App Tracking Transparency ala iOS - General Questions and Answers

Just reading about the high level of control and monitoring now available on iOS with the features described here https://www.wired.com/story/ios-app-tracking-transparency-advertising/ I realize in Android 12 we can delete the Advertising ID# in settings and achieve blanket anon, but this isn't the same degree of control and monitoring of tracking, privacy, and permission. Is there a way to achieve this on Android, without root or with root, possibly even getting better blocking and privacy control?

Related

Android Permissions & Security Explained

Android Permissions & Security Explained
This guide aims to provide the basic info most people want to know about the security of their phones, and when to download, and when not to download applications from the Android Market.
It's my hope that this will help people make more informed decisions and be safe about their application usage, privacy, and data. It is my firm belief that Android is a fundamentally safe platform. With some common sense, diligence, and the right knowledge of the potential threats, users can rest assured and enjoy their devices more thoroughly.
While most of these tips will apply to any of the new app stores and markets now available for Android, this guide is written specifically for Google's original Android Market.
Also, while this guide attempts to be as comprehensive as possible, there may be errors or misjudgments, or just opinions that are subjective. Please read it with the idea in mind that it's just a part of the information you may want to consider when downloading your apps.
Deciding what to download is ultimately up to you, and that's the most important thing you'll need to remember.
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
This is important to know because it means Android is very unlikely to ever get a 'virus' in the traditional sense. Part of the reason is because Linux is a fairly secure operating system that protects various parts of itself from other parts. This is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later. Also due to some bad choices by Google, there are a few exceptions to this rule that we'll talk about in the permissions section.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Anti-virus
The efficacy of anti-virus apps on Android is a controversial subject on even the best of days. Needless to say, there are some very differing opinions on the necessity of having anti-virus software protecting your phone. Both sides of this debate have some credible and respectable reasons for their choice, so I will try and present both sides as objectively as I can. In full disclosure though, I personally do not use anti-virus on my phone. That's a personal choice I made. Plenty of security experts whom I respect do chose to use anti-virus on their phones. So ultimately this will be a choice that is yours alone to make and not something where you should take cues from other people. That said, here are the pros and cons of each side as best as I know them.
One thing to remember though, is that each side may have some irrational or sensational arguments. These stem from either a sense of emotional justification or a vested interest in selling software. Put simply, neither side of the debate is above bad arguments and unintentional or intentional faulty logic.
Benefits
- Will protect you from all past threats
- May protect you from a future threat
- Often can have additional features for privacy and data protection
- May have features to protect your phone if it is lost or stolen
Drawbacks
- May waste system resources like battery and memory
- It's hard to protect from future/unknown threats
- Can potentially cause serious harm to the OS (very rare but not unheard of)
- May provide a false sense of security and encourage risky behavior
Types of Dangerous Programs
The most common threats from Android applications are:
1) When the app tricks the user into giving it permissions it does not need to do its job.
2) When the app hides malicious code behind legitimate permissions.
3) When the app tricks the user into entering in personal information or sensitive data (such as a credit card number).
There are various ways malicious developers (also known as hackers or crackers) accomplish this. We'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams. Sometimes the older term 'virus' is used in this context, but malware is now considered more accurate.
Spyware
Spyware is used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Oftentimes this includes keystroke loggers to steal passwords or credit card information. Some people include certain types of Advertising tracking in this category (sometimes called Adware, see below). However that's a much larger debate we wont cover here.
Phishing
Phishing and spyware are closely related. They work on a similar principle: tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Contrastingly, spyware would try to hide itself from being known to the user. One way to think about the difference is that phishing is masquerading while spyware is hiding, but the end goal of stealing your data is the same.
An example of this would be an app or website pretending to be affiliated with your bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does, include any service where someone might want to steal your identity or password.
There have been known successful phishing attacks related to at least one bank on Android.
Virus
The definition of virus used to be more all-encompassing. These days that term has been replaced by malware. Virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus sends emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Trojan Horse
A trojan horse is really just a specific type of virus. It merely refers to the idea that the app pretends to be something useful or helpful or fun for the user while actually causing harm or stealing data. This term is often used to describe spyware and phishing attacks as well.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service of dubious quality to the user. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
How to check Permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read. Permissions can give you an idea if an application is asking for more than it needs to function properly. While some legitimate apps often ask for more permissions than they need, it should at least raise an eyebrow. Again this is just part of what you should consider when deciding if an application is safe and good quality.
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world.But, any sane person with a reasonable head on their shoulders knowsthat a few good habits can keep you safe for a long, long time inwhatever you do. Here are a few tips I have learned from many years as aprofessional software developer and from reading many Android forumsthat have many people smarter and more knowledgeable than I aboutAndroid.
