Better Mobile App

[APP] [CM7] Increase Your Privacy with PDroid [alt CM9/CM10]

Well, I’m sure that it isn’t a secret for anyone, CM7 has been and still is my favorite rom for my Defy(s). I’ve been using it since the day Quarx’s brought IP Tables support to it – hence allowing me to use Droidwall as an Android firewall. I could then selectively allow/deny internet access to any installed app [having internet access permission that is…]. This is a first and important security step, but like anything, this has limitations; apps that do ‘really’ need internet access are then free to send (and receive) whatever their Android permissions allow them to get a hand on. For that, CM7 has a neet feature called ‘permissions management’ that allows you to control each app’s permissions individually. This option works fine BUT the problem is that the apps that you control that way often lose functionalities, stop working altogether or even throw you an error message telling you that the app’s permissions have been altered and that you will not be able to use it unless you reset them.
So how to solve this potentially very critical security flaw without losing apps functionality? ==> PDroid.
Thanks to xda user measel, I’ve just recently discovered this wonderful piece of software and I don’t think that my Defy will ever live without it from now on. The app itself is not really a new one and I’ve decided to create this thread to spread to word around and in the hope that it will be helpful to other Defy owners conscious about their data privacy.
WHAT IT DOES:
• More than just blocking apps Android permissions, it lets you control each individual app’s access to private information (user + system);
• It allows you to block and, in some cases, let you either use random or custom private data;
• It will also (if desired) warn you on any root or privacy info access, all that with an easy to figure out and use user interface [see pics];
• And best of all, applications will not crash when their access to private data is blocked unlike with Permission Denied (using LBE Privacy or alike or with CM7).
Disclaimer: I’m only the messenger and I take no credit or responsibility for anything that you’ll do with your phone from here on.
HOW TO:
Original thread by the dev [go have a read and give your thanks to svyat]
Pre-requisites:
- Make sure that you did not use Titanium Backup to integrate sys Dalvik into the rom [if you don’t know what that means, chances are that you didn’t; ignore it];
- a PC running Windows;
- a CM7-jordan/Jordan-plus build;
- PDroid patcher v1.31 (v1.27 also work but the latest version (v1.32) from the link above doesn’t work for the Defy. So I’m attaching v1.31 here which I’ve found with a little digging through that thread;
- the PDroid.apk itself [Market link] or [Dropbox link from the dev];
=> If you don’t have access to a PC running Windows or just don’t want to go through the trouble of patching process described below, you can head over to measel’s CM7 nightlys | info collection thread and locate the build you are using; he was kind enough to provide us with patches for most of recent Jordan builds. So go and grab your applicable patches and give thanks to him.
=> If you’re running CM9 or CM10, this patcher will not work for you, but there are alternatives - namely: the ‘auto-patcher’ or even the PDroid v2 [I’ll give links to those later]. Just go read the last few pages of the original thread, there are quite a few mentions/redirections to those over there. [please don’t ask me about questions about those as I did not try them just yet]
Note: PDroid is an ongoing but currently ‘on hold’ project [because, like someone said before: devs sometimes have a life outside Android...] which works perfectly fine as it is if you follow the next few steps below.
Zero off: Make a nandroid backup of your current phone setup.
First off: Create the patch for your rom:
To work, PDroid first needs you to mod 3 framework files and push them onto your phone. To do so, all you need to do is to execute the PDroidPatcher.exe. file [extract it from the zip attached] and point it to the CM7 build you are using. Let it do its thing and it will create a CWM recovery flashable zip and an undo (RESTORE) one.
Second: Flash the patch:
Just boot into recovery, wipe cache and dalvik and install the patch and boot up.
Third: Install the apk
That’s it!, you’re now ready to go your list of installed apps and start controlling your privacy accesses.
Warning: again, go read the original thread for a how to on how to backup your PDroid settings and/or use TB to do so.
HOW TO USE:
Well, it’s all pretty obvious and with a bit of common sense, you will easily figure out how and what to set up. By default, nothing is blocked and apps are free to access data. So you’ll have to go through your list of installed apps and set up each individual data access and then try them out. For example, logic would tell us not to block the ‘GPS/Network Location’ data to maps related apps nor block ‘Accounts credentials’ to apps dealing with user IDs and passwords like Email or social apps.
I can’t give you detailed instructions here (it’s not the point of this thread anyway), but if like me you already use Droidwall, you can first leave alone all the apps that you’ve black listed for internet access [pic 2] since they won’t do anything with your private data if they can’t send it back home… There is also an option within the app to ‘hide all the safe apps’ [which do not have an internet permission]; check it to reduce the size of your list of apps to configure.
From experience, I’d also suggest you to keep an eye on the apps requiring a password to run since blocking Device or Subscriber ID might mean that you’ll have to always enter passwords each time you run the app that would otherwise be remembered by those apps. As a rule of thumb, I pretty much choose the ‘use random’ option whenever it is available (just to minimize problems with the app on blocking completely – I’m not even sure this is a valid argument here…) or block everything else when it’s not and finally, I leave ‘Network Info’ allowed since it basically only lets apps know if you connected to internet or not [who cares if they get your wifi’s SSID or not…].
But again, you’ll have to fine tune the whole thing for each and every app and run them to check for full functionalities – but at least they won’t crash on you… Finally, you can pinpoint potential problems/solutions by turning off the general PDroid notifications option and by turning on a specific app’s ones [pic 3].
Happy privacy enhancement!
/AL

