Better Mobile App

[Q] Permissions manager?

Some apps ask for more permissions than I want to give them.
With DroidWall I can take internet permissions away from individual apps, which is great for all those app that demand internet access even though they work fine without it. But what if I want to remove other permissions, such as access to my location or my contacts?
There is a manual way to edit unwanted permissions out of .apk files, but this method is not meant for human consumption.
Q: Is there an app that lets me allow/deny permissions per app?

It is not possible and is a very bad idea to do by modifying the APK.
I agree it'd be cool if Android was implemented to allow optional permissions. I hate adding permissions to my apps because I know some users don't want to give them. But Android is not designed this way.
Here's how I and just about every other developer would do something like make use of the READ_PHONE_STATE permissions to read your IMEI:
Code:
TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
String deviceId = tm.getDeviceId();
Without the READ_PHONE_STATE permission, the above could would do this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
It's possible for developers to write their code to handle not having a permission they expect to have:
Code:
String deviceId;
try { TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
deviceId = tm.getDeviceId();
} catch (SecurityException ex) {
deviceId = "1234";
}
However no app dev does this. And unless a future version of Android itself were to allow this, it's unlikely app devs would take the time to test and update their apps to gracefully degrade when the user has used some hacky method to restrict the app. (I wouldn't. I have to do enough testing already just supporting all the manufacture skins and custom roms.)
If you question a permission you should ask the dev. And if you don't like the answer, or don't trust the dev, you should avoid the app.
(DroidWall doesn't remove the INTERNET permission, it just firewalls off the app from using the internet. Looks like a network connection issue to the app, which already has to be handle gracefully.)

DroidWall tells the apps it blocks that there is no live internet connection, even though the connection is alive and kicking for every other app. AdBlock works in a similar way: it doesn't deny apps from calling their banner farm, it just keeps it out of reach by redirecting the request to 127.0.0.1.
There are many ways to make apps believe they've got permissions that they don't really have.
For example, a permissions manager could spoof an empty contacts list for apps that want to read your phone book. Apps that want to know where you are for no good reason would only have to be fed some random coordinates instead of getting your real location.
Maybe Android was not designed that way, but one of the advantages of an open system is that you can make it do things beyond the original specs. If we root our phones and install custom ROMs to get rid of unwanted bloatware, why not apply similar techniques to get rid of unwanted app permissions?
Of course you could simply avoid apps that ask for too many permissions (but only if suitable alternative apps are available), but such a sledgehammer approach wouldn't be necessary with a permissions manager that gives you more subtle tools to tame your apps. This way you can have the best of both worlds: remove undesired permissions without throwing out the entire app.

It's been done in the lab, hopefully they release source. The paper is a pretty good read, and not overly verbose.
Can't post links, don't want to spam 8 posts for it, so Google for "Taming Information-Stealing Smartphone Applications". The paper is from NCSU.

Exactly what I'm looking for. Let's hope it hits the market soon!
The long version (in pdf format): http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf
The short version: http://insciences.org/article.php?article_id=10052
Even shorter: http://apps.findingthis.com/utilities/android/taming-information-stealing-smartphone-applications/
Screenshot:

Permissions manager for rooted phones from the author of Busybox: Permissions Denied.

Unfortunately, it looks like Permissions Denied actually denies permissions rather than spoofing them, so I would expect most apps to crash as mentioned by kevin. The spoofing approach in the NCSU papers seems like the more robust approach unless and until Google implements optional permissions, at which point app developers would hopefully start adding graceful permission exception handlers.
Sent from my Dinc via XDA app.

This is really the worst "feature" of Android. Someone should fix it really fast even creating a "shadow" distro with patched permission manager (if it cannot be done as an add-on).
Is anything new in this topic around?

Please use the Q&A Forum for questions Thanks
Moving to Q&A

rogier666 said:
Some apps ask for more permissions than I want to give them.
Q: Is there an app that lets me allow/deny permissions per app?
Click to expand...
Click to collapse
Did they ever release the TISSA app? I can't find anything about the app since last April.

It doesn't matter anymore, 'cos now we have LBE, PDroid, and the built-in permissions manager of CyanogenMod.

i've been using lbe and it's been useful. it doesn't block every permission of an app but some things as internet (as droidwall), contacts, gps and sms/phone call it blocks. If you're looking for a real permission blocker, you may want to take a look at some cyanogen 7 rom. the app blocking is enabled on it, pretty handy for me.

Unfortunately LBE crashes my phone (black screen as soon as the background service starts) and Cyanogen Mod doesn't include this feature anymore. Are there any other permission manager apps? Since PDroid seams hard to setup.

white-gecko said:
Unfortunately LBE crashes my phone (black screen as soon as the background service starts) and Cyanogen Mod doesn't include this feature anymore. Are there any other permission manager apps? Since PDroid seams hard to setup.
Click to expand...
Click to collapse
There's a new app called LBE Security Manager, but it's Google-translated from chinese to english so it may be hard to use.
http://forum.xda-developers.com/showthread.php?t=1422479
Looks like the makers of LBE are focussing on their home market (population 1.35 billion) and ignoring the rest of the world.

