Well, I’m sure that it isn’t a secret for anyone, CM7 has been and still is my favorite rom for my Defy(s). I’ve been using it since the day Quarx’s brought IP Tables support to it – hence allowing me to use Droidwall as an Android firewall. I could then selectively allow/deny internet access to any installed app [having internet access permission that is…]. This is a first and important security step, but like anything, this has limitations; apps that do ‘really’ need internet access are then free to send (and receive) whatever their Android permissions allow them to get a hand on. For that, CM7 has a neet feature called ‘permissions management’ that allows you to control each app’s permissions individually. This option works fine BUT the problem is that the apps that you control that way often lose functionalities, stop working altogether or even throw you an error message telling you that the app’s permissions have been altered and that you will not be able to use it unless you reset them.
So how to solve this potentially very critical security flaw without losing apps functionality? ==> PDroid.
Thanks to xda user measel, I’ve just recently discovered this wonderful piece of software and I don’t think that my Defy will ever live without it from now on. The app itself is not really a new one and I’ve decided to create this thread to spread to word around and in the hope that it will be helpful to other Defy owners conscious about their data privacy.
WHAT IT DOES:
• More than just blocking apps Android permissions, it lets you control each individual app’s access to private information (user + system);
• It allows you to block and, in some cases, let you either use random or custom private data;
• It will also (if desired) warn you on any root or privacy info access, all that with an easy to figure out and use user interface [see pics];
• And best of all, applications will not crash when their access to private data is blocked unlike with Permission Denied (using LBE Privacy or alike or with CM7).
Disclaimer: I’m only the messenger and I take no credit or responsibility for anything that you’ll do with your phone from here on.
HOW TO:
Original thread by the dev [go have a read and give your thanks to svyat]
Pre-requisites:
- Make sure that you did not use Titanium Backup to integrate sys Dalvik into the rom [if you don’t know what that means, chances are that you didn’t; ignore it];
- a PC running Windows;
- a CM7-jordan/Jordan-plus build;
- PDroid patcher v1.31 (v1.27 also work but the latest version (v1.32) from the link above doesn’t work for the Defy. So I’m attaching v1.31 here which I’ve found with a little digging through that thread;
- the PDroid.apk itself [Market link] or [Dropbox link from the dev];
=> If you don’t have access to a PC running Windows or just don’t want to go through the trouble of patching process described below, you can head over to measel’s CM7 nightlys | info collection thread and locate the build you are using; he was kind enough to provide us with patches for most of recent Jordan builds. So go and grab your applicable patches and give thanks to him.
=> If you’re running CM9 or CM10, this patcher will not work for you, but there are alternatives - namely: the ‘auto-patcher’ or even the PDroid v2 [I’ll give links to those later]. Just go read the last few pages of the original thread, there are quite a few mentions/redirections to those over there. [please don’t ask me about questions about those as I did not try them just yet]
Note: PDroid is an ongoing but currently ‘on hold’ project [because, like someone said before: devs sometimes have a life outside Android...] which works perfectly fine as it is if you follow the next few steps below.
Zero off: Make a nandroid backup of your current phone setup.
First off: Create the patch for your rom:
To work, PDroid first needs you to mod 3 framework files and push them onto your phone. To do so, all you need to do is to execute the PDroidPatcher.exe. file [extract it from the zip attached] and point it to the CM7 build you are using. Let it do its thing and it will create a CWM recovery flashable zip and an undo (RESTORE) one.
Second: Flash the patch:
Just boot into recovery, wipe cache and dalvik and install the patch and boot up.
Third: Install the apk
That’s it!, you’re now ready to go your list of installed apps and start controlling your privacy accesses.
Warning: again, go read the original thread for a how to on how to backup your PDroid settings and/or use TB to do so.
HOW TO USE:
Well, it’s all pretty obvious and with a bit of common sense, you will easily figure out how and what to set up. By default, nothing is blocked and apps are free to access data. So you’ll have to go through your list of installed apps and set up each individual data access and then try them out. For example, logic would tell us not to block the ‘GPS/Network Location’ data to maps related apps nor block ‘Accounts credentials’ to apps dealing with user IDs and passwords like Email or social apps.