As usual!
Quality guides from lovely []AL[]
I don't want a tapatalk sig!

nogoodusername said:
As usual!
Quality guides for lovely []AL[]
Why not move to Android Apps forums?
I don't want a tapatalk sig!
Click to expand...
Click to collapse
"lovely AL" wow! you surely are the first person to tell me anything like this here on xda.
..not sure if I should be flattered or run away by homophobia - hehehe! :laugh:
Well, I didn't mean to make it a guide when I started writing it, but like always I had things
to say and the post got longer and longer.. so I guess that we can call it a sort of guide...
But I truly like the app and believe that along with Droidwall, that should be installed on every phone.
In fact, Google should look at this and incorporate something similar into Android.
OK, I'll go reply to your PM now... cheers!
Edit for your question: because like I wrote in the OP, I'm just the messenger and not the dev of the app.
The app also works mostly for on phones running CM7 and even not all the phones support it either.
So I wouldn't publish this widely without at least asking permission to the dev. But here for Defy owners fellows,
I know it works fine and again, I think that it is pretty much an essential app to have.
9 downloads/1 thank;
Leeches, I see leeches everywhere!

Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.

Excellent app
Arch Linux User ..

KicknGuitar said:
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Click to expand...
Click to collapse
Well... sorry to hear that; I had no clue that it doesn't work with Quarx CM10. It seems to work for some other JB builds/phones... But like I wrote on the OP, I haven't tried any of this on CM9/JB yet. So again, too bad that this thing is a no go for now. I hear that Quarx is very busy outside Android's world as of lately so it might not be a good time to ask him about this - might also be low on his priority...but who knows, someone might read this and find an answer for you.
ps: quite an avatar you got there :silly:
an thanks for the link to the auto-patcher thread; it might be useful to others and it'll save me the search when I update the OP with it and your comment eventually...
juan296 said:
Excellent app
Click to expand...
Click to collapse
Well thanks but again, just I'm just a messenger here and not the dev... :highfive:

Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Arch Linux User ..

juan296 said:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Click to expand...
Click to collapse
I still use both...they are quite different apps and don't do the same at all. Droidwall is a firewall that let you control if an app has access to internet or not; PDroid controls what private information each app can access.
Like I wrote on the OP, any app that is blocked by Droidwall doesn't need a PDroid setup, but apps that need internet connection could be free to get private information from your phone if you don't use PDroid...
Basically, PDroid has no way of blocking all internet access; it only blocks apps from reading private info (or scrambles it by returning info like random network location or sim ID#...)