Hi!
I have just got myself an android phone and I am lookign for a good permissions manager app - would be grateful for any solutions.
I've had a look at LBE, but it requires access to all your phone's functions!!! Seems silly to produce a security app that can MAKE CALLS and SEND MESSAGES from your phone!!
Are there any other alternatives for android JB?
Thank you!
PS I'm absolutely shocked by android's permissions policy - seems like a massive threat to me. maybe I'm paranoid =) I'd be grateful for any links to info about securing the phone.
Also I can't seem to set a root password but that's a different story 0_0

Mr.Chavez said:
Hi!
I have just got myself an android phone and I am lookign for a good permissions manager app - would be grateful for any solutions.
I've had a look at LBE, but it requires access to all your phone's functions!!! Seems silly to produce a security app that can MAKE CALLS and SEND MESSAGES from your phone!!
Are there any other alternatives for android JB?
Thank you!
PS I'm absolutely shocked by android's permissions policy - seems like a massive threat to me. maybe I'm paranoid =) I'd be grateful for any links to info about securing the phone.
Also I can't seem to set a root password but that's a different story 0_0
Click to expand...
Click to collapse
With the way Android is set up all permissions managers need a truckload of permissions to do their job. Once you give your security app root access the other permissions don't matter anymore. Whether it's LBE, Permissions Denied, or the built-in permissions manager of CyanogenMod makes no difference. Once you give 'em root access they can do whatever they want.

rogier666 said:
With the way Android is set up all permissions managers need a truckload of permissions to do their job. Once you give your security app root access the other permissions don't matter anymore. Whether it's LBE, Permissions Denied, or the built-in permissions manager of CyanogenMod makes no difference. Once you give 'em root access they can do whatever they want.
Click to expand...
Click to collapse
Thank you.
Can LBE from XDA be trusted?..
In my understanding Google does not provide any guarantees on apps downloaded from Google Play store (i.e. i've been warned about permissions when installing an app so it's at my own risk - is that right?
What is the general public view on android security then? Is it better to let one app take over the phone (eg lbe or permission denied)?
Thank you for helping an android newbie!

Mr.Chavez said:
Thank you.
Can LBE from XDA be trusted?..
In my understanding Google does not provide any guarantees on apps downloaded from Google Play store (i.e. i've been warned about permissions when installing an app so it's at my own risk - is that right?
What is the general public view on android security then? Is it better to let one app take over the phone (eg lbe or permission denied)?
Thank you for helping an android newbie!
Click to expand...
Click to collapse
I have used various versions of LBE without problems in the past (am not using it at the moment). You need to trust someone or something eventually.
Firewall can help.
ROM Toolbox has an advanced freeze option in app manager which can disable a number of intents, including start on boot, ad engines, analytics, etc. Of course, disabling things can at times have undesirable results but if you take notes of your changes they can easily be turned back on later.
---
Duct tape is like the force. It has a light side and a dark side and it holds the universe together. (via Tapatalk)

I've switched off everything in LBE Privacy Guard (Play Store version) that needs internet, blocked it with DroidWall (and later with AFWall+), and checked my router logs and packet sniffer. I never caught LBE going online when it wasn't supposed to.
PDroid is safe too, but very hard to build into your ROM.

How about permission managera under Android 4.3? No root needed...
Is it possible to unlock APP ops without an third party APP? Just editing some file? I have got root

[MOD] [XPOSED][v1.1.0]FrankerFaceZ - Custom User Emotes for Twitch.TV [4.4.2+]

This is a simple module that adds the framework of FrankerFaceZ to the Twitch.TV mobile Android app. This module is available to Android 4.4.2 users and up.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Install the App
Enabled it
Reboot
???
See FrankerFaceZ emotes
Profit
Package Name: com.stdsbot.ffz
Module Name: FrankerFaceZ
Version Name: 1.1.2
Version Code: 4
The app can be found on the Xposed Module Repo (Can't post the link until i have 10 posts :/)
Questions? Comments? Concerns? Bugs?
Post them here and I will see what I can do.​
Known Bugs
None
FAQ
You say you update an Emote or <insert X resource here>, but I don't see the change....
The way twitch caches images, you will need to clear the app cache through your settings.
*Please note, this is my first Xposed module, and as such, I expect things to go wrong sometimes.*
Change Log
1.0.0 - Initial Release
1.1.0 - Bug Fixes
Logging is a bit crazy... Sorry for log spam with chat messages. It is removed in the next release.
FrankerFaceZ donor badges not showing up for donors
XposedInstaller crashing on install due to lack of VersionName and VersionCode
Emotes not loading unless you click from the "Following" directory.
1.1.1 - Bug Fixes
Emotes not loading due to CSS change.
Changed FFZ Donor Badge look to match Web Look
1.1.2 - Bug Fixes
Fixed an issue where the regex was 1 character shorter causing a visual bug.

Oh, wow. Thanks for doing this! And thanks for putting up with our CSS, lol. Unfortunately I can't test this right now as all my android devices are on lollipop. BibleThump
We'll be getting an API that returns JSON soon(ish). Soon being when I finally finish the website. Also coming, high DPI emote support. If you need anything, just let me know! I don't know much about Java and nothing about android development, but I can help with server stuff at least.

@Stds_catchemall do you mean emoticons? Will this mod work with note 3 n9005?

