Have any of you app developers faced this situation: You have an app that needs to download data from the Internet, but don't want to add the Internet permission to your application, because it may deter some users from installing the app. Moreover, the data may be large and may need to be saved to the SD card, which requires yet another permission. You also need to ensure that a network is available currently, which means more permissions (WiFi state, etc).
Here's my proposed solution: A URL fetch service
This will be a simple app which accepts URL fetch requests from other applications and fetches them (HTTP GET) from the internet as a background service. Upon completion, the data can be returned to the application as a byte stream.
Since this is based on a callback, the network need not be currently available. The service will (optionally) queue the request and fetch whenever a network is available.
Another useful feature would be avoiding duplicate requests. For example, an app may want to fetch some data periodically, say every two hours. But if the network is not available for two days, then only one request should be made when the network becomes available, not 50! This could be done by letting the app assign a unique id to the request. Requests that have the same id will over-write other requests from the same app with the same id.
Logging and Filtering
From the user point of view, there is tremendous advantage in having a centralized URL Fetcher, because she will be able to Log the requests that go through it, and also filter some requests. For example, she could filter an app that she doesn't want to be updated (for whatever reason).
Distribution:
The app will be open-source and made available on all App markets and also as a direct APK download.
The only hurdle to this idea that I can see is that the app will have to be installed separately by the user. The problem will be reduced over time as more and more apps use this service. So the chances of the app being already present will increase. Also, custom ROMs might pre-package this app, so it will be present by default.
__________________________________
Your thoughts?
Update:
I have begun coding this up. You can follow / contribute here:
https://github.com/hrj/SafeNet/
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A
For an app like that, you are not going to be able to not allow the internet permission. It needs it to fetch the URL (from the internet) so it has to use it... Unless you have a huge database of all URL's stored on your sd card .
Theonew said:
For an app like that, you are not going to be able to not allow the internet permission. It needs it to fetch the URL (from the internet) so it has to use it
Click to expand...
Click to collapse
Yes indeed. The fetch service app will have the Internet permission, and the read/write to SD card permission. The idea is to reduce the number of entities that the user has to trust.
And since the service app will be open-source, the user can compile her own version and install it. In that case, she doesn't even have to trust anyone else.
I have put up a tentative project and have some working code already in my local repository. If you would like to follow the progress or would like to contribute, here's the GitHub link:
https://github.com/hrj/SafeNet/
cheers!
h_r_j said:
the user can compile her own version and install it. In that case, she doesn't even have to trust anyone else.
Click to expand...
Click to collapse
Great. One thing... all the users of your app aren't only female...
Theonew said:
Great. One thing... all the users of your app aren't only female...
Click to expand...
Click to collapse
I guess you are right.. I didn't check thoroughly
But seriously, he / she / it doesn't really matter. I don't like typing "he or she" in every sentence. So, I just pick between those words randomly.
h_r_j said:
I guess you are right.. I didn't check thoroughly
But seriously, he / she / it doesn't really matter. I don't like typing "he or she" in every sentence. So, I just pick between those words randomly.
Click to expand...
Click to collapse
Just put "they" .
Hi!
In order to automatically switch to Wifi Keyboard as my current input method when plugging my phone (Atrix, Android 2.2.2) into my computer, I am looking to circumvent the security restrictions preventing that. Normally, applications are not given the permission to change input methods due to them being in control of the system, possibly with malicious intent.
Now, my phone is rooted, and root shall be your god, so this must be possible. To further complicate matters, I am trying to acieve this through Tasker (which does not know about root), as it already provides the several other tasks I want to achieve and can trigger them in any context imaginable. It is, however, able to run scripts - so if there is a way to do this by script, I'm set.
Google gave me a link to the developer.android.com reference to InputMethodManager (which I am not allowed to post here yet...), which says, among other things, the following:
The input method manager as expressed by this class is the central point of the system that manages interaction between all other parts. It is expressed as the client-side API here which exists in each application context and communicates with a global system service that manages the interaction across all processes.
An input method (IME) implements a particular interaction model allowing the user to generate text. The system binds to the current input method that is use, causing it to be created and run, and tells it when to hide and show its UI. Only one IME is running at a time.
Multiple client applications arbitrate with the input method manager for input focus and control over the state of the IME. Only one such client is ever active (working with the IME) at a time.
Click to expand...
Click to collapse
Only the system is allowed to directly access an IME's InputMethod interface, via the BIND_INPUT_METHOD permission. This is enforced in the system by not binding to an input method service that does not require this permission, so the system can guarantee no other untrusted clients are accessing the current input method outside of its control.
Click to expand...
Click to collapse
A client application can ask that the system let the user pick a new IME, but can not programmatically switch to one itself. This avoids malicious applications from switching the user to their own IME, which remains running when the user navigates away to another application. An IME, on the other hand, is allowed to programmatically switch the system to another IME, since it already has full control of user input.