[Q] Custom Rom For Enterprise Deployment

Ok... I am Software Engineer and I have been developing mostly for Windows environments, but recently started getting into Android. I want to get more into the Operating System from a lower level. I am looking to build a custom ROM that must meet certain requirements to be used.
What I would like to do for a specific device:
1) Strip stock ROM of bloatware
2) Use SSH Tunnel for all data traffic (3G/4G, WiFi, etc.)
- This will have to be an embedded setup so that the device will always be using the SSH Tunnel to encrypt data accessing from company resources.
- If at all possible, block sites that are normally blocked when on the physical network.
3) Company Email, Contacts, and Calendar information to be synced from Lotus Notes to native android applications using only the SSH Tunnel connection.
4) Enforce password requirement for phone lock screen.
5) Change the OTA Device Update server to create my own.
- Insight as to how I would host my own on my internal network would be appreciated, if it is at all possible.
6) Detect company secure WiFi Access Points and only permit automatic switching to these sources for data, others (unsecured) will need to manually connected.
Now, I know how to make a custom ROM, where I am stripping bloatware and pre-rooting and such so I don't need help with requirement 1.
However, I have no clue where to start with the security aspect of this. Is it possible to embed all the settings into the OS configuration for routing data over a secure and encrypted source? This is an absolutely imperative thing, where Corporate Security mandates that the syncing of emails and such must be done over an encrypted connection. If SSH tunneling is not the best solution, perhaps VPN? Our company currently deploys Cisco AnyConnect for VPN from company laptops. Again, this has to be built into the configuration of the device. The user cannot have the ability to turn off/on this feature (unless the root or do various other violations to corporate policy). Speed is not a concern, these are work devices and only need to be reliable in accessing work resources.
As for requirement 4, is there any way to force a password lock on the device? Maybe deploy the ROM in some sort of initial setup mode (similar to Microsoft's OOBE for windows), where they are prompted to create there phone password and enter various other credentials to setup the email syncing with the native email client?
For requirement 5 & 6, well these are just pipe dreams. If they could be done, and not require a UI to manage them, then it would be great. However, I figure this would be not so easy to do.
The reason why this all has to be built in and configured, is because the user cannot be given the option to disable these features with a simple UI. Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own. There has to be a way to build my own and deploy my ROM as an official release to the device without having to have a custom recovery or root.
Any insight into any of this would be great. For the most part I am looking for the built in network access features that I discussed above and insight on how to accomplish this if at all possible. Everything else could just be whatever input you are willing to provide. I realize this is a big project, but the result will be a phenomenal step in securing and expanding company resources. I realize there may be enterprise solutions out there that will already accomplish most of this, but I am looking to stay away from those options.

mkruluts said:
Also, the phones can not receive carrier specific OTA updates, that would wipe this system configurations. The update server has to be possible, as all the carriers currently host there own.
Click to expand...
Click to collapse
Hello mkruluts,
where did you get that the carriers host their own servers?
I would seriously be interested.
Optimally, do you have a link?
I read on this forum that even the branded updates come from a manufacturer's server:
http://forum.xda-developers.com/showpost.php?p=43915102&postcount=574
"HTC gets the go ahead to push it OTA from their servers"
http://forum.xda-developers.com/showpost.php?p=8525999&postcount=141
"The vendor's servers are tied to the carrier network."
--Droiderino

[Q] Safest ROM

Hi All,
I am new here, so sorry if I mess up something or don't know things obvious to most of you .
I am digging through many articles/review telling about mobile OSes, but can you tell me which one gives me most privacy and security?
What I mean by privacy?
First of all I do not want that any of my data is sent to any central server of some big company like Google/Apple/M$. I don't need synchronization.
I can live without gapps and fb .
I don't want to share my contacts, and don't want anyone to read my sms etc. so encryption would by nice.
By security I mean that I can restrict apps what they have access to.
So definitely open source os without any "under the hood" soft like "we know better what you need".
I was testing few OSes on my Nexus 4 and my current summary is like:
- Stock android gives a lot of information to Google through gapps, so I don't want that
- Cyanogenmod - I heard about some rumors of closing some part, using proprietary libraries and in privacy policy I see that they also collect quite a lot of data. Big plus - Privacy control for apps.
- Ubuntu touch - although I like the feel it seems that Canonical is also collecting tons of data and when I was supposed to register while installing any free app from the market...?
- Omnirom - is considered to be open-cm - what you say? Is it almost the same? Does it control app permisions?
- Firefox OS - for me it looks most promising, they write on their webpage that every app has an access only to the part of disk dedicated to it (if I understand android policy "Access to SD card pemission" gives any app right to read/write anything on whole SD?). Also they explicitly say what they collect, the give possibility not to send reports etc.
So what you say?
I was considering Omnirom with F-Droid, K9-mail, Text Secure etc. OR Firefox OS. Any better options?
Thanks a lot for help!