I can’t give you detailed instructions here (it’s not the point of this thread anyway), but if like me you already use Droidwall, you can first leave alone all the apps that you’ve black listed for internet access [pic 2] since they won’t do anything with your private data if they can’t send it back home… There is also an option within the app to ‘hide all the safe apps’ [which do not have an internet permission]; check it to reduce the size of your list of apps to configure.
From experience, I’d also suggest you to keep an eye on the apps requiring a password to run since blocking Device or Subscriber ID might mean that you’ll have to always enter passwords each time you run the app that would otherwise be remembered by those apps. As a rule of thumb, I pretty much choose the ‘use random’ option whenever it is available (just to minimize problems with the app on blocking completely – I’m not even sure this is a valid argument here…) or block everything else when it’s not and finally, I leave ‘Network Info’ allowed since it basically only lets apps know if you connected to internet or not [who cares if they get your wifi’s SSID or not…].
But again, you’ll have to fine tune the whole thing for each and every app and run them to check for full functionalities – but at least they won’t crash on you… Finally, you can pinpoint potential problems/solutions by turning off the general PDroid notifications option and by turning on a specific app’s ones [pic 3].
Happy privacy enhancement!
/AL
As usual!
Quality guides from lovely []AL[]
I don't want a tapatalk sig!
nogoodusername said:
As usual!
Quality guides for lovely []AL[]
Why not move to Android Apps forums?
I don't want a tapatalk sig!
Click to expand...
Click to collapse
"lovely AL" wow! you surely are the first person to tell me anything like this here on xda.
..not sure if I should be flattered or run away by homophobia - hehehe! :laugh:
Well, I didn't mean to make it a guide when I started writing it, but like always I had things
to say and the post got longer and longer.. so I guess that we can call it a sort of guide...
But I truly like the app and believe that along with Droidwall, that should be installed on every phone.
In fact, Google should look at this and incorporate something similar into Android.
OK, I'll go reply to your PM now... cheers!
Edit for your question: because like I wrote in the OP, I'm just the messenger and not the dev of the app.
The app also works mostly for on phones running CM7 and even not all the phones support it either.
So I wouldn't publish this widely without at least asking permission to the dev. But here for Defy owners fellows,
I know it works fine and again, I think that it is pretty much an essential app to have.
9 downloads/1 thank;
Leeches, I see leeches everywhere!
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Excellent app
Arch Linux User ..
KicknGuitar said:
Shhhiiiiii- You got me excited! I thought I'd find a patch for the Quarx rom! So far auto-patcher can't patch Quarx's CM10 roms. Nor do I understand why that's so but that's why I'm not a dev.
Click to expand...
Click to collapse
Well... sorry to hear that; I had no clue that it doesn't work with Quarx CM10. It seems to work for some other JB builds/phones... But like I wrote on the OP, I haven't tried any of this on CM9/JB yet. So again, too bad that this thing is a no go for now. I hear that Quarx is very busy outside Android's world as of lately so it might not be a good time to ask him about this - might also be low on his priority...but who knows, someone might read this and find an answer for you.
ps: quite an avatar you got there :silly:
an thanks for the link to the auto-patcher thread; it might be useful to others and it'll save me the search when I update the OP with it and your comment eventually...
juan296 said:
Excellent app
Click to expand...
Click to collapse
Well thanks but again, just I'm just a messenger here and not the dev... :highfive:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Arch Linux User ..
juan296 said:
Actually, I use DroidWall , so.. can uninstall this app? And right now, JUST USE pdroid! Right?
Click to expand...
Click to collapse
I still use both...they are quite different apps and don't do the same at all. Droidwall is a firewall that let you control if an app has access to internet or not; PDroid controls what private information each app can access.