HTML:
thahim said:
@Stds_catchemall do you mean emoticons? Will this mod work with note 3 n9005?
Click to expand...
Click to collapse
The mod should on any device that is 4.4.2. emulators were not working for me when I wrote this ,but that has been fixed.
As I am New to the android scene, I am not sure of the upward comparability of apis (ie. 4.4.2 to 5.0). My app does not modify system settings so worst thing you can do is install it, and if twitch crashes ,uninstall it to regain functionality.

Stds_catchemall said:
HTML:
The mod should on any device that is 4.4.2. emulators were not working for me when I wrote this ,but that has been fixed.
As I am New to the android scene, I am not sure of the upward comparability of apis (ie. 4.4.2 to 5.0). My app does not modify system settings so worst thing you can do is install it, and if twitch crashes ,uninstall it to regain functionality.
Click to expand...
Click to collapse
What does this mod do?

thahim said:
What does this mod do?
Click to expand...
Click to collapse
And i do mean emotes, but i mean other things as well. I am currently working on adding in an Emote button for users who do not know or are unable to remember emote names.
My post says exactly what it does. It adds the FrankerFaceZ Framework to Twitch Mobile. If you don't know what FrankerFaceZ is, Google it as i cannot link yet.

Did u add a version number to it? When I downloaded it before it kept crashing xposed because it didn't have version

freecore.mc said:
Did u add a version number to it? When I downloaded it before it kept crashing xposed because it didn't have version
Click to expand...
Click to collapse
It's currently Version 1 (Physical Version), 1.0.0 (Human Readable version)
I have people who have already downloaded and are using it so that sounds like an issue with your device and Xposed, not my app.
Update:
I am new to the Android Scene and was unaware i had to put a version name and code in the Android Manifest. That has been corrected and updated later today.

Is it possible to mod Twitch to play the audio despite having the screen off?

Cares said:
Is it possible to mod Twitch to play the audio despite having the screen off?
Click to expand...
Click to collapse
Possibly. I can look into something like that, however this would be in another app, as this app is meant to be for FrankerFaceZ. I may end up making it one whole project in the future however.

Stds_catchemall said:
This is a simple module that adds the framework of FrankerFaceZ to the Twitch.TV mobile Android app. This module is available to Android 4.4.2 users and up.
View attachment 3112568
Install the App
Enabled it
Reboot
???
See FrankerFaceZ emotes
Profit
Package Name: com.stdsbot.ffz
Module Name: FrankerFaceZ
Version Name: 1.1.0
Version Code: 2
The app can be found on the Xposed Module Repo (Can't post the link until i have 10 posts :/)
Questions? Comments? Concerns? Bugs?
Post them here and I will see what I can do.​
Known Bugs
None
FAQ
You say you update an Emote or <insert X resource here>, but I don't see the change....
The way twitch caches images, you will need to clear the app cache through your settings.
*Please note, this is my first Xposed module, and as such, I expect things to go wrong sometimes.*
Change Log
1.0.0 - Initial Release
1.1.0 - Bug Fixes
Logging is a bit crazy... Sorry for log spam with chat messages. It is removed in the next release.
FrankerFaceZ donor badges not showing up for donors
XposedInstaller crashing on install due to lack of VersionName and VersionCode
Emotes not loading unless you click from the "Following" directory.
1.1.1 - Bug Fixes
Emotes not loading due to CSS change.
Changed FFZ Donor Badge look to match Web Look
Click to expand...
Click to collapse
where is the download link?

thatonemusicalgamer said:
where is the download link?
Click to expand...
Click to collapse
First of all, let me start off by saying don't EVER quote the OP. If you have a question just post it, and I will get to it as soon as I can. No need for context.
Second, if you read the post i said,
Stds_catchemall said:
The app can be found on the Xposed Module Repo (Can't post the link until i have 10 posts :/)
Click to expand...
Click to collapse
I do not have 10 posts, therefore I cannot link it. Go to the Xposed Repo, and search for FrankerFaceZ, you will find it.

Hello!
I have a question: by "framework of FrankerFaceZ" you mean that little cowboy hat button that allows you to select an emote from a list, like the one that implements the add-on for web browsers? Because I installed your module and I did not see that... Could you please explain me that part? Thanks!

Hello, I just found this module and wondering if it's still being developed. I was unsuccessful in getting it to work on my Galaxy S III running 4.4.2

jimieo said:
Hello, I just found this module and wondering if it's still being developed. I was unsuccessful in getting it to work on my Galaxy S III running 4.4.2
Click to expand...
Click to collapse
It seems that the module is dead, either way.
I'm not a Java developer but I know that the following the things are true :
1. Twitch's app package name changed from com.twitch.android.viewer to com.twitch.android.app and therefore this module doesn't hook onto the current Twitch app.
2. The class/way the chatbox system is handled has been changed.
I've been trying to see if I could so something with @Stds_catchemall 's work but I've been unable to unfortunately yet, I want to work with source code and not the 'Smali God' method as people used to call it, but I'm unable at the moment to compile any closed app in Android Studio for the matter, while I can compile the apps they do not perform their functions (1.7 source, compiling with Android 4.0.4 SDK, also tried 4.4.2 SDK) and I cannot figure out why yet so I can't experiment, I have added the included Xposed Bridge API and even set as 'provided' but still no ball here so I'll be likely to post a thread sometime.
Either way, when I've played with the 'Smali' method I've only tried to change the package name, albeit it did result in the module being loaded but crashes when chatbox opens.
Even when I find that I will have set up Android Studio in the future, I will have to do a lot of experimentation for a huge amount in the source code is foreign to me.

