Better Mobile App

[APP] [CM7] Increase Your Privacy with PDroid [alt CM9/CM10]

Well, I’m sure that it isn’t a secret for anyone, CM7 has been and still is my favorite rom for my Defy(s). I’ve been using it since the day Quarx’s brought IP Tables support to it – hence allowing me to use Droidwall as an Android firewall. I could then selectively allow/deny internet access to any installed app [having internet access permission that is…]. This is a first and important security step, but like anything, this has limitations; apps that do ‘really’ need internet access are then free to send (and receive) whatever their Android permissions allow them to get a hand on. For that, CM7 has a neet feature called ‘permissions management’ that allows you to control each app’s permissions individually. This option works fine BUT the problem is that the apps that you control that way often lose functionalities, stop working altogether or even throw you an error message telling you that the app’s permissions have been altered and that you will not be able to use it unless you reset them.
So how to solve this potentially very critical security flaw without losing apps functionality? ==> PDroid.
Thanks to xda user measel, I’ve just recently discovered this wonderful piece of software and I don’t think that my Defy will ever live without it from now on. The app itself is not really a new one and I’ve decided to create this thread to spread to word around and in the hope that it will be helpful to other Defy owners conscious about their data privacy.
WHAT IT DOES:
• More than just blocking apps Android permissions, it lets you control each individual app’s access to private information (user + system);
• It allows you to block and, in some cases, let you either use random or custom private data;
• It will also (if desired) warn you on any root or privacy info access, all that with an easy to figure out and use user interface [see pics];
• And best of all, applications will not crash when their access to private data is blocked unlike with Permission Denied (using LBE Privacy or alike or with CM7).
Disclaimer: I’m only the messenger and I take no credit or responsibility for anything that you’ll do with your phone from here on.
HOW TO:
Original thread by the dev [go have a read and give your thanks to svyat]
Pre-requisites:
- Make sure that you did not use Titanium Backup to integrate sys Dalvik into the rom [if you don’t know what that means, chances are that you didn’t; ignore it];
- a PC running Windows;
- a CM7-jordan/Jordan-plus build;
- PDroid patcher v1.31 (v1.27 also work but the latest version (v1.32) from the link above doesn’t work for the Defy. So I’m attaching v1.31 here which I’ve found with a little digging through that thread;
- the PDroid.apk itself [Market link] or [Dropbox link from the dev];
=> If you don’t have access to a PC running Windows or just don’t want to go through the trouble of patching process described below, you can head over to measel’s CM7 nightlys | info collection thread and locate the build you are using; he was kind enough to provide us with patches for most of recent Jordan builds. So go and grab your applicable patches and give thanks to him.
=> If you’re running CM9 or CM10, this patcher will not work for you, but there are alternatives - namely: the ‘auto-patcher’ or even the PDroid v2 [I’ll give links to those later]. Just go read the last few pages of the original thread, there are quite a few mentions/redirections to those over there. [please don’t ask me about questions about those as I did not try them just yet]
Note: PDroid is an ongoing but currently ‘on hold’ project [because, like someone said before: devs sometimes have a life outside Android...] which works perfectly fine as it is if you follow the next few steps below.
Zero off: Make a nandroid backup of your current phone setup.
First off: Create the patch for your rom:
To work, PDroid first needs you to mod 3 framework files and push them onto your phone. To do so, all you need to do is to execute the PDroidPatcher.exe. file [extract it from the zip attached] and point it to the CM7 build you are using. Let it do its thing and it will create a CWM recovery flashable zip and an undo (RESTORE) one.
Second: Flash the patch:
Just boot into recovery, wipe cache and dalvik and install the patch and boot up.
Third: Install the apk
That’s it!, you’re now ready to go your list of installed apps and start controlling your privacy accesses.
Warning: again, go read the original thread for a how to on how to backup your PDroid settings and/or use TB to do so.
HOW TO USE:
Well, it’s all pretty obvious and with a bit of common sense, you will easily figure out how and what to set up. By default, nothing is blocked and apps are free to access data. So you’ll have to go through your list of installed apps and set up each individual data access and then try them out. For example, logic would tell us not to block the ‘GPS/Network Location’ data to maps related apps nor block ‘Accounts credentials’ to apps dealing with user IDs and passwords like Email or social apps.
I can’t give you detailed instructions here (it’s not the point of this thread anyway), but if like me you already use Droidwall, you can first leave alone all the apps that you’ve black listed for internet access [pic 2] since they won’t do anything with your private data if they can’t send it back home… There is also an option within the app to ‘hide all the safe apps’ [which do not have an internet permission]; check it to reduce the size of your list of apps to configure.
From experience, I’d also suggest you to keep an eye on the apps requiring a password to run since blocking Device or Subscriber ID might mean that you’ll have to always enter passwords each time you run the app that would otherwise be remembered by those apps. As a rule of thumb, I pretty much choose the ‘use random’ option whenever it is available (just to minimize problems with the app on blocking completely – I’m not even sure this is a valid argument here…) or block everything else when it’s not and finally, I leave ‘Network Info’ allowed since it basically only lets apps know if you connected to internet or not [who cares if they get your wifi’s SSID or not…].
But again, you’ll have to fine tune the whole thing for each and every app and run them to check for full functionalities – but at least they won’t crash on you… Finally, you can pinpoint potential problems/solutions by turning off the general PDroid notifications option and by turning on a specific app’s ones [pic 3].
Happy privacy enhancement!
/AL