Like I wrote on the OP, any app that is blocked by Droidwall doesn't need a PDroid setup, but apps that need internet connection could be free to get private information from your phone if you don't use PDroid...
Basically, PDroid has no way of blocking all internet access; it only blocks apps from reading private info (or scrambles it by returning info like random network location or sim ID#...)
Related
Hey MoPho's - I've been using LBE privacy guard for a few months, and it seems to be working pretty good. I also do have aVast antivirus installed which has its own firewall/permissions, but I have left that disabled to have LBE nanage everything.
Now, my only main concern with LBE is just the uncertainty of how trustworthy or safe in better words the app actually is. A few posts here and there from our boards pound on these concerns of not being able to get in touch with developer, not open source, and if any data is leaking back to wherever (China origin?)
I see that droidwall has been suggested as an alternative, but from some comments - droidwall isn't always consistent in monitoring or loading up prior to app launch or allowing a notification versus manual navigation to droidwall to re-config newly installed apps.
Now, I don't install much and keep on main markets - having something like LBE was awesome to knock off a ton of unecessary permisions... saying that we need to monitor each permission prior to installing is a given, but some of them are just getting out if hand, and thus a permissions manager is so helpful.
I'm not sure of droidwall has improved / there seems to be also another permissions denied app, but haven't digged up on further info.
Thanks for chiming in - running stock OS sprint 2.3.4 with root only.
It would be still great to hear an opinion Posted from a month ago - cheers.
I use it as well and would like to hear some input!
Sent from my Motorola Electrify using Tapatalk 2
Pdroid is open Source and more advanced. But I couldn't try it because im on the cm9. Its only support gingerbread right now. Please test and inform us about it if you are using deodexed gingerbread.
http://forum.xda-developers.com/showthread.php?t=1357056
Ah thanks, yeah unfortunately I am running simply stock sprint rom on the photon with 2.3.5 OS rooted via torpedo method. I clicked on over to the link though - looks great as pdroid was a big one people mention... and it being open source. If there was a way to run it without further modifying the photon stock os, that would have been awesome...
Anyways, if there was an alternate open source to LBE that's easy to install on a stock rooted photon - would be cool. Otherwise, it'd be great to hear that I probably shouldn't be as concerned to this app being closed sourced and to disregard all the questionable threads here on where our data if any, is being collected and sent to wherever. I saw a few posts on reddit.com about this, and nobody was too alarmed when scanning through LBE code... obviously, that's beyond my scope of knowledge - hence asking here
Unfortunately I've uninstalled LBE already as it seems that at this moment it is a dummy program when it comes to blocking other applications to connect to the Internet (the reason I had it installed in the first place).
To test it out I used LBE to block an app that relies on the Internet to work and that other app kept updating with new content nevertheless.
I even restarted my phone (as some apps need a phone restart to fully work) and unfortunately there was no change. LBE doesn't seem to work for that purpose (at least not on my phone) so I was a little suspicious about it and removed it.
To be honest I didn't have much time to tinker with the other options in the app, but if it doesn't seem to be any good at one thing it's supposed to do I have doubts it would do it's job for the remaining functions.
Will be looking for an alternative. Suggestions are welcome.
Update: I've just tried the translated LBE Security Master App and this one seems to work.
Find it here: http://forum.xda-developers.com/showthread.php?t=1422479
lgmdp 1.5
http://sharemobile.ro/file/616562
lg united mobile drivers
http://
www.lgforum.com/resources
a very important sdk tool
http://
developer.android.com/sdk/index.html
Android
Development Tools (ADT)
[The ADT plugin
includes a variety of powerful
extensions that make creating,
running, and debugging Android
applications faster and easier.]
