-t3668456/page7
Hi guys,
i uninstalled some apps from command prompt and so far everything ok. today, however, I wanted to continue with the lightening work and now the device does not install apk and system app updates. play store works well both in updates and in the installation of new apps.
the singular thing that the same apps I also uninstalled on the mi9t and everything works fine.
EDIT. Fixed. Reinstalled miui guard provider
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
eXtended Permission Manager - a small app to manage permissions and AppOps.
Features:
Using eXtended Permission Manager, for each installed app, on single screen, you can:
View, grant or revoke manifest permissions
View AppOps permissions and choose one of multiple modes
Set your desired reference value for every changeable permission
The app evolved from a shell script to a GUI for my personal needs. After a ROM upgrade or changing device, it's a time-taking process to review all installed apps for granted permissions and revoke the unnecessary ones (after all privacy matters). To come up with a solution, you can set reference states of permissions which can be quickly backed up and restored. Colored bars at left indicate reference states and make it quite easy to review packages and permissions at a glance.
Manifest permissions are those normally called permissions e.g. Storage, Camera etc. AppOps (app operations) is a robust framework Android uses at back end for access control. With every Android release manifest permissions are becoming more dependent on AppOps. So it's fun to control both simultaneously and see how they relate to each other.
In short, AppOps provide a fine-grained control over many of the manifest permissions. Plus it provides additional controls like background execution, vibration, clipboard access etc. Explore the app to see more.
And yes, the basic functionality of Permission Manager X is completely free and open-source. No ads, no trackers, no analytics. You are encouraged and requested to support the development. Source code is available at below Github link.
Required Privileges / Permissions:
In order to let Permission Manager X serve you at its best, either the device must be rooted or you need to enable ADB over network.
android.permission.INTERNET is required to use ADB over network. The only connection made outside the device is to check for app updates.
Download & Screenshots:
XDALabs | Github (Free) | PlayStore (Paid)
Guide / Help:
PMX Help
RESERVED
RESERVED2
RESERVED3
RESERVED4
RESERVED5
Thanks for a well thought out useful app
Used it when switching to Android 11 on a new device. Was able to achieve required permission state in a few minutes
mirfatif thank you for providing this app!
Would it be possible to use this app to forbid apps to run at start-up?
If yes, how?
androidtel said:
Would it be possible to use this app to forbid apps to run at start-up?
If yes, how?
Click to expand...
Click to collapse
Yes. Using PMX you can set BOOT_COMPLETED (if available), RUN_IN_BACKGROUND and RUN_ANY_IN_BACKGROUND. This answer explains in detail: Disable autostart on boot and restrict background execution.
@mirfatif Hi, when I start your app and give it root permission, it still says "Getting root privileges failed". What can I do?
The app is running on Xiaomi.eu MIUI 12.5/Android 11 with Magisk 21.3.
@burn2k please get the latest build from Telegram support group: https://t.me/PermissionManagerX
mirfatif said:
@burn2k please get the latest build from Telegram support group: https://t.me/PermissionManagerX
Click to expand...
Click to collapse
V1.05-beta2 works
Thank You
Extremely useful app, this thread should get much more interest.
Thank you @mirfatif!
Also great to have it available on F-Droid!
Hello and thanks a lot for your app, so great to use.
The features that may be very useful to add are:
- being notified when an app is installed to set permissions;
- being notified if an updated app from a store have new permission to set;
- order apps by : installation date / updated date / name / number of permission allowed to app;
- navigate by app or by permission;
- set automatic recovery.
Yoannjap said:
Hello and thanks a lot for your app, so great to use.
Click to expand...
Click to collapse
Thank you for the feedback and suggestions.
- being notified when an app is installed to set permissions;
- being notified if an updated app from a store have new permission to set;
Click to expand...
Click to collapse
Paid version contains a feature named Scheduled Checks which covers both of these.