That's a shame. I was so hopeful when I installed it. It would be really awesome to get FrankerFaceZ to work for android!
Any news on this at all? Anything in progress? Thanks.
Stds_catchemall said:
ping
Click to expand...
Click to collapse
sewer56lol said:
ping
Click to expand...
Click to collapse

usna said:
That's a shame. I was so hopeful when I installed it. It would be really awesome to get FrankerFaceZ to work for android!
Any news on this at all? Anything in progress? Thanks.
​
Click to expand...
Click to collapse
I have quit development on this as an app has been created which does the purpose of this application. Look up StrimgBagZ on the market

Stds_catchemall said:
I have quit development on this as an app has been created which does the purpose of this application. Look up StrimgBagZ on the market
Click to expand...
Click to collapse
Thanks! Why do they call it something that obscure? Makes it kind of hard to find unless you are already aware of it.

usna said:
Thanks! Why do they call it something that obscure? Makes it kind of hard to find unless you are already aware of it.
Click to expand...
Click to collapse
Seems it was answered ahead of time .
StrimbagZ now exists and implements a unique method of implementing FFZ to mobile.
Let's just say that it encapsulates the regular browser extension and draws a browser window on the bottom half of the screen while keeps the top half for the stream .
Due to the design, the normal PC interface of the extension in fact looks pretty good on mobile in fact the original FFZ dev helped a bit towards this app as he hid options that are redundant if the client is detected (e.g. Stream delay under stream).
I gave the dev a lot of praise and I still do - the way he scales the browser window for chat... Well... I couldn't break it since original release.
(Oh and I was also 2nd to download it on the Play Store ).
As for integrating it back to the Twitch app... Well, the code of the Twitch app - let's say got a bit obfuscated. Being Java the language originally used was beyond my knowledge and our dev here also struggled a bit with regards to how (I want to say obfuscated) the code of the app's chat because following changes back at the time it broke - it probably would have taken either too much trial and improvement (which takes time) to pull off or the source code.
Sent from my ONE A2003 using Tapatalk

[CLOSED][APP][XPOSED][6.0+] Use Xposed without developing a module

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
XPrivacyLua custom hook definitions
By using XPrivacyLua you can define Xposed hooks and apply them to any app at run time (so, rebooting your device is not necessary). You can write hook code on your device in Lua, which is quite easy to learn.
See the documentation about how to define hooks.
Although XPrivacyLua has 'privacy' in its name, new hooks don't need to be privacy related at all. Disabling the built in privacy related hooks is a matter of selecting another collection of hooks.
This XDA thread is meant to discuss defining hooks, with the restriction that hook definitions must serve a legally allowed purpose. This XDA thread is not meant to make you a developer, so at least some development experience is expected, which means that you'll need to be able to figure out where to hook yourself and that you'll need to be able to write Lua scripts yourself.
XDA:DevDB Information
XPrivacyLua hook definitions, Xposed for all devices (see above for details)
Contributors
M66B
Xposed Package Name:
Version Information
Status: Beta
Created 2018-01-28
Last Updated 2018-04-01

Could there be a generic "always return true" lua script?
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Well, I'm trying but I'm lost. Just trying to setAnalyticsCollectionEnabled
https://firebase.google.com/support/guides/disable-analytics
Code:
public void setAnalyticsCollectionEnabled (boolean enabled) = false
supposedly disables Firebase Analytics (which apparently 67% of the top 200 apps use).
My definition looks like
Collection: privacy
Group: firebase
Name: firebase.analytics
author: whatever
class: com.google.firebase.analytics
method:setAnalyticsCollectionEnabled
parameter type: void
return type: boolean
min/max sdk: 1/999
lua script: @generic_false_value I suppose I can use this?
Even if this looks valid, it feels like maybe this wouldn't fire unless certain other things happen first? Looking at your hooks.json for google analytics it looks like you had to maybe set a chain of events to occur to get to the point of controlling the method you intend to make changes?

jawz101 said:
Could there be a generic "always return true" lua script?
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Well, I'm trying but I'm lost. Just trying to setAnalyticsCollectionEnabled
https://firebase.google.com/support/guides/disable-analytics
Code:
public void setAnalyticsCollectionEnabled (boolean enabled) = false
supposedly disables Firebase Analytics (which apparently 67% of the top 200 apps use).
My definition looks like
Collection: privacy
Group: firebase
Name: firebase.analytics
author: whatever
class: com.google.firebase.analytics
method:setAnalyticsCollectionEnabled
parameter type: void
return type: boolean
min/max sdk: 1/999
lua script: @generic_false_value I suppose I can use this?
Even if this looks valid, it feels like maybe this wouldn't fire unless certain other things happen first? Looking at your hooks.json for google analytics it looks like you had to maybe set a chain of events to occur to get to the point of controlling the method you intend to make changes?
Click to expand...
Click to collapse
The built-in scripts are not meant for general use because they might change over time breaking stuff that depends on them. Therefore imported definitions are not linked against the built-in scripts. If needed, you can simply copy and paste the Lua script from another (built in) definition. Copying guarantees your definition will keep working, even when the built-in scripts are changed or even removed.
Calling setAnalyticsCollectionEnabled requires access to an instance of FirebaseAnalytics, which apps needs to get by calling getInstance. So, hook getInstance to call setAnalyticsCollectionEnabled(false) and hook setAnalyticsCollectionEnabled to prevent an app from turning analytics on again.
Restricting Google Analytics (available in the next release of XPrivacyLua) works similar:
https://github.com/M66B/XPrivacyLua/blob/master/app/src/main/assets/ga_getinstance.lua
https://github.com/M66B/XPrivacyLua/blob/master/app/src/main/assets/ga_setdryrun.lua
You can also wait until I have added this ...