http://www.softpedia.com/get/Programming/Components-Libraries/Android-Development-Tools.shtml
Super one click [tool for rooting gb ]
http://shortfuse.org/?page_id=2
gingerbreak [tool for rooting froyo]
http://forum.xda-developers.com/showthread.php?t=1044765
Android kitchen [a great tool for ROM customization]
http://forum.xda-developers.com/showthread.php?t=633246
terminal emulator [A great tool for linux commands]
http://www.papktop.com/android-terminal-emulator-1-0-32.html
z4root [tool for rooting 2.2.1 and 2.1]
http://forum.xda-developers.com/
showthread.php?t=833953
(by ibub)
kdz updator
http://www.2shared.com/file/QcnRcyua/KDZ_Updater.html
java development kit
http://software-files-a.cnet.com/u/test/jdk-7u10-windows-i586.exe
fastboot.exe
http://www.2shared.com/file/4l7HKE3O/fastboot.html
flash_image [if u use terminal emulator]
http://www.mediafire.com/?7pkcte8gcyn9pet
########################
below tools are taken from lycan thread all credit goes to him for the below ones
apktool : http://forum.xda-
developers.com/showthread.php?
t=640592
APK Multi Tool : http://forum.xda-developers.com/showthread.php?t=1310151
StudioAndroid : http://forum.xda-developers.com/showthread.php?t=1541372
adb pusher : http://www.xda-developers.com/android/push-files-to-your-device-with-quick-adb-pusher/
Bootanimation Creator :
http://forum.xda-developers.com/showthread.php?t=1234611
#####################
ROOT APPLICATION (tAKEN FROM I CLICK ROOT) (I WIlL ADD MINE SOON AND NEVER GONNA INCLUDE ROM MANAGER)
10) ShootMe – Screenshot app
Android has a lot of advantages over its
main competitor, Apple’s iOS. However,
unlike iOS, Android doesn’t give users the
ability to take screenshots of their
phones. Thanks to the ShootMe app
available on rooted phones, that problem
is a thing of the past. This app allows you
to set up a trigger for when the phone
should take a screenshot. For example, if
you want to take a screenshot every
time you shake your phone, you can easily
set that up.
9) Titanium Backup – Automatic backup
and recovery app
No electronic device is immune to
failures. If you’re like most people, you
keep some valuable information on your
Android device. From phone numbers to
pictures and everything in between,
losing access to that data could be
devastating. That’s why you need
Titanium Backup, an app which allows
rooted Android users to set automatic
backup options. All apps and other data
is saved, so if you screw up your phone
while trying to install a custom ROM, you
can easily restore it with the click of a
button.
8) Metamorph – Customize every single
aspect of your phone
After rooting an Android phone, one of
the first things that many users do is
customize their device. Thanks to the
Metamorph app, phone customization is
as easy as possible. Simply download the
app, then browse through a selection of
custom themes. If you want, you can
even make your own theme. Using
Metamorph, you can personalize your lock
screen, menus, app screens, and all
other aspects of your Android phone.
7) Adfree – Instant advertisement
blocking
Sick of seeing advertisements on your
phone? Aren’t we all! With the Adfree
app, you’ll never have to see another
advertisement again. The Adfree app
works in a unique way: instead of
actively scanning each app and webpage
for advertisements (which slows down
Android performance), Adfree simply
blocks the IP addresses of common
advertising agencies. This means that
advertisements will refuse to pop up
while using apps, browsing the internet,
or performing any other types of tasks
on your phone.
6) Busybox – Use Linux commands
Busybox might not appeal to the average
Android user, but it will certainly appeal
to tech geeks and Linux users. Busybox is
an app that adds Linux commands to your
Android device. To make the app as easy
as possible to use, Busybox even lists the
commands, making it easy to perform a
wide variety of functions that are
normally unavailable to users of non-
rooted Android devices.
5) Wireless Tether – Wireless hotspot app
Share your Android phone’s data
connection with any other wireless
device using the Wireless Tether app.
This is an ideal way to use your phone
data on your laptop while you’re in an
area with no internet connection,
although tethering can be used for a
wide variety of purposes. With the
Wireless Tether app, tethering can be
performed on any carrier and any
Android phone. Since some companies like
AT&T charge an additional $20 per
month for tethering, this makes the
Wireless Tether app an extremely
valuable tool.