Most secure ZU config: firmware, phone settings, application settings, user behavior

Say I wanted to have the most secure Sony Xperia Z Ultra possible (without "too much" sacrifice of useability).
In the context of this thread I define security as broadly anything barring network anonymity ie. hiding your device public IP address.
So I want security from network attackers (eg. drive-by download, WiFi attacks), physical device attackers (eg. customs searching devices for IP violations ... no really, that's about to become a thing apparently, GF and/or mistresses) .
How would you do it?
Could you please use sections of
Code:
firmware
phone settings
app settings
behavior
because I want to curate the best answers from users in this post for the good of the forum.
My thoughts so far are:
Firmware:
Root is disabled
Bootloader should be locked.
^^ These I'm not sure about - see if we don't have root then we don't have iptable firewall and hosts level server blocking.
One recovery should be used
Honestly I'm not sure which ROM is more secure than another but I'm assuming the latest and greatest is more secure so that would be MM atm. No idea if Sony is more secure than another flavour of ZU Android.
Phone settings:
Developer options off
Sideload apps off
Do not connect to unknown WiFi
NFC Off by default
Bluetooth Off by default
PIN unlock required
Auto-lock ON
App settings: (this includes apps you should have/not have and their settings)
I figure every additional app that I don't use is a needless attack surface so start with no apps at all - uninstall everything. Only install what you use ... for which you need root unless the ROM is premade like this.
Firewall app (Netguard no-root Firewall, DroidWall if we have root)
Adblock (if we have root)
AV - honestly most mobile AV seems pathetic at being secure and not acting like malware (notifications, popup windows etc) but Avast at least seems to not hog resources.
-Auto update every app
User behaviour:
NEVER:
-install apps from anywhere other than Google Play. Or possibly FDroid
-let another person use your device
I'd like to hear your suggestions, critique and everything else, cheers!

So you're not gonna install from other than google play, then what ad blocker are you going to use? Where is adblocker connecting to?
You're talking about still having a lot of apps connecting through servers that you don't control.

morestupidemailnames said:
You're talking about still having a lot of apps connecting through servers that you don't control.
Click to expand...
Click to collapse
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G

panyan said:
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
Click to expand...
Click to collapse
Exactly my point.
The op is a long winded question that leaves you with more questions.
Probably why there's been such a landslide of security tips here

Device uses „mobile data” without my permission!!!

I’ve seen on the billing from my cellphone provider, that the Note 4 makes approximately 3-5 times in a month a mobile data connection without my permission.
How is it possible to figure out the reason of this bad behaviour? (I use MIUI Global 8.2 Stable 8.2.10.0, and I want to use this Android 6 based MIUI Version furthermore). Maybe this is a huge bug in MIUI, or is it possible that this is caused by an App? But which one?
Anyway I’ve disabled the setting “Allow background data” for apps to prevent the use of mobile data when I’m not using them. But this setting is not enough to prevent the mobile data connection buildup of the Note 4X.

mi_eu said:
I’ve seen on the billing from my cellphone provider, that the Note 4 makes approximately 3-5 times in a month a mobile data connection without my permission.
How is it possible to figure out the reason of this bad behaviour? (I use MIUI Global 8.2 Stable 8.2.10.0, and I want to use this Android 6 based MIUI Version furthermore). Maybe this is a huge bug in MIUI, or is it possible that this is caused by an App? But which one?
Anyway I’ve disabled the setting “Allow background data” for apps to prevent the use of mobile data when I’m not using them. But this setting is not enough to prevent the mobile data connection buildup of the Note 4X.
Click to expand...
Click to collapse
Have you ever heard the phrase "ET phone home"? See for example: https://www.reddit.com/r/androidapp..._apps_desperately_try_to_phone_home_how_do_i/
That is why I will never use a MIUI ROM that has not had all the "phone home" functionality removed. There are XDA threads for the Redmi Note 2 that are devoted to (among other things) doing this - see e.g., https://forum.xda-developers.com/redmi-note-2/development/b-skinny-pro-t3347906
It is getting increasingly difficult to remove all the phone home functionality, hence why I will never use MIUI.