Click to expand...
Click to collapse
The identification of the current IME is represented by this:
IBinder imeToken Supplies the identifying token given to an input method when it was started, which allows it to perform this operation on itself.
Click to expand...
Click to collapse
I take from this that I either have to
a) gimme that BIND_INPUT_METHOD permission,
b) remove that whole restriction at least temporarily,
c) impersonate being the currently active IME by taking the imeToken away or
d) tell the IME that it should switch to another one.
Unfortunately, my programming experience is limited to C (on microcontrollers...), Python and PHP, and I have no greater experience with fitting my scripts into lager-scale frameworks, only in small ones for personal or limited use. So, well, I have no idea how to achieve any of these goals.
Could someone tell me if what I want to do is even possible, and if so, how? I don't need the full code, if there is much to it, but rather some directions, altough I certainly would not mind it
Thanks a bunch for any advice in advance!
V
PS: I hope it is not rude for me to ask this in here, but well, it's kinda-sorta dev stuff, and neither Google nor the Forum search turned up anything even close to an answer.
Use "Secure Settings". It will allow you to switch keyboard input using Tasker. It also lets you turn gps on and off as well as some other things.
Sent from my MB860 using xda premium
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
XPrivacyLua custom hook definitions
By using XPrivacyLua you can define Xposed hooks and apply them to any app at run time (so, rebooting your device is not necessary). You can write hook code on your device in Lua, which is quite easy to learn.
See the documentation about how to define hooks.
Although XPrivacyLua has 'privacy' in its name, new hooks don't need to be privacy related at all. Disabling the built in privacy related hooks is a matter of selecting another collection of hooks.
This XDA thread is meant to discuss defining hooks, with the restriction that hook definitions must serve a legally allowed purpose. This XDA thread is not meant to make you a developer, so at least some development experience is expected, which means that you'll need to be able to figure out where to hook yourself and that you'll need to be able to write Lua scripts yourself.
XDA:DevDB Information
XPrivacyLua hook definitions, Xposed for all devices (see above for details)
Contributors
M66B
Xposed Package Name:
Version Information
Status: Beta
Created 2018-01-28
Last Updated 2018-04-01
Could there be a generic "always return true" lua script?
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Well, I'm trying but I'm lost. Just trying to setAnalyticsCollectionEnabled
https://firebase.google.com/support/guides/disable-analytics
Code:
public void setAnalyticsCollectionEnabled (boolean enabled) = false
supposedly disables Firebase Analytics (which apparently 67% of the top 200 apps use).
My definition looks like
Collection: privacy
Group: firebase
Name: firebase.analytics
author: whatever
class: com.google.firebase.analytics
method:setAnalyticsCollectionEnabled
parameter type: void
return type: boolean
min/max sdk: 1/999
lua script: @generic_false_value I suppose I can use this?
Even if this looks valid, it feels like maybe this wouldn't fire unless certain other things happen first? Looking at your hooks.json for google analytics it looks like you had to maybe set a chain of events to occur to get to the point of controlling the method you intend to make changes?
jawz101 said:
Could there be a generic "always return true" lua script?
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Well, I'm trying but I'm lost. Just trying to setAnalyticsCollectionEnabled
https://firebase.google.com/support/guides/disable-analytics
Code:
public void setAnalyticsCollectionEnabled (boolean enabled) = false
supposedly disables Firebase Analytics (which apparently 67% of the top 200 apps use).
My definition looks like
Collection: privacy
Group: firebase
Name: firebase.analytics
author: whatever
class: com.google.firebase.analytics
method:setAnalyticsCollectionEnabled
parameter type: void
return type: boolean
min/max sdk: 1/999
lua script: @generic_false_value I suppose I can use this?
Even if this looks valid, it feels like maybe this wouldn't fire unless certain other things happen first? Looking at your hooks.json for google analytics it looks like you had to maybe set a chain of events to occur to get to the point of controlling the method you intend to make changes?
Click to expand...
Click to collapse
The built-in scripts are not meant for general use because they might change over time breaking stuff that depends on them. Therefore imported definitions are not linked against the built-in scripts. If needed, you can simply copy and paste the Lua script from another (built in) definition. Copying guarantees your definition will keep working, even when the built-in scripts are changed or even removed.
Calling setAnalyticsCollectionEnabled requires access to an instance of FirebaseAnalytics, which apps needs to get by calling getInstance. So, hook getInstance to call setAnalyticsCollectionEnabled(false) and hook setAnalyticsCollectionEnabled to prevent an app from turning analytics on again.
Restricting Google Analytics (available in the next release of XPrivacyLua) works similar:
https://github.com/M66B/XPrivacyLua/blob/master/app/src/main/assets/ga_getinstance.lua
https://github.com/M66B/XPrivacyLua/blob/master/app/src/main/assets/ga_setdryrun.lua
You can also wait until I have added this ...