4) Tasker – Automatic task app
Tasker is a smart app that will automate
all sorts of tasks on your phone. For
example, you can set a task to run every
day at 5pm, or perform plenty of other
useful functions. Although Tasker is
available from the Google Play store, it
won’t have root access on non-rooted
Android phones. When you give Tasker
root access, expect to see some
phenomenal results.
3) SSH Tunnel – Safeguard your internet
usage
Instead of letting anyone see what
you’re doing on the internet, the SSH
Tunnel encrypts your internet
connection using an SSH tunnel. When
you access a public Wi-Fi network
without an app like SSH Tunnel installed,
anybody with basic technical skills can
see what you’re doing over the internet,
which is most definitely a bad thing.
2) SetCPU – Overclock and monitor your
processor
The processor is at the heart of your
Android phone’s operations. On a normal
Android device, the user’s actions won’t
affect how the CPU functions. However,
thanks to the SetCPU app, that is no
longer a problem. SetCPU allows users to
customize the CPU to run at different
frequencies according to what the user
is currently doing. For example, you can
instantly reduce the CPU’s clock speed
when the screen is turned off, which
saves an enormous amount of battery
life. Ultimately, SetCPU allows you to
save battery power, speed up your
Android device, and monitor its
temperature.
1) Superuser – The first app to install on
a rooted Android device
MINE ROOTED APS
Hide my Root
Sure, CyanogenMod may be getting
more granular root settings, but
can you password protect them?
This app can.
--
Hide my Root lets you temporarily
hide the superuser binary and app
so that no applications or users can
get root access. You can even set a
password so that only you can
restore root access. On some roms
(usually rooted stock roms), Hide
my Root will allow you to use
Google Videos and similar apps on a
rooted phone. On custom roms
such as CyanogenMod, it will not
allow you to use Google Videos and
similar apps on a rooted phone.
Root Logger by Stericson
Root Logger is the only application
that can log all shell commands
that are sent to your phone,
including those from other rooted
applications. Root Logger can also
tell you who executed the
command, when it was executed,
and whether or not the command
was executed with root access. This
application will help you keep an
eye on what's being sent to the
shell on your phone and what those
applications are doing on your
phone. This Application requires
root access, busybox, and these
commands, which are usually
provided by Busybox, chmod, ln, ls,
cp, chattr, and rm.
Root Explorer
This is by far one of the most
comprehensive file managers out there.
This app gives you access to the whole of
android's file system and includes
features like an SQLite database viewer,
Text Editor, the ability to create and
extract zip or tar/gzip files, extract rar
archives, multi-select, execute scripts,
search, remount, permissions,
bookmarks, and lots more. There’s a free
version as well for you to try out.
Call Master
This advanced call and SMS blocker
gives you unique privacy features for
rooted users. With the app running
silently in the background, you can block
an MMS before it downloads, filter SMSs
by content and lots more.
MarketEnabler
You’ll notice that certain apps are
country specific and won’t show up in
the Play Store on your phone.
MarketEnabler helps you get around this
by tricking the Play Store into thinking
you are actually in that country or region
and allowing you to download the app.
You obviously won’t find this on the Play
Store, but a quick Google search will
help.
SD Maid
SD Maid will automatically clean up
unwanted files left behind when you
uninstall apps. Just like Windows,
sometimes certain files are not deleted
when you uninstall them and they can
clutter your file system over time. This
app helps remove those unwanted files.
StickMount
This app was designed to enable USB
On-the-go access on the Galaxy Nexus,
but there’s no reason why it shouldn’t
work on other handsets running ICS and
above. All you need is the cable and then
you can access data from your pen drives
easily, thus expanding your storage
Call Master
This advanced call and SMS blocker gives
you unique privacy features for rooted
users. With the app running silently in the
background, you can block an MMS
before it downloads, filter SMSs by
content and lots more.
Great Thread!!
Sent from my LG-P509 using Tapatalk 2
jerry7389 said:
Great Thread!!