As usual!
Quality guides from lovely []AL[]
I don't want a tapatalk sig!

nogoodusername said:
As usual!
Quality guides for lovely []AL[]
Why not move to Android Apps forums?
I don't want a tapatalk sig!
Click to expand...
Click to collapse
"lovely AL" wow! you surely are the first person to tell me anything like this here on xda.
..not sure if I should be flattered or run away by homophobia - hehehe! :laugh:
Well, I didn't mean to make it a guide when I started writing it, but like always I had things
to say and the post got longer and longer.. so I guess that we can call it a sort of guide...
But I truly like the app and believe that along with Droidwall, that should be installed on every phone.
In fact, Google should look at this and incorporate something similar into Android.
OK, I'll go reply to your PM now... cheers!
Edit for your question: because like I wrote in the OP, I'm just the messenger and not the dev of the app.
The app also works mostly for on phones running CM7 and even not all the phones support it either.
So I wouldn't publish this widely without at least asking permission to the dev. But here for Defy owners fellows,
I know it works fine and again, I think that it is pretty much an essential app to have.
9 downloads/1 thank;
Leeches, I see leeches everywhere!

Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.

Excellent app
Arch Linux User ..

KicknGuitar said:
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Click to expand...
Click to collapse
Well... sorry to hear that; I had no clue that it doesn't work with Quarx CM10. It seems to work for some other JB builds/phones... But like I wrote on the OP, I haven't tried any of this on CM9/JB yet. So again, too bad that this thing is a no go for now. I hear that Quarx is very busy outside Android's world as of lately so it might not be a good time to ask him about this - might also be low on his priority...but who knows, someone might read this and find an answer for you.
ps: quite an avatar you got there :silly:
an thanks for the link to the auto-patcher thread; it might be useful to others and it'll save me the search when I update the OP with it and your comment eventually...
juan296 said:
Excellent app
Click to expand...
Click to collapse
Well thanks but again, just I'm just a messenger here and not the dev... :highfive:

Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Arch Linux User ..

juan296 said:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Click to expand...
Click to collapse
I still use both...they are quite different apps and don't do the same at all. Droidwall is a firewall that let you control if an app has access to internet or not; PDroid controls what private information each app can access.
Like I wrote on the OP, any app that is blocked by Droidwall doesn't need a PDroid setup, but apps that need internet connection could be free to get private information from your phone if you don't use PDroid...
Basically, PDroid has no way of blocking all internet access; it only blocks apps from reading private info (or scrambles it by returning info like random network location or sim ID#...)

google-ectomy, possible?