But firebase isn't necessarily the same thing, right?

jawz101 said:
But firebase isn't necessarily the same thing, right?
Click to expand...
Click to collapse
No, Google Analytics and Firebase Analytics are not the same and need different definitions.

Restricting Firebase Analytics works properly with these hook definitions:
https://github.com/M66B/XPrivacyLua/commit/1708fc6e4a15cef85cb973f5c08286d90d3ca806

jawz101 said:
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Click to expand...
Click to collapse
With the latest version of XPrivacyLua / companion app you can change the collection of hooks to use in XPrivacyLua. The default is to use the collection 'Privacy'. You can define your own collection by definition hooks with a new collection name. There can only be one collection active at one time, so if you want to add your own definitions to the built-in privacy collection you'll have to use the collection 'Privacy'. Basically collections exists to allow using XPrivacyLua for things other than privacy.
Groups are listed in the XPrivacyLua app and make it easy to apply a group of hooks to one or more apps. XPrivacyLua cannot and will not handle applying individual hooks to keep things simple, but I might add this to the pro companion app in the near feature. For now you can rename a group of an existing hook definition to be able to apply it separately in XPrivacyLua.
Edit: this has been clarified in the documentation too now: https://github.com/M66B/XPrivacyLua/blob/master/DEFINE.md

I still have some questions on when,where,how etc.... but I will wait until I can dedicate more time to playing with this.
I do have a feature request.
could there be a sort of drop down box that queries all valid entries for each item when creating a custom definition.
for example...
when creating a custom definition, when taping on the line for group, you would just type a new group (as it is now) but if there was a drop down arrow at the end of the line that could give a list of currently used groups and then the user could just click the listed group instead of typing and it would auto-fill that field.
maybe even more useful would be for the other items like Name,Class, Method etc...
where it could show possible entries. That would help a lot.

... I turned on notifications for your new Firebase rules. I would think a bunch of apps I have use Firebase Analytics. @M66B Have you seen any apps trigger it yet?
Even if the app imported Firebase Analytics library and gathers Firebase Analytics but never uses the setAnalyticsCollectionEnabled() method in its own code would it mean this hook will never trigger?
With the latest version of XPrivacyLua / companion app you can change the collection of hooks to use in XPrivacyLua. The default is to use the collection 'Privacy'. You can define your own collection by definition hooks with a new collection name. There can only be one collection active at one time, so if you want to add your own definitions to the built-in privacy collection you'll have to use the collection 'Privacy'. Basically collections exists to allow using XPrivacyLua for things other than privacy.
Click to expand...
Click to collapse
Thanks:highfive:.
This is just a suggestion but if this was my app I would break these 2 elements out to separate screens from the definition builder. You would define collections and groups in a separate spot, and then when building rules the collections and groups would pull in as a selectable dropdown. Avoids typos and helps to explain how there can be only one active collection for XPrivacyLua.

mnjm9b said:
I still have some questions on when,where,how etc.... but I will wait until I can dedicate more time to playing with this.
I do have a feature request.
could there be a sort of drop down box that queries all valid entries for each item when creating a custom definition.
for example...
when creating a custom definition, when taping on the line for group, you would just type a new group (as it is now) but if there was a drop down arrow at the end of the line that could give a list of currently used groups and then the user could just click the listed group instead of typing and it would auto-fill that field.
maybe even more useful would be for the other items like Name,Class, Method etc...
where it could show possible entries. That would help a lot.
Click to expand...
Click to collapse
I will see what I can do for collection and group, but all the other fields are flexible and depend on the hook.

jawz101 said:
... I turned on notifications for your new Firebase rules. I would think a bunch of apps I have use Firebase Analytics. @M66B Have you seen any apps trigger it yet?
Even if the app imported Firebase Analytics library and gathers Firebase Analytics but never uses the setAnalyticsCollectionEnabled() method in its own code would it mean this hook will never trigger?
Click to expand...
Click to collapse
An app will normally not disable/enable analytics given the default is enabled and the user has mostly no choice in this. So see this hook as a safeguard to prevent an app enabling analytics again after we disabled it in another hook

M66B said:
An app will normally not disable/enable analytics given the default is enabled and the user has mostly no choice in this. So see this hook as a safeguard to prevent an app enabling analytics again after we disabled it in another hook
Click to expand...
Click to collapse
Would there be a way to introduce the app to calling it? Or maybe that's what you're implying. Also, have you noticed that system and google apps seem to gray out the read identifiers permission? Ex: set read identifiers as restricted on Android Webview or Google Photos/Maps/Google TTS. Turns pink Get out of XPrivacyLua and open it again. Read Identifiers is gray. (I'm on LineageOS if that matters)

jawz101 said:
Would there be a way to introduce the app to calling it? Or maybe that's what you're implying. Also, have you noticed that system and google apps seem to gray out the read identifiers permission? Ex: set read identifiers as restricted on Android Webview or Google Photos/Maps/Google TTS. Turns pink Get out of XPrivacyLua and open it again. Read Identifiers is gray. (I'm on LineageOS if that matters)
Click to expand...
Click to collapse
Normally an apps doesn't call the function. Maybe if the user can choose to opt in or opt out, but this is rarely the case.
The other thing should go into the XPrivacyLua XDA thread, but I will look into it anyway.