Sent from my LG-P509 using Tapatalk 2
Click to expand...
Click to collapse
thanks
i have contacted one of the moderators to keep the thread on the first page waiting for their reply
and if u have more tell me i will add them as soon as possible
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
if u can give me the thread link
Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
androidisfuture said:
if u can give me the thread link
Click to expand...
Click to collapse
I think he is talking about this
http://forum.xda-developers.com/showthread.php?t=1256048
Sent from my LG-P500 using Tapatalk 2
Christian Nothing said:
I think he is talking about this
http://forum.xda-developers.com/showthread.php?t=1256048
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
if he is talking abt this then my thread is not similar to sweetnsour as i am giving tools and i can only find android kitchen similar tell me if u agree
i have added 4 more :victory:
as sdk contains a varirty of tools like Dalvik Debug Monitor Server (ddms);dmtracedump etc my list is getting to an end but still no answer from the moderators
Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
To be honest, I feel that this kind of exists in Lycan's sticky:
http://forum.xda-developers.com/showthread.php?t=901247
specifically this post:
http://forum.xda-developers.com/showpost.php?p=25489058&postcount=177
sweetnsour said:
To be honest, I feel that this kind of exists in Lycan's sticky:
http://forum.xda-developers.com/showthread.php?t=901247
specifically this post:
http://forum.xda-developers.com/showpost.php?p=25489058&postcount=177
Click to expand...
Click to collapse
now i feel that this is similar but i am trying to add more and more if u have some tell me
Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered in different branches . Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app
ibub said:
Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered. Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app
Click to expand...
Click to collapse
i have pm lykan but no response i think he missed my pm
ibub said:
Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered in different branches . Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app
Click to expand...
Click to collapse
androidisfuture said:
i have pm lykan but no response i think he missed my pm
Click to expand...
Click to collapse
I am not sure if a compromise is possible. By looking at Lycan's last post, it looks like he hasn't been on for several months now. The thing is, that thread was first started by Bytecode, who handed the thread over to Lycan, so if Lycan was still active on XDA, I would've requested ownership of the thread. But since he has been inactive, I think it would be alright to copy the tools from his thread to yours (since his thread is not just about tools and such while this thread is), and in the event that he does come back online and asks for the tools to be removed from this thread, maybe there can be some sort of a compromise then.
sweetnsour said:
I am not sure if a compromise is possible. By looking at Lycan's last post, it looks like he hasn't been on for several months now. The thing is, that thread was first started by Bytecode, who handed the thread over to Lycan, so if Lycan was still active on XDA, I would've requested ownership of the thread. But since he has been inactive, I think it would be alright to copy the tools from his thread to yours (since his thread is not just about tools and such while this thread is), and in the event that he does come back online and asks for the tools to be removed from this thread, maybe there can be some sort of a compromise then.
Click to expand...
Click to collapse
ok i will see to it
if i can copy i will give credit to him
i have 5 more they are of lycan
the thread is now a sticky
Thanks !!!
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Some custom after market ROMs allow to drop any permission by user but it may render app useless.
Most of the time apps are not malware, but sometimes they may be. You can contact developer of the app requesting for reasons of these permissions and he may reply better.
you can always use auto start manager app within the rom toolbox to control the permissions of the apps..
Confucious said:
Being a Noob to Android I thought I'd install some location based profile software which is one of the things that Android owners always say they can do which is lacking from the iPhone.(where I come from)
Lamma seems to be recommended but the permissions it asks for include:
"Add or modify calendar events and send email to guests without owners' knowledge. read calendar events plus confidential information"
clicking on the detail is even more scary.
Android tells you what it's going to do - but do users actually allow this? Most apps seem to want permissions that you would have to be mad to accept.
Can I not install any useful app without agreeing to terms that are unacceptable?
What am i missing? Do people just allow unrestricted access? Not install any app? or is there a way of installing apps but not giving them stupid access?
I can't believe people allow that sort of access - I must be missing something.
Click to expand...