Hi all.
I have a rooted phone that is used strictly in wifi mode and only needs to be able to run 4 or 5 standard aps, a couple of optional aps, plus the aps that support rooted phones and enhanced power management. I don't want google-anything on it, and I am not kidding. My prime concern is battery life, I hope to be able to run my phone for 3 to 4 days (or more) between charges, so deleting all fluff aps and crapware is important, as is underclocking it and getting rid of google. I also want to stop updating of the operating system and installed software by google.
I hope to do a hardware mod to remove power from the cell band rf transceiver. Despite it being turned off in the phone using software, I am detecting occasional transmissions from the cell band transmitter. Hardware mods are not a problem for me, I'm a retired EE, who specialized in RF design.
I need to know if it's possible for the phone to function if gmail, google+, google search, chrome, google calendar and google-whatever are exhorsized (uninstalled)? Yes, I also want to give the playstore the boot, to prevent excessive battery drain (and, yes, I do realize downloading aps will be slightly more difficult without the playstore).
For those who might be interested, the phone is used as a wifi phone for the home based Ooma telephone service. I also might like to run a mini bittorrent server. It seems to me that the android community could use bittorrent in place of the playstore, thus making it easier for others to give google and google playstore the boot
I love this forum, and want to thank all those that support and administer it.
Aloha,
A

alohagirl said:
Hi all.
I have a rooted phone that is used strictly in wifi mode and only needs to be able to run 4 or 5 standard aps, a couple of optional aps, plus the aps that support rooted phones and enhanced power management. I don't want google-anything on it, and I am not kidding. My prime concern is battery life, I hope to be able to run my phone for 3 to 4 days (or more) between charges, so deleting all fluff aps and crapware is important, as is underclocking it and getting rid of google. I also want to stop updating of the operating system and installed software by google.
I hope to do a hardware mod to remove power from the cell band rf transceiver. Despite it being turned off in the phone using software, I am detecting occasional transmissions from the cell band transmitter. Hardware mods are not a problem for me, I'm a retired EE, who specialized in RF design.
I need to know if it's possible for the phone to function if gmail, google+, google search, chrome, google calendar and google-whatever are exhorsized (uninstalled)? Yes, I also want to give the playstore the boot, to prevent excessive battery drain (and, yes, I do realize downloading aps will be slightly more difficult without the playstore).
For those who might be interested, the phone is used as a wifi phone for the home based Ooma telephone service. I also might like to run a mini bittorrent server. It seems to me that the android community could use bittorrent in place of the playstore, thus making it easier for others to give google and google playstore the boot
I love this forum, and want to thank all those that support and administer it.
Aloha,
A
Click to expand...
Click to collapse
There are threads all over the place trying to do this. Google is deeply ingrained into all the apks used by the os. You will be very hard pressed to find away to remove them completely and still have things work right.

I agree that security is an illusion. I dumped Microshaft in 2013 in order to improve my security and privacy.
However, the android operating system is supposed to be open source, so it should be possible to de-google-ize it IF someone knows how to edit and recompile the android OS.
I was merely asking if anyone knew of a way to give google the boot, even if it came down to paying someone to compile a custom rom.
The loss of google playstore is not a consideration, neither is a monetary forfeiture (any programmers out there?).
I'm curious, is it possible to gag google so it can't connect to the outside world (with a firewall)? We used to do this in XP to prevent Bill's Internet Explorer from downloading updates.
Are any of the custom roms currently available able to run without google-anything??
Is there any hope, or is it truly hopeless? If a custom rom that gave google the boot was available, how many would pay a small fee to have it? Just curious??!!
TY
A.

