I've been working with a partner recently, on an experimental Android app for unrooted cellphones, that would integrate with Xposed Framework modules, and be usable FROM the local device itself.
I knew up front that one of the biggest challenges would be emplementing some form of drag & drop functionality with what I have in mind.
My idea is a mashup between a weakness I've discovered in OTA transmissions, during software update sessions.
Without going into this topic too deeply, I'm VERY INTERESTED IN SEEING IF ANYONE ELSE out there has been looking into a work-arround for this framework.
OR, ANY OTHER NO-Root solutions (that aren't comical, and ACTUALLY work) to things like editing the build.prop, or any other form of permission escalation.
Related
I'm working on a (commercial) application that relies on root access to operate. Amongst savvy users, this is fine, but the aim is to integrate into the operator-customised ROMs so it's applicable to all consumers. Note this is not OEM integration at the manufacturer; that's too early in the chain.
Generally speaking, is there any way for them to customise their ROMs to provide elevated privileges to a system app? I know there are various manufacturer features (e.g. HTC Sense's hardware control widgets) that go around the standard Android APIs, but that's in there from the manufacturer, not part of customisation.
The dirtiest solution I can think of is to root each device as we consumers would, and then somehow hide the user-visible aspects of that (i.e. the superuser control app). I imagine there's a better way than that.
Any clues?
When are we getting a XPrivacy port or equivalent? I thought the homebrew scene would have been the first to make something like this,considering how far HaRET and Root Tools went as far as accessing functionality.
We only know how to do a handful of those things right now. The same hacks that Heathcliff74 used for Root Tools policy editing could be used for other policy editing, such as removing specific permissions from apps, but you'd have to either reverse engineer the policy database yourself or get him to write the tool or document the reverse engineering he did. For homebrew apps, permissions could be edited out of the manifest pre-installation - I seriously considered coding this into my XapHandler app - but decided the likelihood of crashes made it not worthwhile.
Unfortunately, that approach would likely just cause a lot of apps to crash. To instead actually modify the way the apps work (i.e. hook their call to the location services and return a bogus address) should be possible with enough work - a normal app couldn't do it because the .NET runtime on the phones doesn't allow modifying system functionality that way, but a custom ROM or high-privilege app could work around that - but it would not be easy.
I suspect the true answer is that nobody has bothered yet.
The simple genius in achieving privacy through data spoofing is something I was mulling a way back,long before the recent scandals. My method,of course,extended way beyond the device and could render all digital information useless,technically speaking. Im gonna nominate this app for one of these awards that keep popping up,even if im not using Android.
@rovo89, the brilliant developer behind the Xposed Framework, issued an update on his plans for adding Lollipop support to the popular modification framework.
One of the under-the-hood changes brought by Android 5.0 Lollipop is the adoption of ART as the only runtime on Android, replacing the aging Dalvik. While ART brings faster app execution thanks to its use of ahead-of-time compilation, it also happens to break Rovo89’s Xposed Framework. For this reason, Xposed doesn’t work on devices running KitKat with ART, as well as on all devices running Lollipop.
In this post, Rovo89 issued an update on his work on Xposed for ART – in short, not much has changed since the last update from July, simply because the currently available Lollipop source code is still not final:
It’s pretty hard to shoot such a fast-moving target. I hope that once a final version is out and the source code for is published (with a proper branch), changes will slow down a bit – and hopefully, vendors will use it pretty much unmodified.
The bulk of the work is still ahead, and the bad news is Rovo89 is having trouble mustering the time and motivation to tackle the difficult new project:
I still don’t have time and motivation to work on Xposed as I used to, but I’m slowly starting again (no promises though).
Getting Xposed to work on Lollipop is more than figuring out ART, said the developer, as the implementation of SELinux on Android 5 is “much stricter”. In short, while there’s a good chance Xposed for Lollipop will work, that’s not a certainty, and, if it eventually happens, it won’t be anytime soon:
I can’t give any estimation when that will be the case, it depends much on my personal situation. Chance are pretty low that it will be within a month after Lollipop release, and will get higher once I start thinking about flashing a Lollipop ROM myself (which would probably be CM12, and I think these guys won’t give us a timeline either, for good reasons).
I’m still not 100% sure Xposed for Lollipop will work, but I hope that in some way it will, even if it might not be as compatible with most ROMs and as easy to install as it is for Android 4.x
Hello All,
The topic name pretty much explains what i would like to ask. Is it possible to have an app pre-installed by the vendor (let's say telco operator who is selling it's customized phones) with root privileges?
I am not interested in rooting the phone from user perspective.
My question is mainly focused on idea, whether it is possible to sell android devices (on large scale) which have an application running with root rights without sacrificing security and Android integrity. And what would it require?
Why root privileges? We are looking into a possibility of creating a diagnostic app which will be analyzing a system malfunctions like screen freezing, screen lagging, etc.
Thank you
Hello XDA,
I am interested in trying to write an XPosed module that modifies the response to a function call, but I am very confused about how to properly go about it. Specifically, I have found functions in both Java code and C++ code in the Android codebase that look like they are the ones that I should hook, but I am not sure if I need to hook both of them or one of them?
https://cs.android.com/android/platform/superproject/+/master:frameworks/base/media/java/android/media/audiopolicy/AudioMixingRule.java
https://cs.android.com/android/platform/superproject/+/master:frameworks/av/media/utils/ServiceUtilities.cpp?q=CAPTURE_AUDIO_OUTPUT
I am very new to tinkering with XPosed and the Android codebase, but I do not understand why there seems to be code with what looks on the surface like they do the same thing.
Does anyone here have any knowledge they could share? I am thinking to use the DisableFlagSecure (https://github.com/LSPosed/DisableF...osed/disableflagsecure/DisableFlagSecure.java) module code as a baseline for trying to implement my stuff.