Read the comments in the Market
This should go without saying. Before you download any applications, besure to read the comments. Don't just read the first three either, clickthrough and see what people are saying. This can also help youunderstand how well an app works on your particular phone (and yourparticular version of Android). Comments should also be read EVERY timeyou update an app.
It's also important to note that bad apps can sometimes"game" the comments and ratings. There are some unsavoryservices that provide thousands of fake comments for apps and they areprobably more common than you think. See the section on TheCommunity for more on identifying these types of fake comments.
Check the Rating
Any app that fails to maintain above 2.5 stars is likely not worth yourtime. If you are brave enough to be one of the first few to download anapp, this does not apply to you. Nevertheless, almost all good apps havebetween 3 and 5 stars. To me, this is just a general rule to helpfind quality apps.
Check the permissions
There are many things an app can do to, and for, your phone. Butanything an app can do is told to you when you download and install it.Before you download and install an app, you will be shown a list ofpermissions the application is requesting. Read them. Try yourbest to understand them in terms of what the application is supposed todo for you. For example, if you download a game of checkers, and theMarket warns you that it wants to be able to read your contacts, youshould think twice and probably not download it. There is no sanereason a game of checkers needs to know your friend's phone numbers.
In the Permissions section you can read a list of some of the mostcommonly used permissions. The list explains how important they are,what they do, and notes some examples of apps that might legitimatelyneed the permission. This should help you get a basic understanding ofwhat to allow, and when to skip, an app.
Check the developer's website
Make sure the developer has a website and not just some blog. This isoften a good indication of quality as well as safety. If the developercares about their app they will likely have a relatively nice lookingwebsite (or, if they are open source, a site on Google Code or somethingsimilar). Note: sites on Google code are NOT verified or approved byGoogle. However, open source is usually (but not always) morelikely to indicate a safe application.
NOTE: This is not a definitive indicator if a developer is good or bad,just one more piece of information you can use. There are a lot ofexceptions to this particular rule, as a lot of good developers mightnot have anything more than a blog, and a lot of bad developers couldjust point to a nice looking site they have no affiliation with.However, the developer's website can be helpful just as an extra pieceof information you can use in making your decision about the developeror app.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use thesame diligence as if you were installing it for the first time. Rereadthe permissions to see that it is only asking for what it needs and nomore. Reread the comments to see if anything has changed in the opinionsof the users and to see if it still works for your phone. If you seethat an application says Update (manual) next to it, that means thedeveloper has changed the permissions that they are requesting. This isnot necessarily a bad thing -- but it should indicate that you shouldpay a bit closer attention to the permissions and re-evaluate them asneeded.
Privacy
Wi-Fi
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi, you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street. For more info read: Man-in-the-middle attack(Wikipedia). There is also a risk that applications may be transmitting data in the background over that Wi-Fi connection about you without encrypting it. This is also true of any applications over any internet connection however. And while there are some good ways to secure your phone, I personally don't use any public Wi-Fi at all. This may be seen as extreme in some circles, but I believe it to be safest route (although somewhat limiting).
SD Cards
There isn't much to say about SD cards except that all users should remember that they are not a safe place to store personal information. This can be something as simple as a backup/export of your contacts.
The reason the SD card is not safe is that nearly all applications can read any file they want from the SD card. Most personal info such as contacts is stored internally in protected databases however, so this shouldn't be a huge concern for most people, but it's helpful to keep in mind.
GPS and Network Location
There is a lot of information online and in various books about why letting yourself be tracked has potential consequences. However, there are a lot of useful features that apps can provide with location tracking information. You should treat location tracking with care and be sure to give it only to parties your trust. Google Maps would be a great example of this.
Advertising and location tracking
There is a trade-off that some people will consider making with regards to location tracking. Some advertisers would like to have location information on you in order to show you local advertisements and coupons. In exchange, you get free use of an app such as a game. This is a decision you will need to make for yourself. I personally would not make this trade off, but some people very knowledgeable about security are very comfortable making it.
permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.
Official Description
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
Details
This permission is of high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press [Send] or [Call] yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
Send SMS or MMS
Services that cost you money
[color=ery commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to) camera applications, audio/video applications, document applications
[B]Official Description[/B]
Allows an application to read the user's contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Write contact data
Development tools / Your personal info
URI: android.permission.WRITE_CONTACTS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Read calendar data
Development tools / Your personal info
URI: android.permission.READ_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read the user's calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Write calendar data
Development tools / Your personal info
URI: android.permission.WRITE_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Read browser history & bookmarks
Development tools / Your personal info
URI: com.android.browser.permission.READ_HISTORY_BOOKMA RKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read (but not write) the user's browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Write browser history & bookmarks
Development tools / Your personal info
URI: com.android.browser.permission.WRITE_HISTORY_BOOKM ARKS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Read sensitive logs
Development tools / Your personal info
URI: android.permission.READ_LOGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read the low-level system log files.