alohagirl said:
I agree that security is an illusion. I dumped Microshaft in 2013 in order to improve my security and privacy.
However, the android operating system is supposed to be open source, so it should be possible to de-google-ize it IF someone knows how to edit and recompile the android OS.
I was merely asking if anyone knew of a way to give google the boot, even if it came down to paying someone to compile a custom rom.
The loss of google playstore is not a consideration, neither is a monetary forfeiture (any programmers out there?).
I'm curious, is it possible to gag google so it can't connect to the outside world (with a firewall)? We used to do this in XP to prevent Bill's Internet Explorer from downloading updates.
Are any of the custom roms currently available able to run without google-anything??
Is there any hope, or is it truly hopeless? If a custom rom that gave google the boot was available, how many would pay a small fee to have it? Just curious??!!
TY
A.
Click to expand...
Click to collapse
There is one project that is working on removing Google completely in the forums. A search will find it for you. There are some issues that I don't recall if they could find a way around or fix. You could give that a shot.

Custom ROM survey

Hi everyone,
We are conducting a survey on the current usage of custom ROMs and user interests and I'd like as many users as possible to answer the very few questions: https://bit.ly/2gM1Ntv (survey is closed now)
Why all this?
We believe that the current custom ROM world and choice is not very nice. We basically have a single large player and a few smaller ones providing official builds and then there are many "homemade" ROMs of doubtful trust. Newbies that care about privacy and free software are scared of homemade ROMs, don't like CM and usually have a device not officially supported by the smaller ROMs. We are thus discussing if we should start a whole new ROM (maybe robbing some hardware code from CM) or contribute to an existing one. Our focus is on security and privacy and some of our ideas might be hard to achieve inside the currently existing ROMs.
We don't want to re-invent the wheel if it's not necessary, a ROM that nobody wants to use is just a waste of time.
To know if our ideas of a custom ROM are supported by the community, we need to know what you think about custom ROMs and our ideas on it.
If you want to discuss this further or want to give your opinion on this publicly, fill this thread up with whatever you want. We don't bite.
Thank you for your time,
Marvin

Personally I would like a ROM based on CyanogenMod (since I like 90% of the ROM) with:
- microG included
- Integrated XPrivacy (but rewritten inside the ROM without Xposed)
- Ability to hide root to specific apps on-the-fly without restart (with the code included inside the ROM impossible to detect)
- Ability to simulate other phones to specific apps on-the-fly without restart
- ARMv7 to ARMv6 software emulation for apps that support only ARMv7 on ARMv6 phones (probably slow but better than anything, ARMv7 to x86 emulation already exist)

ale5000 said:
Personally I would like a ROM based on CyanogenMod (since I like 90% of the ROM) with:
Click to expand...
Click to collapse
Problem with CM base is that it is partly proprietary (contains some google libraries). Read about freecyngn for details.
ale5000 said:
microG included
Click to expand...
Click to collapse
Plan is a sort of "setup wizard" that allows to install microG and of course the required patches as part of the ROM.
ale5000 said:
Integrated XPrivacy (but rewritten inside the ROM without Xposed)
Click to expand...
Click to collapse
Three-state deny/spoof/allow is already on our wishlist as well as extending the permission model to be more fine-grained.
ale5000 said:
Ability to hide root to specific apps on-the-fly without restart (with the code included inside the ROM impossible to detect)
Click to expand...
Click to collapse
The idea is to have a root system that works the opposite to what some su hiding tools do: the su binary is only available to certain apps the user preselected. This will also hide it to apps that should not see it. This way we can't have a nice "grant root permissions" dialog, but these are insecure nonetheless.
ale5000 said:
Ability to simulate other phones to specific apps on-the-fly without restart
Click to expand...
Click to collapse
What exactly do you want to simulate. The device name as returned by Build.MODEL? Note that it is technically impossible to simulate a whole other device in a way that can't be recognized
ale5000 said:
ARMv7 to ARMv6 software emulation for apps that support only ARMv7 on ARMv6 phones (probably slow but better than anything, ARMv7 to x86 emulation already exist)
Click to expand...
Click to collapse
Which device is still ARMv6 nowadays? joke aside, the x86 emulation was developed by Intel (so that their processor can compete on the smartphone market), a similar software is very unlikely to be written for armv6. It might be possible to use user-mode qemu to run armv7 libraries on armv6, but this will be terribly slow and for most apps the reason to use native code is that it should be faster than Java code, which will not be the case with such an emulation approach...