But firebase isn't necessarily the same thing, right?
jawz101 said:
But firebase isn't necessarily the same thing, right?
Click to expand...
Click to collapse
No, Google Analytics and Firebase Analytics are not the same and need different definitions.
Restricting Firebase Analytics works properly with these hook definitions:
https://github.com/M66B/XPrivacyLua/commit/1708fc6e4a15cef85cb973f5c08286d90d3ca806
jawz101 said:
And when building a definition, what does it mean to be in a group and collection? Do I just put anything there or do I have to call them something particular?
Click to expand...
Click to collapse
With the latest version of XPrivacyLua / companion app you can change the collection of hooks to use in XPrivacyLua. The default is to use the collection 'Privacy'. You can define your own collection by definition hooks with a new collection name. There can only be one collection active at one time, so if you want to add your own definitions to the built-in privacy collection you'll have to use the collection 'Privacy'. Basically collections exists to allow using XPrivacyLua for things other than privacy.
Groups are listed in the XPrivacyLua app and make it easy to apply a group of hooks to one or more apps. XPrivacyLua cannot and will not handle applying individual hooks to keep things simple, but I might add this to the pro companion app in the near feature. For now you can rename a group of an existing hook definition to be able to apply it separately in XPrivacyLua.
Edit: this has been clarified in the documentation too now: https://github.com/M66B/XPrivacyLua/blob/master/DEFINE.md
I still have some questions on when,where,how etc.... but I will wait until I can dedicate more time to playing with this.
I do have a feature request.
could there be a sort of drop down box that queries all valid entries for each item when creating a custom definition.
for example...
when creating a custom definition, when taping on the line for group, you would just type a new group (as it is now) but if there was a drop down arrow at the end of the line that could give a list of currently used groups and then the user could just click the listed group instead of typing and it would auto-fill that field.
maybe even more useful would be for the other items like Name,Class, Method etc...
where it could show possible entries. That would help a lot.
... I turned on notifications for your new Firebase rules. I would think a bunch of apps I have use Firebase Analytics. @M66B Have you seen any apps trigger it yet?
Even if the app imported Firebase Analytics library and gathers Firebase Analytics but never uses the setAnalyticsCollectionEnabled() method in its own code would it mean this hook will never trigger?
With the latest version of XPrivacyLua / companion app you can change the collection of hooks to use in XPrivacyLua. The default is to use the collection 'Privacy'. You can define your own collection by definition hooks with a new collection name. There can only be one collection active at one time, so if you want to add your own definitions to the built-in privacy collection you'll have to use the collection 'Privacy'. Basically collections exists to allow using XPrivacyLua for things other than privacy.
Click to expand...
Click to collapse
Thanks:highfive:.
This is just a suggestion but if this was my app I would break these 2 elements out to separate screens from the definition builder. You would define collections and groups in a separate spot, and then when building rules the collections and groups would pull in as a selectable dropdown. Avoids typos and helps to explain how there can be only one active collection for XPrivacyLua.
mnjm9b said:
I still have some questions on when,where,how etc.... but I will wait until I can dedicate more time to playing with this.
I do have a feature request.
could there be a sort of drop down box that queries all valid entries for each item when creating a custom definition.
for example...
when creating a custom definition, when taping on the line for group, you would just type a new group (as it is now) but if there was a drop down arrow at the end of the line that could give a list of currently used groups and then the user could just click the listed group instead of typing and it would auto-fill that field.
maybe even more useful would be for the other items like Name,Class, Method etc...
where it could show possible entries. That would help a lot.
Click to expand...
Click to collapse
I will see what I can do for collection and group, but all the other fields are flexible and depend on the hook.
jawz101 said:
... I turned on notifications for your new Firebase rules. I would think a bunch of apps I have use Firebase Analytics. @M66B Have you seen any apps trigger it yet?
Even if the app imported Firebase Analytics library and gathers Firebase Analytics but never uses the setAnalyticsCollectionEnabled() method in its own code would it mean this hook will never trigger?
Click to expand...
Click to collapse
An app will normally not disable/enable analytics given the default is enabled and the user has mostly no choice in this. So see this hook as a safeguard to prevent an app enabling analytics again after we disabled it in another hook
M66B said:
An app will normally not disable/enable analytics given the default is enabled and the user has mostly no choice in this. So see this hook as a safeguard to prevent an app enabling analytics again after we disabled it in another hook
Click to expand...