- order apps by : installation date / updated date / name / number of permission allowed to app;
Click to expand...
Click to collapse
Paid app contains Sort By option in the menu which includes all of these parameters except the last. We can add that one too.
- navigate by app or by permission;
Click to expand...
Click to collapse
You can start typing a permission name in Search Box. All apps with that permission are shown. Paid version also shows search suggestions when typing a query.
- set automatic recovery.
Click to expand...
Click to collapse
Sorry what does that mean?
Hey there, I am using an app that could load some files without issue on android 10 but this no longer works on android 11 ...
... I thought it might be due to the fact they've changed the permission system to access the phone storage in android 11 ...
any idea if PMX could help me solve that issue ??
Thanks !!
( PS : More details on reddit :
https://www.reddit.com/r/AndroidQuestions/comments/nhsxtx
)
I purchased the app in Google Play, is a great app. I like a lot that I can remove the permissions to read/write on Clipboard. That works great and there are a lot of things that you can control. I which just one thing to be added on the future... an option to allow all the permissions per app and set a separate parameter for how long and then return to the previous values. For example... an app Notepad S app, fully restricted, but before using it be able to click an option to set only to that app full permissions and the amount of minutes, once timeout the app return to fully restricted. For now that is a manual process for some of the permissions. I love the app and hope more people get this from Google Play and support your work.
bebeh said:
I purchased the app in Google Play, is a great app. I like a lot that I can remove the permissions to read/write on Clipboard. That works great and there are a lot of things that you can control. I which just one thing to be added on the future... an option to allow all the permissions per app and set a separate parameter for how long and then return to the previous values. For example... an app Notepad S app, fully restricted, but before using it be able to click an option to set only to that app full permissions and the amount of minutes, once timeout the app return to fully restricted. For now that is a manual process for some of the permissions. I love the app and hope more people get this from Google Play and support your work.
Click to expand...
Click to collapse
Thank you for the feedback. Please check Permission Watcher feature. Download latest beta from Telegram group.
permission enforcement, new app permission enforcement
(1) So if i understand correctly, the permission enforcement is there as the periodic check can notify or even fix the permissions. (2) Now the second important aspect: enforce newly installed apps. In this case, there's just notification? I'd find it extremely useful to be able to drop all (a la XPrivacyLua) or selected permissions (via template a la AppOps app) from the new app until it's manually reviewed (which could be never - no problem). Not only because the new apps get often started asap and do their antiprivacy stuff, but also because some lazy users will simply won't review them at all, and let for example, Facebook malware grab contacts asap.
doggydog2 said:
So if i understand correctly, the permission enforcement is there as the periodic check can notify or even fix the permissions.
Click to expand...
Click to collapse
Yes you are correct. Both Schedule Checker and Permission Watcher help you enforce permissions.
Now the second important aspect: enforce newly installed apps. In this case, there's just notification? I'd find it extremely useful to be able to drop all (a la XPrivacyLua) or selected permissions (via template a la AppOps app) from the new app until it's manually reviewed
Click to expand...
Click to collapse
Good point. Actually it's no way a problem for PMX to drop permissions when it's already showing a notification for a new app. But there is nothing to drop when a new app is installed. All the revokable manifest permissions are already revoked until the user does not grant them. And the AppOps: many of them don't appear until at least once used by the app e.g. VIBRATION and READ_CLIPBOARD. Many others have their corresponding manifest permissions e.g. READ_CONTACTS, which are already revoked, as pointed out.
Profiles / templates is an upcoming feature. We are working on it.
Not only because the new apps get often started asap and do their antiprivacy stuff, but also because some lazy users will simply won't review them at all, and let for example, Facebook malware grab contacts asap.
Click to expand...
Click to collapse
Contacts cannot be read in background without the permission explicitly granted by the user. And even after that, Schedule Checker is there to remind you that you haven't reviewed a newly installed app so far.
Thanks for the feedback. It's appreciated.