M66B said:
I will see what I can do for collection and group, but all the other fields are flexible and depend on the hook.
Click to expand...
Click to collapse
Thanks, That's a good start.
Maybe if the "PRO" app takes off enough for you to bother you could charge extra for the expanded feature of having the drop lists change depending on the choices made?
I did have a moment to look over a definition I was playing with for "TIME"
it serves no real purpose so I gave up early but if I could get a better understanding on why it doesn't work it could help with actual ones.
using the FINGERPRINT example I made several other entries that all worked fine but this one caused issue.
I assumed it was because according to https://developer.android.com/reference/android/os/Build.html the type for TIME wasn't "String" but "Long"
this is the last one I tried...
Code:
{
"collection": "Privacy",
"group": "Read.Device",
"name": "Build.TIME",
"author": "M66B",
"className": "android.os.Build",
"methodName": "#TIME",
"parameterTypes": [],
"returnType": "long",
"minSdk": 1,
"maxSdk": 999,
"enabled": true,
"optional": false,
"usage": true,
"notify": false,
"luaScript": "function after(hook, param)\n param:setResult("unknown")\n return true\nend\n"
}
I was also playing with "SUPPORTED_ABIS" which also didn't work and the type was "Sting []" instead of just "String" so I was thinking that was the problem also.

@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now

Namnodorel said:
@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now
Click to expand...
Click to collapse
You are 100% right.
Returning a string array is not trivial. Look at 'generic_empty_string_array.lua' about how to do this.

Namnodorel said:
@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now
Click to expand...
Click to collapse
so in my example the returnType instead of "long" should be a number like 0 without quotes?
I tried that and it still doesn't work.
---------- Post added at 08:55 PM ---------- Previous post was at 08:54 PM ----------
M66B said:
You are 100% right.
Returning a string array is not trivial. Look at 'generic_empty_string_array.lua' about how to do this.
Click to expand...
Click to collapse
thanks for this, I guess I am in WAY over my head.

mnjm9b said:
so in my example the returnType instead of "long" should be a number like 0 without quotes?
I tried that and it still doesn't work.
Click to expand...
Click to collapse
No. the return type was correct. That specifies what type of object you are expected to return. What you need to change is what you then actually return, which is
Code:
param:setResult("unknown")
to
Code:
param:setResult(12345678)

@M66B
Thank you for your work, if i understand right, you provide us an programmable interface that will execute command lines written in Lua language without having to create a complete module in JAVA for XPosed?
From what i understood in your initial post, you indicate that we must install your module "XPrivacyLua", then that one disposes there after of the possibility to apply for the applications which one wishes, lines of codes written in Lua language and which do not necessarily have to relate to the logic of rights of access concerning privacy?
If yes then we must necessarily install XPrivacyLua even if in view of all your work provided on it the basic functions do not interest me forcibly?
All this seems to be promising however :good:

Rom said:
@M66B
Thank you for your work, if i understand right, you provide us an programmable interface that will execute command lines written in Lua language without having to create a complete module in JAVA for XPosed?
Click to expand...
Click to collapse
Yes.
Rom said:
From what i understood in your initial post, you indicate that we must install your module "XPrivacyLua", then that one disposes there after of the possibility to apply for the applications which one wishes, lines of codes written in Lua language and which do not necessarily have to relate to the logic of rights of access concerning privacy?
Click to expand...
Click to collapse
Yes.
Rom said:
If yes then we must necessarily install XPrivacyLua even if in view of all your work provided on it the basic functions do not interest me forcibly?
All this seems to be promising however :good:
Click to expand...
Click to collapse
You'll need XPrivacyLua to install and run defined Xposed hooks written in Lua, but you don't need to use the built in privacy related hooks.
The companion app allows you to switch to another collection of hooks you've written, in effect disabling the built-in privacy related hooks.
Try it and I will help you when needed and in the process I will update the documentation where needed.

How does the app „Jodel" identify my device?

i recently bought a used device and when i tried to create a new jodel account, the app said i was perm banned. How come? Since i have root acces, i tried to change my device id / spoof my mc adress. But im still banned. So, how does jodel identify my device?
jodel: https://play.google.com/store/apps/details?id=com.tellm.android.app&hl=de&gl=US
thanks in advance

IMO you have to investigate app's source code to find it out.

dont know how. pls help

You use an APK de-compiler. Some online de-compilers exist but do only handle APKs < 50 MB hence not useable in your case.
More info here:
48 Best APK Decompilers 2023 (Ranked and Reviewed) - Edopedia
As a programmer, we frequently come across interesting apps and games on the Play Store. And we wish that there would be some magical software that can
www.edopedia.com

i dont know how to use that. i just need to know, how jodel identifiys my device.

whre does it say what data they use to identify my device

@anonuser14 Here you find a review of Jodel written in German. As you're obviously using Jodel, I assume you speak German otherwise please use a machine translator. I'm convinced you'll find the answers to your questions about the absolutely privacy related desaster application.

yes, im german. first thing i did was reading the privacy note from jodel and i even asked the support. all they said was, they use my devide id, which is obvisly not the whole truth. im not a developer or something, all i know is how to flash a rom & root a device. so, all i need is an expert looking into this case and helping me. ( I attached the anwers from jodel)

If you're rooted and using Xposed (in whatever version) I suggest to spoof your device ID with XPrivacy Lua by @M66B like I do.
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com

so what now?

