Hello everyone,
I am a computer science student, noob java developer, web and database programmer and a general all around nerdy fellow.
Short Version (if you don't want to read):
How does the application level permission system work on the Android OS? Is it all simply held within the Manifest.permission xml file? Every time an application commits to an action that would require permission, does it simply do a quick check of the ID and then cross-reference the Manifest.permission file at the system level?
Long Version (if you want to read):
I have been looking at LBE Security as an app to allow me to control on a per app basis which permissions they are allowed to have. A wicked awesome idea. The only problem (aside from it not being open source) is that it drains the battery through CPU usage of its active guard feature.
I thought to myself there must be a simple way to manage the permissions of all apps without the necessity of a background service continually running. Could not an app be created (which would of course require root access) that would allow you to edit (through a GUI) the permissions of all your applications. Write to the Manifest.permission the appropriate changes and then close. Thus negating any continuously running background service drain on the CPU/mem=> battery?
Is this how all permissions for applications are handled through this one file? Or am I missing something?
I have searched quite a bit, as far as I can tell its all handled by Manifest.permission. Please enlighten me if I am mistaken.
Hey,
When I turned on my phone the RAM it was taking was 300 MB, after a days use it is now 500MB (even after pressing 'clear RAM' button).
I've entered Settings->apps->running and it shows only two small things (the keyboard and some weather widget) which combined take only 20 MB.
So what is the rest of the memory is beign allocated for?
Thank you.
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
pc103 said:
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
No, the closest I have is "Task Manager".
lenovoOwner said:
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
Click to expand...
Click to collapse
Thank you, indeed I see some more RAM guzzlers, but It seems like they make up most of the addition but not all of it ... plus funny thing, when I try to close everything (in 'running' and 'cache) and I reenter- here it is there again...
1) Can I see all of the elements that take up my ram (the system as well)?
2) Can I close them properly?
Thank you very much.
PS. Is there some comfortable way to jump between apps? Like in the Iphone where by pressing the 'Home' button will show you a bar with a row of icons of the currently active processes....
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
pc103 said:
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
LOL {hit myself on the head}, didn't occur me to try...
pc103 said:
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
Click to expand...
Click to collapse
pc103 said:
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
I was hoping there is a way to avoid using apps...
Ok, I suppose it opens another question which I thought about creating a new thread for, but if the opportunity already arose...
How do you actually know if you can trust an app?
I'm kinda new to android and I'm much more used to the opennes of windows, also I'm pretty paranoid (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
oy-ster said:
How do you actually know if you can trust an app?. . . (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
Click to expand...
Click to collapse
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
pc103 said:
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
Click to expand...
Click to collapse
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
thx.
PS. my version is 4.1 but I'll see what I can do about Appops.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
oy-ster said:
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
PS. my version is 4.1 but I'll see what I can do about Appops.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
Click to expand...
Click to collapse
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
I forgot to mention. 4.3 I'm running is on the 4.1.2 bootloader, completely avoiding lopsided knox security. I hope I didn't appear to recommend the OTA update. That's a personal choice.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
pc103 said:
Quote:
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
Click to expand...
Click to collapse
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
pc103 said:
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
Click to expand...
Click to collapse
Oh. Got it.
Anyway, Thank you!!!
oy-ster said:
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
...Anyway, Thank you!!!
Click to expand...
Click to collapse
You're welcome. To be fair, most times I've seen postings by people who background checked code it was in rom threads, or over root exploits or security apps. In most other cases due diligence is our best defense.
Feedback please on my app installation SOP....
Hey folks...I was referred to post this here instead:
http://forum.xda-developers.com/general/xda-assist/opinions-app-installation-sop-t3184925
I would very much appreciate any and all feedback on what I am doing as outlined in that post.
cheers and TIA to all,
-les
EDIT: Actually, it may be easier for me to simply copy and paste the text from that post so here you go. Again, thanks!
Begin post copy--->
Hello all...hope this is posted in the right place.
I am looking for some knowledgeable opinions on my personal SOP when installing apps [mostly referring to games] on my Android devices. I am a corporate technology manager with 20+ years experience but am quite new [and a relative noob] when it comes to the Android infrastructure.
XDA appears to be the best, most well-informed Android site around so...
Basics: 3 Android devices [1 smartphone, 2 WiFi tablets], all rooted, all running at least 4.4.2, all running AFWall+ and Titanium Backup [paid] and all with most factory bloatware safely frozen.
Question:
Am I wasting my time [or possibly doing something wrong] by doing the following procedure for each app [again, largely referring to games] that I install and decide to keep for a while on my devices?
1. AFWall+ to deny network connectivity for those games that do not explicitly require a constant connection [exceptions like Angry Birds Epic, AB2 and such];
2. App2SD [unpaid version] to move to external SD card each game that can be moved;
3. Gemini App Manager [unpaid version] to view and disable all autostart permissions found;
4. SDMaid [unpaid version] to double-check and disable any further autostart permissions found;
5. Autorun Manager [unpaid version] to review the 4 available autostart permission categories and then disable games as needed;
The above SOP is my own effort to try to and wrest a bit more control over my devices as well as to try and keep things as clean as possible and to maximize the amount of always available system resources as much as possible.