Details
This permission is of high importance. This allows the application to read what any other applications have logged.
Modify global system settings
Hardware controls
URI: android.permission.WRITE_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read or write the system settings
Details
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.
Read sync settings
Hardware controls
URI: android.permission.READ_SYNC_SETTINGS
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync settings
Details
This permission is of low to medium importance. It mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
Automatically start at boot
Hardware controls
URI: android.permission.RECEIVE_BOOT_COMPLETED
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent
Restart other applications
Hardware controls
URI: android.permission.RESTART_PACKAGES
Risk: HIGH
Protection level: UNKNOWN
Official Description
This constant is deprecated. The restartPackage(String) API is no longer supported.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
Retrieve running applications
Hardware controls
URI: android.permission.GET_TASKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
Details
This permission is of moderate importance. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets. Other than that however, most apps should not need this permission.
Display system-level alerts
Hardware controls
URI: android.permission.SYSTEM_ALERT_WINDOW
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
Details
This permission is of high importance. This permission allows an app to show a "popup" window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show very obnoxious advertising. Almost no apps should require this permission unless they are part of the Android operating system. An example of a system alert would be the alert you are shown when your phone or tablet is out of battery and is about to shut down.
Control vibrator
Development tools
URI: android.permission.VIBRATE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the vibrator
Details
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Take pictures and videos
Development tools
URI: android.permission.CAMERA
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Required to be able to access the camera device.
Details
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.
Access location extra commands
Network Communication
URI: android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to access extra location provider commands
Details
The specifics of the extra commands here are a bit unclear. However, the usage of this permission indicates that an app wants to know detailed information about your location, and respond accordingly. This is often used with advertising and location-based and social-network services like Four Square, Twitter, Facebook or Google Places/Google+. It is recommended that you treat this permission with the same caution as the GPS location permission and assume the same implications to privacy apply.
Access mock location
Network Communication
URI: android.permission.ACCESS_MOCK_LOCATION
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows an application to create mock location providers for testing
Details
This is a permission used for development of apps that make use of location based services. By creating "mock" (fake) locations, apps can test if their code works correctly depending on your location.This permission has no known sercurity considerations; Nor much use in a app released to the public.
Battery stats
Hardware controls
URI: android.permission.BATTERY_STATS
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to collect battery statistics
Details
This permission is of little to no importance.
Bluetooth Admin
Your accounts
URI: android.permission.BLUETOOTH_ADMIN
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to discover and pair bluetooth devices
Details
Bluetooth (Wikipedia: http://en.wikipedia.org/wiki/Bluetooth) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset or wireless speakers.
Broadcast Sticky (Intents)
Hardware controls
URI: android.permission.BROADCAST_STICKY
Risk: LOW-MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.
Details
The permission has to do with how applications "talk" to each other using a communication method called "Intents". While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.
Change Configuration
Hardware controls
URI: android.permission.CHANGE_CONFIGURATION
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to modify the current configuration, such as locale.
Details
This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. language), it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution.
Clear app cache
Hardware controls
URI: android.permission.CLEAR_APP_CACHE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to clear the caches of all installed applications on the device.
Details
This permission is of low importance. It allows an app to clear the cache of apps on the phone or tablet. The cache is a place that an app stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files. Clearing these files generally presents no risk other than to slow the performance of the phone or tablet (as apps will need to re-create the caches when used).
Disable Keyguard (lock screen)
(unknown category)
URI: android.permission.DISABLE_KEYGUARD
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows applications to disable the keyguard
Details
This permission is of medium-high importance. It allows an app to disable the "lock screen" that most phones go into after going to sleep and been turned on again. This lockscreen can sometimes be a password screen, or a PIN screen, or just a "slide to unlock" screen.
Expand status bar
Hardware controls
URI: android.permission.EXPAND_STATUS_BAR
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to expand or collapse the status bar.
Details
This appears to be a system permission -- not for use by regular applications. If you come across this permission I would beware of any app requesting it that is not an Android system app.
Flashlight
Development tools
URI: android.permission.FLASHLIGHT
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the flashlight
Details
This allows apps to turn on or off the LED "flash" light used by the camera. This is a handy tool but usually of no risk itself.
Get package size
Hardware controls
URI: android.permission.GET_PACKAGE_SIZE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows an application to find out the space used by any package.
Details
This permission does not seem to have any risk associated with it.
Kill background processes
Hardware controls
URI: android.permission.KILL_BACKGROUND_PROCESSES
Risk: HIGH
Protection level: UNKNOWN
Official Description
Allows an application to call killBackgroundProcesses(String).