A Jodel account is tied to Device ID of phone it 1st time was installed on. Hence you can't use Jodel on another phone.
Also Jodel doesn't allow you to create multiple accounts, as you tried to do.

like i said, i bought a used phone, i did not try to create multiple accounts, and most important, its not tied to the device id, at least not tied to just the device id. i tried reinstalling the app, used privicy lua, changed the phone id, but jodel still can identify my device.
how?

what if i pay 10$ for giving me a solution?

pls help

anonuser14 said:
what if i pay 10$ for giving me a solution?
Click to expand...
Click to collapse
In Germany, the legal minimum wage per hour is currently 9.60€ ( 11.35$ ).

jwoegerbauer said:
In Germany, the legal minimum wage per hour is currently 9.60€ ( 11.35$ ).
Click to expand...
Click to collapse
so, can u help me?

Could but don't want to because it requires to install some GBs of apps on PC what are only needed once.

just tell me how, and ill try.
until now, nobody seems to know, how jodel identifies a device

@anonuser14 As far as I remember, Mike Kuketz has briefly reviewed that app about two years ago. Here's a shortened quotation of his conclusion (German-English translation by https://www.deepl.com:
Yodel is a good example of how just starting an app is enough to get an impression of how privacy-friendly it is. My impression: miserable.
At least the information in the privacy policy is relatively transparent - privacy-sensitive users will therefore probably not use Yodel.
Click to expand...
Click to collapse
If interested consider to search the web for that post.

Oswald Boelcke said:
@anonuser14 As far as I remember, Mike Kuketz has briefly reviewed that app about two years ago. Here's a shortened quotation of his conclusion (German-English translation by https://www.deepl.com:
If interested consider to search the web for that post.
Click to expand...
Click to collapse
jodel had severel updates. 2yo article are not valide anymore.
how does jodel identify a device?

[Discussion][LSPOSED][Unofficial] XPrivacyLua - Android privacy manager

Since M66B decided to discontinue support for XPrivacyLua and the official thread was closed I'm starting this unofficial thread to continue discussing the module.
It currently works up to android 13 with LSPosed.
Source code can be found at the author's github https://github.com/M66B/XPrivacyLua
FAQ https://github.com/M66B/XPrivacyLua/blob/master/FAQ.md
Please read the original thread as it contains a lot of useful information https://forum.xda-developers.com/t/...-android-privacy-manager-unsupported.3730663/
Disclaimer: I am not the developer of the module. I'm a long time user of XPrivacy/XPrivacyLua who wants to keep using it on future android versions. All credits for this module go to the developer and the people who made the custom hooks.

Best module to date
Thank you for creating new thread for XPL user.

is there a trick to get new apps automatically checked on lsposed? Otherwise, the option that new apps take all rights during installation does not work.

Conan179 said:
is there a trick to get new apps automatically checked on lsposed? Otherwise, the option that new apps take all rights during installation does not work.
Click to expand...
Click to collapse
Not with LSPosed but according to this post you can do it with tasker. I think there's also an LSPosed fork that does it too.
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com

mythos_ said:
I think there's also an LSPosed fork that does it too.
Click to expand...
Click to collapse
There is, it's this LSPosed_mod.
I still haven't tried it myself though.

heinhuiz said:
There is, it's this LSPosed_mod.
I still haven't tried it myself though.
Click to expand...
Click to collapse
Yes, since v1.8.5 according the mod changelog:
now user can choose if set automatic add new installed packages to module
fix add column automatic_add when exist
Click to expand...
Click to collapse

@Oswald Boelcke the thread is about XPrivacyLua or about LSPosed ?
Lol

VD171 said:
@Oswald Boelcke the thread is about XPrivacyLua or about LSPosed ?
Lol
Click to expand...
Click to collapse
Hello and good morning, @VD171
I guess you need to address the OP @mythos_ with this question but as far as I understand it's about the Xposed module XPrivacyLua by @M66B and not about LSPosed. If my assumption is correct it's on the OP to decide if LSPosed related questions and contributions are off-topic (OT) or not. A moderator will never get involved to that unless a threadowner (and only the owner) reports something as OT.
Regards
Oswald Boelcke
Senior Moderator

The main focus should be on XPL but since LSPosed is needed to run XPL, I see nothing wrong with discussing it here.
QoL things like how to auto-add new apps to LSPosed are fine. Of course if people want a more in depth discussion (e.g. bugs, new features, etc.) they should post in the LSPosed threads as the developers don't read this.