MaR-V-iN said:
The idea is to have a root system that works the opposite to what some su hiding tools do: the su binary is only available to certain apps the user preselected. This will also hide it to apps that should not see it. This way we can't have a nice "grant root permissions" dialog, but these are insecure nonetheless..
Click to expand...
Click to collapse
Although it is more secure it will kill user-friendliness and it will probably cause compatibility problems with old apps.
I sometime use also apps no longer updated and it wouldn't be nice to not be able to use them.
I think it would be better to support both modes and allow user to choose.
MaR-V-iN said:
What exactly do you want to simulate. The device name as returned by Build.MODEL? Note that it is technically impossible to simulate a whole other device in a way that can't be recognized
Click to expand...
Click to collapse
My intent is just to run apps that do run only on specific phones without change the app itself, I don't think they use a type of detection hard to bypass but I don't really know.
MaR-V-iN said:
Which device is still ARMv6 nowadays? joke aside, the x86 emulation was developed by Intel (so that their processor can compete on the smartphone market), a similar software is very unlikely to be written for armv6. It might be possible to use user-mode qemu to run armv7 libraries on armv6, but this will be terribly slow and for most apps the reason to use native code is that it should be faster than Java code, which will not be the case with such an emulation approach...
Click to expand...
Click to collapse
I know that it will be really slow but it still would be better than an app that crash at startup.
PS: Also it would be nice to have compatibility with cSploit.

ale5000 said:
Although it is more secure it will kill user-friendliness and it will probably cause compatibility problems with old apps.
I sometime use also apps no longer updated and it wouldn't be nice to not be able to use them.
I think it would be better to support both modes and allow user to choose.
Click to expand...
Click to collapse
For apps this will look as if you don't have root if you did not grant permission in advance through the system settings. The applications should not break because of this (but maybe just show you a message). Yes, it will be less user-friendly, but opening a critical hole in the security system should be nothing that is user-friendly. You usually do not have a lot of apps that require root access and to activate those manually in the system settings is not a huge problem. We would like to add features to the ROM like app data backup so that you need even less.

Well, for a normal user yes, but a normal user do not usually install a custom ROM.
I personally use a lot of apps that require root access.
Although it is probably not so easy I think it is possible to implement a dialog with tapjacking protection that ask if allow or deny root access.

ale5000 said:
Well, for a normal user yes, but a normal user do not usually install a custom ROM.
I personally use a lot of apps that require root access.
Although it is probably not so easy I think it is possible to implement a dialog with tapjacking protection that ask if allow or deny root access.
Click to expand...
Click to collapse
Even with all tapjacking techniques that are possible in Android (which would include a certain delay for the root usage confirmation to be tap-able), you can still use invoke keystrokes. This would allow a privilege escalation. When talking about security, don't argue with "I know what I do", it's not about you knowing what you do, it's about attackers knowing it as well.
The only effective way to protect against any type of tapjacking/input injection is to put everything completely aside (e.g. in the settings app) and protect it by requiring the user to enter his/her lockscreen key (or use fingerprint) before being able to change anything. While the ask about permission approach might be good enough for classic permissions (contacts/calender), it is not a good idea for something like root access, because it requires extreme caution.
Can you list the apps that require root which you are using? This would help a lot in finding out how important the root feature really is.

What are the benefits or rooting

This could be a general question for all Android phones.
It seems that Google is making it more difficult to root with every release of Android . If you do manage to root, sometimes you lose functionality unless you manage to find a workaround.
In years gone by, there were good reasons to root because Android was missing a lot of useful features that developers were able to implement on rooted devices but Android has improved a lot and Google has implemented a lot of the functionality that previously required root and customs ROMS.
So my question is what are the real benefits of rooting the Moto Z and rooting in general?