Details
This permission is a bit of a tricky one. Often this is used by what are called "task killers". These apps supposedly free system resources by closing apps running in the background. However the usefulness of such apps is minimal at best. They can help close an app that is misbehaving, however a user can already do that themselves through the Android settings under "Apps" or "Manage Applications". Conversely this permission has some potential to maliciously close anti-virus or other security related apps. As with anything I would treat this with caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app).
Modify audio settings
Hardware controls
URI: android.permission.MODIFY_AUDIO_SETTINGS
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to modify global audio settings
Details
This permission is of low importance. Audio settings pose little to no risk to the device.
Format file systems
Your personal information
URI: android.permission.MOUNT_FORMAT_FILESYSTEMS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows formatting file systems for removable storage.
Details
The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not a permission any normal app should need.
Mount / Unmount file systems
Your personal information
URI: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows mounting and unmounting file systems for removable storage.
Details
This permission just allows for connecting to SD cards for reading and writing. While not a risk itself, this is also not a permission any normal app should need.
NFC (Near Field Communication)
Your accounts
URI: android.permission.NFC
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to perform I/O operations over NFC
Details
NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short range communication between two devices or the reading of NFC "tags". The distance which NFC is able to work is only a few centimeters so that devices (or a device and a tag) must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous. However it does present a small risk and it is something that should used with caution.
For more info: http://en.wikipedia.org/wiki/Near_field_communication
Process outgoing calls
Your location
URI: android.permission.PROCESS_OUTGOING_CALLS
Risk: VERY-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor, modify, or abort outgoing calls.
Details
This permission is of high importance. This would allow an app to see what numbers are called and other personal info. Generally this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement type apps.
Read sync stats
Hardware controls
URI: android.permission.READ_SYNC_STATS
Risk: MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync stats
Details
This permission is related to "Read sync settings" but not particularly dangerous itself. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuble. Sync in this case relates to syncing of contacts and other types of media on the phone.
Record audio
Development tools
URI: android.permission.RECORD_AUDIO
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to record audio
Details
While this permission is not typically dangerous, it is a potential tool for eavesdropping. However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery.
Set alarm
Hardware controls
URI: android.permission.SET_ALARM
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to broadcast an Intent to set an alarm for the user.
Details
This permission seems to be of low risk because it doesnt allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone.
Set time zone
Hardware controls
URI: android.permission.SET_TIME_ZONE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows applications to set the system time zone
Details
This permission poses little, if any, risk
Set wallpaper
Hardware controls
URI: android.permission.SET_WALLPAPER
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows applications to set the wallpaper
Details
This permission poses little, if any, risk
Subscribed feeds read
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_READ
Risk: MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to allow access the subscribed feeds ContentProvider.
Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.
Subscribed feeds write
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_WRITE
Risk: LOW-MEDIUM
Protection level: DANGEROUS
Official Description
(No developer documentation is available for this permission)
Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.
Use SIP
Your accounts
URI: android.permission.USE_SIP
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to use SIP service
Details
SIP stands for Session Initiation Protocol. It is a technology mostly used for making video and voice calls over the Internet. While not a major security risk it should be treated with almost as much caution as the standard "make phone calls" permission.
Write secure settings
Hardware controls
URI: android.permission.WRITE_SECURE_SETTINGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read or write the secure system settings.
Details
This permission should only be seen on Android system apps (and possibly wireless carriers or hardware manufacturer pre-installed apps).
Write SMS
Services that cost you money
URI: android.permission.WRITE_SMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write SMS messages.
Details
This permission appears to be an offshoot from the "send SMS" permission. This should allow an app to write, but not send an SMS message. Users should still be cautious of this permission however. Many kinds of malware lure users into sending SMS to special for-pay numbers costing them money.
Write sync settings
Your messages
URI: android.permission.WRITE_SYNC_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to write the sync settings
Details
This permission relates to backup and sync of certain types of information like contacts. This allows an app to write settings for how that account and the data are sync and backed up. This is a common permission for social services or contact managers or any other type of app with an account associated with it. Alone, this permission doesn't allow an app access to contacts or other sensitive data. Rather, it just relates to how that data is backed up. Nevertheless, care should be taken as always.
Read profile
Development tools / Your personal info
URI: android.permission.READ_PROFILE
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read the user's personal profile data.
Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.
Install Shortcut (Android Launcher)
Hardware controls
URI: com.android.launcher.permission.INSTALL_SHORTCUT
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
This is a custom permission for the default Android Laucher (the home screen). This permission would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app. For more on adware, see the guides section of PocketPermissions.
Read external storage
Your personal information
URI: android.permission.READ_EXTERNAL_STORAGE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to read from external storage.