VD171 said:
@Oswald Boelcke the thread is about XPrivacyLua or about LSPosed ?
Lol
Click to expand...
Click to collapse
Really? Wow...smh

exist an active fork of this app ?

xerves78 said:
exist an active fork of this app ?
Click to expand...
Click to collapse
According to github there is a whole bunch of people who forked it in the past month. How active they will be in the future and (more importantly) how much you can trust them is another issue.

when this project was abandoned by m66b did he opensource the "pro" app?
and is the code available now for free to be built from source?
or is there a link to the last version?
i hope someone keeps working on this, as privacy is more and more important the more stuff is kept on our phones.

nutzfreelance said:
when this project was abandoned by m66b did he opensource the "pro" app?
and is the code available now for free to be built from source?
or is there a link to the last version?
i hope someone keeps working on this, as privacy is more and more important the more stuff is kept on our phones.
Click to expand...
Click to collapse
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com
(...) The pro companion app won't be open-sourced. If somebody wants to continue the project, (s)he can prove being a worthy developer by developing a new pro companion app, which can be done in at most a few days. As already offered, another developer can ask for the source code after a significant contribution to the source code as well.
Click to expand...
Click to collapse

I've already reported to @M66B about "MEW wallet" app which can't be restricted (tested on A10) to access camera (not sure is it was photo or video - app is handling QR codes) at https://forum.xda-developers.com/t/...acy-manager-unsupported.3730663/post-87416749.
Now I've installed LineageOS 20 (A13) and noticed default Camera app (which is new "Aperture" Lineage app) also can't be restricted to BOTH video and photo (but microphone restriction works okay and result in recording video without sound).
Looks like there are some new API to be restricted… so, @M66B, maybe you can update XPrivacyLua a bit to fix this? Or at least give some hint for someone who might wanna fork it?

mythos_ said:
Not with LSPosed but according to this post you can do it with tasker. I think there's also an LSPosed fork that does it too.
[CLOSED][APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager [UNSUPPORTED]
XPrivacyLua Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy). Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data...
forum.xda-developers.com
Click to expand...
Click to collapse
I've checked both Tasker methods to update LSPosed.
First one (UI automation) didn't work because there are no "LSPosed Manager" app (it's now started only as a widget, and I don't found a way in Tasker to start widget), so this unlikely can be fixed at all.
Second one (database editing) might work… but to me it looks unsafe: each time new app is installed it does kill `lspd` (LSPosed daemon, I suppose) after editing database for 1 second and then restarts it. I think this might result in allowing app apps to bypass XPrivacyLua restictions within that 1 second. No idea how to test this.
Also I've tried to replace original LSPosed with modified version https://github.com/mywalkb/LSPosed_mod - it works like a charm: installed as drop-in replacement over original one, keeps all configuration of original one after reboot and provide new UI to automatically add new apps to XPrivacyLua module! To me it looks like main and only actual way to continue using XPrivacyLua for now.

mythos_ said:
The main focus should be on XPL but since LSPosed is needed to run XPL, I see nothing wrong with discussing it here.
QoL things like how to auto-add new apps to LSPosed are fine. Of course if people want a more in depth discussion (e.g. bugs, new features, etc.) they should post in the LSPosed threads as the developers don't read this.
Click to expand...
Click to collapse
You might want to add that info to the OP of this thread in order to avoid any further confusion in the future
Cheers

powerman.asdf said:
I've already reported to @M66B about "MEW wallet" app which can't be restricted (tested on A10) to access camera (not sure is it was photo or video - app is handling QR codes) at https://forum.xda-developers.com/t/...acy-manager-unsupported.3730663/post-87416749.
Now I've installed LineageOS 20 (A13) and noticed default Camera app (which is new "Aperture" Lineage app) also can't be restricted to BOTH video and photo (but microphone restriction works okay and result in recording video without sound).
Looks like there are some new API to be restricted… so, @M66B, maybe you can update XPrivacyLua a bit to fix this? Or at least give some hint for someone who might wanna fork it?
Click to expand...
Click to collapse
@M66B won't care with that.
You should do what you want by yourself or wait and hope to someone else release that.

powerman.asdf said:
I've checked both Tasker methods to update LSPosed.
First one (UI automation) didn't work because there are no "LSPosed Manager" app (it's now started only as a widget, and I don't found a way in Tasker to start widget), so this unlikely can be fixed at all.
Second one (database editing) might work… but to me it looks unsafe: each time new app is installed it does kill `lspd` (LSPosed daemon, I suppose) after editing database for 1 second and then restarts it. I think this might result in allowing app apps to bypass XPrivacyLua restictions within that 1 second. No idea how to test this.
Also I've tried to replace original LSPosed with modified version https://github.com/mywalkb/LSPosed_mod - it works like a charm: installed as drop-in replacement over original one, keeps all configuration of original one after reboot and provide new UI to automatically add new apps to XPrivacyLua module! To me it looks like main and only actual way to continue using XPrivacyLua for now.
Click to expand...
Click to collapse
"auto-add" is a waste of time.
LSPosed is developed for avoiding something like "all-add" or "auto-add".
Since you are talking about something that is contrary to the official release, LSPosed developers will never read and care to the thread.

mythos_ said:
According to github there is a whole bunch of people who forked it in the past month. How active they will be in the future and (more importantly) how much you can trust them is another issue.
Click to expand...
Click to collapse
how / where can i find the forks on github ?