Firewall app Netguard (no root) will let you check and, at least to a certain extent, control things like this.
Some "calling home" behavior is obviously necessary for proper functioning of android (Google account) and MIUI (Mi account).

cobben said:
Firewall app Netguard (no root) will let you check and, at least to a certain extent, control things like this.
Some "calling home" behavior is obviously necessary for proper functioning of android (Google account) and MIUI (Mi account).
Click to expand...
Click to collapse
I think, if a mobile data connection is not enabled by the user, it should stay in this mode until the user enables it.
The Device and the manufacturer are not allowed to do self decisions. Who pays me the permanent mobile data traffic? Xiaomi? Sure not.
I fear that a firewall doesn't help. The firewall is able to prevent network data traffic e.g. for an app. But for my understanding a firewall can't prevent a system app independently to open and close a new mobile data line - unless I'm mistaken.

mi_eu said:
I think, if a mobile data connection is not enabled by the user, it should stay in this mode until the user enables it.
The Device and the manufacturer are not allowed to do self decisions. Who pays me the permanent mobile data traffic? Xiaomi? Sure not.
I fear that a firewall doesn't help. The firewall is able to prevent network data traffic e.g. for an app. But for my understanding a firewall can't prevent a system app independently to open and close a new mobile data line - unless I'm mistaken.
Click to expand...
Click to collapse
Yes, I think I have actually noticed some "unexplainable" traffic on a few occasions, bypassing the firewall, with mobil data enabled, but the firewall supposedly shutting off all traffic.
But as it does not have any particular importance for me personally, I haven't spent any time looking into it.
But if you do not even have mobile data enabled, then nothing should get through at all - I assume?

This is really strange that data is enabled by a system app, and the first I've ever heard of it happening. Are you SURE it is MIUI using your data and not a rogue app or malware (are you rooted and/or do you use pirated apps or APK's from random places)?
MIUI built in security app is perfectly capable of measuring the data usage per app, and also total data usage. You can use the built-in firewall to block any app - user or system - from accessing data.
The restriction here is that you cannot block a system app from WiFi, not without a third party mod to the Security APK (a guy on en.miui.com forums has instructions for this, bit you need to be good with smali). I will eventually release a generic patch for this once my patching tool is ready for a public alpha.
But I digress.
MIUI security app should tell you. If MIUI is using data without permissions and you can demonstrate that it is definitely an MIUI process and not something *you* put on, I would think it is definitely a bug. They will NOT want their stuff costing you data without permission!
DarthJabba9 said:
Have you ever heard the phrase "ET phone home"? See for example: https://www.reddit.com/r/androidapp..._apps_desperately_try_to_phone_home_how_do_i/
That is why I will never use a MIUI ROM that has not had all the "phone home" functionality removed. There are XDA threads for the Redmi Note 2 that are devoted to (among other things) doing this - see e.g., https://forum.xda-developers.com/redmi-note-2/development/b-skinny-pro-t3347906
It is getting increasingly difficult to remove all the phone home functionality, hence why I will never use MIUI.
Click to expand...
Click to collapse
It's called anonymous telemetry, dude. Yes there is a lot of it in MIUI, but this is just the way of the world these days. If you don't like it, go and use a non-branded device with AOSP and no Google services at all. Not everyone is this paranoid, most of us are fine with revealing *anonymous* data to help improve product experience.
I guarantee you that XDA are collecting data about your PC and browser and your location for statistical and security reasons.
Sent from my Redmi Note 4 using Tapatalk

CosmicDan said:
most of us are fine with revealing *anonymous* data to help improve product experience.
Click to expand...
Click to collapse
So am I - when it is entirely my choice and decision and I have control over whether or not it happens.
It is good to know that some people are so trusting, and are certain that all those communications with servers in China are all about anonymous data.
CosmicDan said:
I guarantee you that XDA are collecting data about your PC and browser and your location for statistical and security reasons.
Click to expand...
Click to collapse
Yes - if they can drill through VPNs.

If you were that paranoid you'd know that a VPN doesn't make you untraceable. Even using Tor browser with all its hardening doesn't guarantee privacy...
It's not that some "some people are so trusting", but rather that some people have faith in companies not being stupid enough to break international laws - especially on an OS like Android where it's very easy for security experts to find this stuff.
There was once a scare about Xiaomi data collection years ago, but it has since been debunked as anonymous. Yes it might annoying that the collection is opt-out, but it's certainly not forced.
Your case is isolated - I have no such data use without my permission and I've never seen anybody else report it in all my years of being an MIUI power user.
Unless you're using the China ROM of course, which would be silly....
Back to the matter at hand, have you checked in Security > Data Usage the stats? And have you blocked everything in the system tab of the firewall from using data?
One last question. Do you have an MMS APN setup? Because it could just be a heartbeat to your provider.
Sent from my Redmi Note 4 using Tapatalk