Details
This permission is granted to all apps by default.
Read SMS
System tools
URI: android.permission.READ_SMS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.
Write call log
Your location
URI: android.permission.WRITE_CALL_LOG
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Details
This permission is not much of a danger by itself, but rather could be used to hide other malicious behavoir. However it has a legitimate purpose for dialer replacements or voice over IP apps (like Google Voice).
Write profile
Development tools / Your personal info
URI: android.permission.WRITE_PROFILE
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.
Read social stream
Development tools / Your personal info
URI: android.permission.READ_SOCIAL_STREAM
Risk: HIGH
Protection level: DANGEROUS
Details
This permission is very important. It is a new permission introduced with Android 4.0 (Ice Cream Sandwhich). This permission would allow an app to read updates from social networking apps like Google+, Twitter, and Facebook. By granting this permission you are giving an app the ability to read not only your information, but any updates posted by people in your social circles.
Add voicemail
System tools
URI: com.android.voicemail.permission.ADD_VOICEMAIL
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Details
This seems to be a new permission related to Android's new centralized voicemail system. It would be an unusual means for an app to use this permission maliciously. However few apps should need it and, as always, it should be treated with caution.
Authenticate Accounts
Your messages
URI: android.permission.AUTHENTICATE_ACCOUNTS
Risk: VERY-HIGH
Protection level: DANGEROUS
Details
This permission is of high importance. It allows an app to authenticate credentials (such as passwords). Typical uses of this would be if an app had it's own type of account on your phone such as Google, Facebook, or Twitter.This permission is closely related to the Account Manager permission. Both are typically requested together.While this doesn't directly give an app access to your personal information or passwords, it does present a security risk for phishing (tricking the user into revealing their password). For more on phishing, see the Guides section of PocketPermissions)
Read email attachments
Development tools / Your personal info
URI: com.android.email.permission.READ_ATTACHMENT
Risk: HIGH
Protection level: DANGEROUS
Details
This is a custom permission for the default Android email app (i.e. not Gmail). This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information.
Read user dictionary
Development tools / Your personal info
URI: android.permission.READ_USER_DICTIONARY
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to read the user dictionary.
Details
This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like "brb" that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk.
Write user dictionary
Hardware controls
URI: android.permission.WRITE_USER_DICTIONARY
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to write to the user dictionary.
Details
This alows an app to add custom words to your user dictionary. For example, the common acronym "brb" for "be right back".
Receive SMS
System tools
URI: android.permission.RECEIVE_SMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor incoming SMS messages, to record or perform processing on them.
Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.
Receive MMS
System tools
URI: android.permission.RECEIVE_MMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor incoming MMS messages, to record or perform processing on them.
Details
This permission is mostly a privacy concern. Any app that can read your MMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS/MMS replacment" apps (such as Handcent) and would naturally need this permission to function.
Install DRM
Hardware controls
URI: android.permission.INSTALL_DRM
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
DRM stands for Digital rights management. Typically this permission is not particularly dangerous itself. However, it is a permission related to controlling access to medi such as books, audio video, and more. Due to its purpose to control access, I would be especially careful installing any app requesting it.More info: http://en.wikipedia.org/wiki/Digital_rights_management
Add system service
Hardware controls
URI: android.permission.ADD_SYSTEM_SERVICE
Risk: CRITICAL
Protection level: UNKNOWN
Details
This permission should only be given to Android System apps (and possibly to wireless carrier or hardware manufacturer pre-installed apps)
Access WiMax State
Your accounts
URI: android.permission.ACCESS_WIMAX_STATE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Details
WiMax is a technology developed for "4G" data and internet speeds on mobile devices. This permission allows an app to see if it is currently connected to a wireless network that uses WiMax. There is no significant risk associated with this permission.
Change WiMax state
Your accounts
URI: android.permission.CHANGE_WIMAX_STATE
Risk: MODERATE
Protection level: DANGEROUS
Details
This permission allows an app to turn on or off the WiMax radio. WiMax is a type of "4G" wireless connection like LTE. This permission essensially allows an app to turn on or off 4G.
Read instant messages (IM)
Development tools / Your personal info
URI: com.android.providers.im.permission.READ_ONLY
Risk: HIGH
Protection level: UNKNOWN
Details
This is apermission realated to reading instant messages, such as those on GooleTalk.
RECEIVE
(unknown group)
URI: com.google.android.c2dm.permission.RECEIVE
Risk: LOW
Protection level: UNKNOWN
Details
C2D stands for Cloud to Device Messaging. This is a push notification technology that is being phased out for a similar technology called GCM. (Google Cloud Messaging). This permission is of little to no risk.