Click to collapse
Would there be a way to introduce the app to calling it? Or maybe that's what you're implying. Also, have you noticed that system and google apps seem to gray out the read identifiers permission? Ex: set read identifiers as restricted on Android Webview or Google Photos/Maps/Google TTS. Turns pink Get out of XPrivacyLua and open it again. Read Identifiers is gray. (I'm on LineageOS if that matters)
jawz101 said:
Would there be a way to introduce the app to calling it? Or maybe that's what you're implying. Also, have you noticed that system and google apps seem to gray out the read identifiers permission? Ex: set read identifiers as restricted on Android Webview or Google Photos/Maps/Google TTS. Turns pink Get out of XPrivacyLua and open it again. Read Identifiers is gray. (I'm on LineageOS if that matters)
Click to expand...
Click to collapse
Normally an apps doesn't call the function. Maybe if the user can choose to opt in or opt out, but this is rarely the case.
The other thing should go into the XPrivacyLua XDA thread, but I will look into it anyway.
M66B said:
I will see what I can do for collection and group, but all the other fields are flexible and depend on the hook.
Click to expand...
Click to collapse
Thanks, That's a good start.
Maybe if the "PRO" app takes off enough for you to bother you could charge extra for the expanded feature of having the drop lists change depending on the choices made?
I did have a moment to look over a definition I was playing with for "TIME"
it serves no real purpose so I gave up early but if I could get a better understanding on why it doesn't work it could help with actual ones.
using the FINGERPRINT example I made several other entries that all worked fine but this one caused issue.
I assumed it was because according to https://developer.android.com/reference/android/os/Build.html the type for TIME wasn't "String" but "Long"
this is the last one I tried...
Code:
{
"collection": "Privacy",
"group": "Read.Device",
"name": "Build.TIME",
"author": "M66B",
"className": "android.os.Build",
"methodName": "#TIME",
"parameterTypes": [],
"returnType": "long",
"minSdk": 1,
"maxSdk": 999,
"enabled": true,
"optional": false,
"usage": true,
"notify": false,
"luaScript": "function after(hook, param)\n param:setResult("unknown")\n return true\nend\n"
}
I was also playing with "SUPPORTED_ABIS" which also didn't work and the type was "Sting []" instead of just "String" so I was thinking that was the problem also.
@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now
Namnodorel said:
@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now
Click to expand...
Click to collapse
You are 100% right.
Returning a string array is not trivial. Look at 'generic_empty_string_array.lua' about how to do this.
Namnodorel said:
@mnjm9b You are returning a string (series of characters) as a long (number). Try returning just a number (without the quotes).
String[] is an array (mulitple strings), so you need to return an array as well. But I don't know how to do that in Lua right now
Click to expand...
Click to collapse
so in my example the returnType instead of "long" should be a number like 0 without quotes?
I tried that and it still doesn't work.
---------- Post added at 08:55 PM ---------- Previous post was at 08:54 PM ----------
M66B said:
You are 100% right.
Returning a string array is not trivial. Look at 'generic_empty_string_array.lua' about how to do this.
Click to expand...
Click to collapse
thanks for this, I guess I am in WAY over my head.
mnjm9b said:
so in my example the returnType instead of "long" should be a number like 0 without quotes?
I tried that and it still doesn't work.
Click to expand...
Click to collapse
No. the return type was correct. That specifies what type of object you are expected to return. What you need to change is what you then actually return, which is
Code:
param:setResult("unknown")
to
Code:
param:setResult(12345678)
@M66B
Thank you for your work, if i understand right, you provide us an programmable interface that will execute command lines written in Lua language without having to create a complete module in JAVA for XPosed?
From what i understood in your initial post, you indicate that we must install your module "XPrivacyLua", then that one disposes there after of the possibility to apply for the applications which one wishes, lines of codes written in Lua language and which do not necessarily have to relate to the logic of rights of access concerning privacy?
If yes then we must necessarily install XPrivacyLua even if in view of all your work provided on it the basic functions do not interest me forcibly?
All this seems to be promising however :good:
Rom said:
@M66B
Thank you for your work, if i understand right, you provide us an programmable interface that will execute command lines written in Lua language without having to create a complete module in JAVA for XPosed?
Click to expand...
Click to collapse
Yes.
Rom said:
From what i understood in your initial post, you indicate that we must install your module "XPrivacyLua", then that one disposes there after of the possibility to apply for the applications which one wishes, lines of codes written in Lua language and which do not necessarily have to relate to the logic of rights of access concerning privacy?
Click to expand...
Click to collapse
Yes.
Rom said:
If yes then we must necessarily install XPrivacyLua even if in view of all your work provided on it the basic functions do not interest me forcibly?
All this seems to be promising however :good:
Click to expand...
Click to collapse
You'll need XPrivacyLua to install and run defined Xposed hooks written in Lua, but you don't need to use the built in privacy related hooks.
The companion app allows you to switch to another collection of hooks you've written, in effect disabling the built-in privacy related hooks.
Try it and I will help you when needed and in the process I will update the documentation where needed.