Click to collapse
You really have to think about what the app could be using the permission for, for example something like tasker pretty much needs every permission going because it allows you to set anything up as a profile etc.
The rule of thumb is to look at the app reviews, look at the permissions and just think about what the app could be using it for.
Sure a soundboard style app shouldnt need to make phone calls but many apps do need permissions that at first glance you might not think are needed.
And if your really in doubt email the developer and ask them to explain why they need this permission.
Surprise :laugh:
http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/
PeerBlock is now available in the Google Play Store! https://play.google.com/store/apps/details?id=com.peerblock_new
For anyone who is having the first version of PeerBlock For Android, I lost my certificate key by accident and was not able to update the first one I've uploaded.
Please install this version if you want it more updated with a lot of bug fixes.
Some features might not work yet as it's still Work in Progress but the basic functionality is working.
PeerBlock For Android lets you control who your phone 'talks to' on the Internet.
By selecting appropriate lists of 'known bad' computers, you can block communication with advertising or spyware oriented servers,
computers monitoring your p2p activities, computers which have been 'hacked', even entire countries!
They can't get in to your phone, and your phone won't try to send them anything either.
And best of all, it's free!
Keep in mind that I'm not a member of the PeerBlock team, I just wanted PeerBlock for phone
You're able to grab the lists from iblocklist.com so you can start blocking those evil hosts
To add lists to PeerBlock create a new directory in the root of the sdcard (not external sdcard)
Called 'PeerBlockLists' here should be all the text files
Everytime you added a new/updated list to your PeerBlockLists please press the 'Rebuild cache blocklist' and reboot so that new hosts can be blocked
Running a Firewall? or no internet ?
Be sure you enable Input Chains and WiFi rules for PeerBlock for Android even if PeerBlock for Android does not use the internet or WiFi.
The internet permission is being used to inter process communication with the apps and service to see if a connection should be allowed or blocked.
WARNING:
Root is required for XPosed to be installed
Use at your own risk!
WORK IN PROGRESS. WILL EAT YOUR CAT.
Features:
Block million of hosts (upto billions)
Add unlimited amount of block lists
Allow HTTP/HTTPS Traffic when PeerBlock is enabled, this will make a security hole though so better if u keep it off
Block All Traffic (Paranoid Mode) every single application in android will not have internet
Block DNS - Block DNS Requests
Block the 'Ad' Keyword in host names to give a better success rate for blocking ad's
Have a history list of every application that connected to a host
Block a hostname/subnet/ip address from the history
No internet leaks at startup!
Show a notification when a connection is being blocked.
Show a notification when a new connection is being established.
If people wonder if this also works for the Galaxy Note3... yes it does I'm having one myself
How To use
1. Install XPosed Framework
2. Install PeerBlock For Android
3. Create a directory in the sdcard called "PeerBlock"
3. Create a directory in the PeerBlock directory a directory called called "PeerBlockLists"
4. Go into XPosed Framework Installer and enable "PeerBlock For Android"
5. Reboot your device
6. Now go to the website iblocklist.com
7. Take any list you wish for example, http://www.iblocklist.com/list.php?list=bt_ads
8. Press the Update button to download the list (or copy the Update URL into your browser to download it)
9. Now simply copy/paste the .txt file into the sdcard in the folder PeerBlockLists
10. Go to the main menu and hit the "Rebuild cache blocklist" button
11. Reboot your device and enjoy
New features in 1.04:
PeerBlock For Android is now using a Service to have it more stable and if the service is not running no app can communicate with the outside world.
More stability
Re-designed UI
Strange behaviour is fixed which people noticed
Quite a few bug fixes which people reported
Fixed most app crashes
Designed my own database format
Less format errors in rebuilding the cache list
@DragonHunt3r can we get gingerbread support plz?
It seems old problems still there : block ad hosts button still unchecked for example.
I cannot add a list thé button does nothing ?