In-app billing
Services that cost you money
URI: com.android.vending.BILLING
Risk: CRITICAL
Protection level: UNKNOWN
Source
Informative, although most are common sense, good for beginners.:thumbup:
Sent from my One V using xda premium
Official Description
Allows applications to perform I/O operations over NFC
Details
NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short range communication between two devices or the reading of NFC "tags". The distance which NFC is able to work is only a few centimeters so that devices (or a device and a tag) must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous. However it does present a small risk and it is something that should used with caution.
Click to expand...
Click to collapse
Just to give an example of how something as innocent as NFC can be a danger if your not paying attention. Again, the phones basically have to be touching, but still.... http://thenextweb.com/google/2012/0...rs-hack-android-via-nfc-samsung-galaxy-s-iii/
The point is, an app may use permissions granted in ways that wouldn't normally be thought of, and through a series of exploits and privilege escalations, something that may sound innocuous could be what costs you the most.
Courima remnant
Thank you for this post. Do you have any recommendations for encrypted phone calls and text messages?
Good stuff. Helpful info. I might point out citing your source in a very small link at the bottom of post 3 is not the same as citing your source in a prominent link at the top of post 1. Also the link is just a generic reference to the author's main site http://alostpacket.com/ which does not actually contain the text in your post. You might want to mention http://androidforums.com/android-ap...explained-security-tips-avoiding-malware.html instead.
NxNW said:
Good stuff. Helpful info. I might point out citing your source in a very small link at the bottom of post 3 is not the same as citing your source in a prominent link at the top of post 1. Also the link is just a generic reference to the author's main site http://alostpacket.com/ which does not actually contain the text in your post. You might want to mention http://androidforums.com/android-ap...explained-security-tips-avoiding-malware.html instead.
Click to expand...
Click to collapse
Oh snap the thread police,everybody hide,hahaha,jk.What the heck are you rambling on about?
Diablo67 said:
Oh snap the thread police,everybody hide,hahaha,jk.What the heck are you rambling on about?
Click to expand...
Click to collapse
He's saying that you should cite the exact page where you copied and pasted this from.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
CNexus said:
He's saying that you should cite the exact page where you copied and pasted this from.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
Click to expand...
Click to collapse
Its at the bottom of the last page,page 3,its always been there,i never quote someone without linking to the original source....
http://forum.xda-developers.com/showpost.php?p=42257293&postcount=3
Diablo67 said:
Its at the bottom of the last page,page 3,its always been there,i never quote someone without linking to the original source....
http://forum.xda-developers.com/showpost.php?p=42257293&postcount=3
Click to expand...
Click to collapse
That's not the original source. That link goes to alostpacket.com, not the original thread on android forums that NxNW posted.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
CNexus said:
That's not the original source. That link goes to alostpacket.com, not the original thread on android forums that NxNW posted.
The Thanks button is just to avoid "THANKS" posts in threads. Nothing more. Don't defeat the purpose of why it was introduced.
Click to expand...
Click to collapse
I didnt get it from there,i got it from A Lost Packet dot com ,i wasnt aware of the post on android forums,there was'nt a source on that page @ the time,i do notice now they have moved that post now,so i will fix the source now that i am aware,thank you.
Edit:Matter of fact here ya go... http://androidforums.com/android-ap...explained-security-tips-avoiding-malware.html
Nice thread
veryf helpful, nice thread for beginners.
For anyone wanting read more about android permission weirdness: http://www.quarkslab.com/dl/Android-OEM-applications-insecurity-and-backdoors-without-permission.pdf
SD-card is always readable and writable, even without permissions, so don't keep important stuff on your sd.
this is very informative! thanks:good:
Thank you for the informative thread!
Just started to switch to Android after using BB for quite some time. The first thing I missed was BB's method of granting permissions. I noticed this when I installed Viber and (with the app's basic function aside) was not happy with the fact that it won't run with me denying access to my contacts.
Does this mean that Android is more vulnerable to threats? I'm quite confident Linux is secure but I wouldn't know if the developer inserted something malicious. And since I am unable to encrypt my data, I'm wide open right? (I read Android offers encryption since 2.3.4 but my phone says it's running on 2.3.7 and I can't find the option to do so.)
Information
The above information is very good, but now there are many ways to block the app permissions or send fake datas to user installed app.
I was about to edit a file using Root browser in order to make my headphone volume louder. In most threads regarding this I noticed alot of people mentioning to check permissions after I have edited the relevant values.
Why would me editing system files require me to check permission? Have I got the wrong kind of permission here?
Thanks
I was looking for a nice source to send co-workers to to help educate them on device security. I appreciate the time taken to compile this!!
Firstly thanks for a great thread, (I pressed Thanks).
Regarding Anti-Virus, for the masses who check e-mail on their device and take photographs.