Still mandatory
1) Access to hosts-file for ad-blocking and other security purposes.
2) Ability to remove bloatware installed as system apps by vendor or manufacturer.
3) Use of firewalls, filters and stuff on network level
4) Granulated right management like "deny location", "deny network state" and stuff - per App.
As long as even only one of these access rights is not available on non-rooted Android, rooting is mandatory.
By the way: And at least 1)+4) was MY reason not to buy the Blackberry PRIV, which could have been perfect for me by means of design, look-and-feel, specs... if it was rootable. And that´s contrary to BB´s intentions. Sad, so sad... :>
Now Moto Z: Happy, so happy!

Also:
- Customize UI (I use battery bar, seconds in status bar, up-/downloadspeed, blurring background on expanded notification bar)
- when possible (atm only with marshmallow, not nougat or later) Xposed with a number of modules [not SafetyNet compatible... other say that, I was able to use it with suhide on my old phone]
- Viper4Android (sound equalizer for the whole system)
- Greenify
- and a few more
- works with SafetyNet

To put it simply.
fULl cOnTROOOoOL

omnomnomkimiiee said:
To put it simply.
fULl cOnTROOOoOL
Click to expand...
Click to collapse
Those are all great reasons to root. One more reason that I find gives me peace of mind is the ability to do actual backups. Titanium backup and even nandroid backups (which kind of go along with rooting) are great for making sure you don't lose any important information or settings.

How to redefine app "system permissions" ? Or if not possible howto make app that ...

How to redefine app "system permissions" ? Or if not possible howto make app that ...
Hi Everyone,
I'm new to android, and having 2 different phones (running 5.1.1 and 6.0.1 versions, both rooted) and numbers I have quite some issues with apps (paying gps outdoor app, whatsapp,...) and since I travel a lot many connections issues to accounts on other apps "you seem to not be...." with codes I don't get because I'm roaming
In order to find a way to use them with the same accounts and settings on both phones and to solve the authentication issues, I took different angles to solve it, but none worked. In doing so I discovered many ways to enforce permissions through the code that where disabled by the user (worse than I thought). Well I dislike and want to change it.
Anyway to make things shortne approach is to completely limit the app access all localisation approach, phone ID, number, carrier, IP number, other accounts on the phone....
On the 5.1.1 I tried:
App Ops => allows to "change" if one looks in the App, but changes are not effective (way apps work and according to "Explorateur de permissions")
Apk permissions works but only on some user installed apps, I tried moving system apk to other folders, change them through the Apk permissions and reinstall them, didn't work
Decompiling the apk with Apk Studio, changing manifest, recompiling, reinstalling seems to not be enough, if I understood it right if the code contains specific rights and there not in the manifest, it doesn't work. Right
next step would be to dig into the code and change it...
All this is extremely time consuming even if it would be the "clean way"
On the 6.0.1 :
I removed the bloatware with Root Uninstaller,
Modified the permissions apps had, incl system apps
And since some apps still seemed to exchange some information over data or wifi, I limited all background data usage over data or wifi.
All this make my phone much less user friendly and does not solve my issues
So please, I you know of a reliable "easy" way to really manage permissions, or to generate a master permission file that overwrites apps permissions? removing all weird "granted", or if you have any idea on how you'd start it, please let me know
From this "clean approach" I got to spoofing, which seemed to be a solution to work around some issues using several different apps that would change the location, the IP, the network, VPN, spoof caller ID, ...
Well... since I had discovered all kind of right that can be given to an app, I checked their manifests before installing them. They might solve some issues, but generate worse problems (billing?!!all social media accounts?! create social accounts?!?)
So is there a clean app that lets you temporarily "clone" phone1 on phone 2 considering they are not at all the same (manufacturer, android, phoneID, carrier, phone number) and change the location and this only to some apps? Still have to use SIM carrier.
If not, any hints on how to write this?
thx :laugh:
---------------------
Hasbeen developper, totally new to Android who still believes that technology should allow to increase productivity and respect FREEDOM and PRIVACY.