All my devices [and games] appear to be running flawlessly and with no issues at all that I can detect.
So, bottom line:
- Am I doing a good thing here?
OR
- Am I wasting my time [though only a few mins for each app]?
And finally, is there a BETTER way I can achieve the same things...a smarter process?
cheers and a very big TIA,
-les
33 views and not a single reply?
What is it? My breath?
TL,DR: the possibility to control permissions in apps are one of the most important advantages of rooting (in my opinion).
Seeing that App Settings is somewhat being underestimated, let’s talk about the powerful permission manager that it has.
I think that permission management alone is one of the most important things of rooting. The possibility to control what permissions grant to apps, besides what Google wants you to be able to control in Android, is absolutely critical for a power user.
Let’s see some examples. Right now everything is “free” because telemetry and you being “the product” for companies... You can be OK with that if you want to. But where did you accept that EVERYTHING in your cell phone should have ads? I don’t remember accepting that... Well, thanks to rooting + AdAway + some browsers and user permission management, you can have a ad-free cell phone (really) and with more battery life, less background internet usage and faster because you can stop every app for syncing constantly because of ads...
There was a time when almost the only app that could do effectively permissions management for rooted cellphones was Stericson’s “Permissions Denied”. The problem was that you needed to restart your Android System everytime you changed permissions, and in later Android and the app versions it was being less stable and effective.
With the great xPosed everything changed. Now you have some modules that took over that advantage. Some of them are: xPrivacy, Permissions Master, and App Settings.
In my humble opinion, xPrivacy works as a some sort of “permissions firewall”. It has deep control of some aspects, but at the cost of too many things to pay attention to, and resources of the system.
The approach of Permissions Denied / Permissions Master and App Settings is that them work similar of controlling permissions as if you control some Internet connections in Windows systems with the “hosts file”.
You can select from available permissions and, for example, control and deny Internet access completely to an app. Android permissions management won’t allow you to stop an app from connecting to Internet altogether, because of ads.
If some “ruler app” for example, claims that is “free” and “ad free”, whatever reason... Why should it connect to Internet, have access to your contacts, etc.? Let’s imagine that you still want to use that app, but you don’t want it to connect to Internet. Solution? App Settings!!!
And the advantage of App Settings is that it works in real time. If you change some permission for an app and it stop working, you can reverse that, and it works almost instantly. Permissions Master is similar, but some changes won’t stick denying permissions to apps.
I simply can’t believe that the rooting community, with XDA being one of the greatest forums about Android tuning, is letting App Settings fade away.
So, consider this just a reminder that being able to control fast, and effectively ALL the permissions that apps use in your Android System is one big advantage that deserves to not disappear, if we still care for rooting and user controlling what the apps in your system are doing.
One last thing, another example of permissions to control in your Android are: what apps should start after booting, what apps should keep working in the background, which ones should access your contacts... etc.
With App Settings you can control all that and more, in a fast, effective and easy way. I love Firefox, but I don’t want it to start while Android boots, or be able to access my camera (I don’t use Firefox for any camera related thing), etc.
You can’t do that at the same level with Android permissions management. It just let you control stuff that won’t go against ad industry. It’s understandable, but Google won’t be harmed by the minority of us that just want to be able to control which apps should connect to Internet and which ones shouldn’t...
I would love to contribute to Apps Settings development, but sadly coding isn't one of my capabilities. This thread wasn't intended to explain to the great and brilliant community of XDA what App Settings do (you already know), it just a general description for everyone and try to keep the user permissions management in spotlight.
If you reached here, thank you for reading!
Sorry for my english, it’s not my native language.
First off, I hope I'm posting this in the correct area
This may be a fantasy, but I will state my idea, and if you know any way of making it a reality, OR if it already exists, I would really appreciate your advice & help!
The idea is basically a super lightweight custom ROM that would work (be able to be flashed on) on a lot of different devices. (multiple android phones & tablets)
Preferably, I want it to run on the most stable version of Android
No play store, only a predetermined set of apps to be installed along with the ROM
No stock browser or any native apps that have a browser built-in
Basically, there are a few applications for this product, 2 that come to mind.
The most obvious, Kid friendly - I know about the parental controls available, I want something 'bulletproof'.
To ensure productivity and reduce distractions among employees.
I would also want a browser that is whitelist-based that can have the whitelist updated remotely, every time the browser connects to the internet, (either on startup of the app or in the background) it would check the whitelist and update itself with the new definitions. Ideally, I would want a Chrome-based browser with a built-in adblocker.
I know the lines are blurred from custom ROM to custom apps. I hope I'm not dreaming of a unicorn
(The native apps preferred would be The Camera, Messages and phone apps)
I think what you looking for is "Kids Space" from oxygenOs and colorOs 13. Now even I'm looking for the same for older oneplus devices.
You had any luck with it?