I use an Anti-Virus (Free App) on my device not because of fear of my Android device becoming infected or me doing something to compromise my system, but I do not want to gain a virus which may attack a Windows machine when I mount my device for file transfer via USB.
This is a point I thought I should bring up, you do not need to even have an App which can remove the virus or file (you can delete manually).
The same point ranges on having Anti-Virus applications on Linux in general, it is so the system does store dangerous files in general which can be transferred on to a system of which it does target and could cause damage.

Thoughts on Doze and its effect on safety applications

I wanted to start this thread to discuss Doze and its impact on reliability, primarily on safety applications.
I'd like to start with a general statement: the days of our devices being merely telephones are long behind us. We still call them cell phones, but as we - especially here - know, our devices are so much more. They truly are wearable computers. They're our music, our cameras, our navigators, our communicators, our personal databases.. and for some of us, safety equipment. And they must be reliable.
Now, battery life is important. No question about that. But.. and I'm trying to put this delicately.. Doze was forced upon us with no option to globally disable, and even "whitelisting" applications doesn't fully release them from the confines of the new battery management policy. For some of us, Doze has made our devices less reliable.
The application category I'd like to call attention to first is marine anchor alarms. For those who don't boat, anchor alarms monitor a vessel's position with the GPS. If the anchor drags a certain distance (and the boat moves more than it should), an alarm is issued to alert the crew to the danger. It is entirely possible to drift (particularly when anchored in current) without triggering the significant motion sensors, limiting even whitelisted apps to 15-minute GPS polls. A lot can happen in 15 minutes.
Obviously using a portable device as your sole means of anchor drag detection is not a wise idea. Yet, many people with smaller boats do it, because that's all they have. Some of us with larger vessels do it as well, with a secondary system as a backup (since anchor alert applications make it much easier to define the anchor scope and exclusion zones precisely). This is all very much beside the point.
This category of application can no longer function reliably on Android! As of Android 6.0, anchor alerts can no longer monitor the GPS position reliably 24 hours per day unless:
1. The device is plugged in (and the power supply hasn't failed), or,
2. The application uses media input/output (a battery-wasting hack).
Unlikely as it may be, it is possible that someone will lose their small vessel this summer because their device failed to notify them that they'd slipped off the anchor, even if they knew enough to whitelist the app!
This is a pretty serious regression, and there are others. AIS (Automatic Identification System) and radar warning apps that communicate directly with ship systems via IP are no longer reliable. Tasker can no longer respond to local events with a granularity better than 15 minutes. Sleep monitoring applications are broken as well. And this is after you've manually whitelisted these applications!
I don't want this thread to sound like a rant. Doze is a fantastic addition to Android. But I would like to get the conversation started so that more people recognize that it imposes a fairly significant cost for some people.. especially those of us with extended batteries who feel virtually no benefit.
I was hoping people could respond with:
1. Other categories of applications, or individual applications that are no longer reliable on Android 6+ (particularly those related to safety),
2. A "me too" if you want the ability in custom or official roms to a) completely/situationally disable Doze without root, or b) properly whitelist applications, and,
3. Whether or not you've personally experienced critical notification delays, missed alarms, or other negative effects you attribute to Doze.
If anyone does need to disable Doze in the meantime, there is a straightforward (not well documented) way to do it if you are rooted:
Code:
dumpsys deviceidle disable
The change is non-persistent.

Xposed-Privacy Protectio

http://www.android.protectmyprivacy.org/
Pretty neat app.
"Protect My Privacy (PMP) lets you protect the personal information on your rooted Android device. It provides a layer of security between apps and the operating system, thereby giving the control back to the user. When an app attempts to access any protected information, an alert is shown and you have the option to "Protect" or "Allow". The software is unique in that rather than merely blocking access to the information, which could cause the app to have unexpected behavior or even crash, PMP instead supplies fake replacement information, such as randomized contact names, or a location specified by you. You can quickly switch between real and fake information, even while the app is running. PMP also provides automatic protection using crowd-sourced recommendations, this uses information from previous manual decisions made by other users for the same app."

Subject: Root, security and privacy

about root and privacy
Introduction:
nowadays android phones are much more controllable without root access, and bloatwares can be deleted or disabled without root permissions by using the android's settings app, or through the developers' ADB shell. and even firewalls like "Netguard" don't need root access nowadays in order to control the network, and there are so many other opensource apps like "Blokada" and "ublock" that don't require root anymore in order to block ads, YouTube Vanced to watch videos without ads... all of this was impossible to perform three or four years ago, so why still bother with rooting ?
about root:
Root is gaining super user permissions in linux, or being an administrator. you don't need me to mention how many years this super user wasted in order to be able to understand and to become an administrator, or super user.
what I'm trying to say if you don't know what you're doing while acquiring "Root" privileges on your phone, don't do it just for fun.
Root exposes the user to some higher risks even from the trusted play store apps.
"With great powers comes great responsibilities", if you can't assume total control of every aspect of your rooted phone (thousands of files) then don't root it.
and I'm not saying you should let everything to Google or even trust the google softwares, in fact I created a thread especially to limit their disrespectful or exaggerated behaviors by debloating and using firewalls.
real hackers or developers who understands how a mobile operating system works, and how hacking works, can hack a rooted phone much more easier than hacking a non rooted phone.
speaking for myself I can't fully control a rooted smartphone because there are thousands of files : which are written in different development languages, doing different tasks, and they have different dependencies..
and contrary to what some people think, using strong long passwords can't sometimes help, and installing an realtime antivirus protection can't sometimes detect a hacker intrusion (when your phone is being truly exploited and completely controlled by strangers)
I'm not only saying don't root if you aren't an android developer, but you should limit Google and your installed apps behaviors as well.
nothing is unbreakable, and backdoors exist within the google O.S and within google or the manufacturer apps or else, but a firewall can limit some of their behaviors.
a word of truth :
very few people can actually be a super user of a complicated mobile operating system such as android, but if you're one of them, then you already know more than all of this.
I hope this can help anyone, feel free to copy paste, modify and share on your website.
and feel free to comment, debate, saying thanks, or providing some more informations.
I just wanted to share this for anyone who is concerned by root's real life review, from a privacy oriented point of view.​
....or another point of view is that unaccountable multinationals like Alphabet who own Google and companies like Samsung and Apple have no moral or ethical compass and are building up a long track record of trust-breaking behaviour that is only accelerating. Without root, you cannot remove or at least minimize the "telemetry" and "walled garden" that every new phone is crammed with. A small percentage of us refuse to be treated like a lamb being led to slaughter so root is absolutely necessary for privacy and security, not the other way around.....
jajk said:
..... Without root, you cannot remove or at least minimize the "telemetry" and "walled garden" that every new phone is crammed with. A small percentage of us refuse to be treated like a lamb being led to slaughter so root is absolutely necessary for privacy and security, not the other way around.....
Click to expand...
Click to collapse
Thanks for your reply :fingers-crossed: , well I think telemetry services are linked to the 'Google play services', and if we don't use any Google accounts and disable and block the Google play services from sending usage data to Amazon and Google servers by using a non-root firewall like 'netguard' (like I specified in this thread) then they can't have anything or too little from us, :laugh: I have set up the firewall to block everything except my open source browser see attachment :laugh::laugh:

NoRoot firewall circumvention

I really hate the modern world.
Anyhow I have been running Noroot firewall and some form of blacklist browser for years. "Smart"phone are practically unusable without. How have I seen the internet mostly devolve as it develops. Your parents are right Nostalgia is not a over fond memory in a fog of the past but a realistic time where devices had real controls and monitoring. Seems we have supplemented privacy and efficiency for ShINY POLIsHEd APPS so bloated and malfunctional.
Nuff ranting.
I feel like I am being fooled into a somewhat false sense of security by noroot. I mean it is published by 'greyshirts'. Is that a word play on 'whitehats'?
Do you see I can deny access to several apps with varying results. For instance:
Instagram is now unaffected by noroot.
Snapchat will continue to try to access servers and refuse to upload images but texts and some data still pass.
Some games like World of Warships +bump. Work Flawlessly despite no access.
And a whole host of other apps will not function, ALTHOUGH they can still push notifications. I do not understand Java or Android well enough to know how or why. This device is NOT rooted. My experience is minimal with a couple of roots some adb logging thats it very rusty
Somebody could please explain ?
If somebody would train me I will gladly make an OS that has complete and transparent root level firewall and IP logging.
It seems the only way to steal back the internet from the data logging companies and advertisers and the big colorful monstor itself.
Sorry iphone users you are probably ****ed sideways in your blissful ignorance.
Whatthetrax said:
I really hate the modern world.
Click to expand...
Click to collapse
Me too.
A ( proxy ) firewall basically is a piece of software that monitors incoming and outgoing network transfer and gives you the chance to either block or allow the network transfers by setting related filters. IMO with regards to outgoing transfer on Android no extra ( proxy ) firewall software is neeeded at all, you define what IPs are to be blocked via Android's hosts file.
The NoRoot Firewall app you mentioned simply substitutes the make-use-of Android's hosts file - what only can be kept up-to-date by a root user, nothing else. My Android's hosts file has over 14,000 entries.
The only advantage why to use NoRoot Firewall app I can see is possibilty you can allow or deny only specific ( outgoing ) connections on a per app basis.

Categories

Resources