Sent from my SM-N9005 using XDA Premium 4 mobile app
Wow this looks huge many thanks! Does anyone know if this plays nice with AdAway installed or should this be a direct replacement for AdAway?
lmike6453 said:
Wow this looks huge many thanks! Does anyone know if this plays nice with AdAway installed or should this be a direct replacement for AdAway?
Click to expand...
Click to collapse
You can replace AdAway with this or keep it side by side, it's your call really as AdAway is using the Hosts file and PeerBlock For Android is not using the hosts file
bournaze said:
It seems old problems still there : block ad hosts button still unchecked for example.
I cannot add a list thé button does nothing ?
Sent from my SM-N9005 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Same here, and if I select the 'Rebuild cache blocklist', all it seems to do is lock up the program.
Also, no mention on the YOLO test server being removed or not.
Hey there! What's happened? no play store, no apk, no xposed repo... no nothing... ?!
Conte Mascetti said:
Hey there! What's happened? no play store, no apk, no xposed repo... no nothing... ?!
Click to expand...
Click to collapse
Does anyone know of an alternative app to peerblock?
Since we just get ignored by the developer, and mysterious connections are constantly being made from the program.
xT29c said:
Does anyone know of an alternative app to peerblock?
Since we just get ignored by the developer, and mysterious connections are constantly being made from the program.
Click to expand...
Click to collapse
alt for PeerBlock - UnbelovedHosts
yespda2 said:
alt for PeerBlock - UnbelovedHosts
Click to expand...
Click to collapse
Thanks! I'll be using that until/if PeerBlock gets officially released to android.
Lost a user dragonhunter.
Welcome Back
DragonHunt3r said:
PeerBlock is now available in the Google Play Store! https://play.google.com/store/apps/details?id=com.peerblock_new
For anyone who is having the first version of PeerBlock For Android, I lost my certificate key by accident and was not able to update the first one I've uploaded.
Please install this version if you want it more updated with a lot of bug fixes.
Some features might not work yet as it's still Work in Progress but the basic functionality is working.
Click to expand...
Click to collapse
Hi Friend, where have you been? Long time no see on xda....I must say you were missed I know many fellas were disturbed with your app....so much so that they got old thread locked....but if it gives you any satisfaction I have been always using your app....though I missed your to do list....which I am sure now that you are back.....you can work upon
HTML:
Todo's
Check if UDP is getting blocked
Remove space used by Ad's
Add MAC-Address filter white/black lists
Show notifications (if enabled)
Making the Ip Range check multi-core
Create a blacklist/whitelist for apps to allow internet
Blocklist updater/downloader
Create a whitelist for hosts/Ip Addresses
Root-Mode with IpTables (I will not remove XPosed from the project)
Remove host from blocked hosts
A popup window which shows allow/deny for establishing a connection
that YOLO problem is yes definitely there...can you please remove....though I understand that your app wasn't using any permission even if it would I had DMZs (double checks) in place to get rid of any unwanted outgoing requests....even for PeerBlock....anyways back to the point....Your to do list was great....you should complete that :good:
Also, ask forum moderator to unlock that original thread as you are back in business
can you please post the link?
godofgeeks said:
Hi Friend, where have you been? Long time no see on xda....I must say you were missed I know many fellas were disturbed with your app....so much so that they got old thread locked....but if it gives you any satisfaction I have been always using your app....though I missed your to do list....which I am sure now that you are back.....you can work upon
......
Also, ask forum moderator to unlock that original thread as you are back in business
Click to expand...
Click to collapse
wow, could you cuddle Dragonhunter's balls any tighter?
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
drewcu said:
Hi,
Just joined a new company that requires Company Portal to access Outlook email and other apps on my phone.
Evidently even if you manage to hide root from Company Portal, a major requirement is having an encrypted device with Company Portal.
In order to get rooted 2 years ago, I ran Disable_Dm-Verity_ForceEncrypt during the TWRP setup process so my rooted V30 is not encrypted.
Is there any way to restore encryption now without losing my current stock rom settings and data and maintain root?
I see in LG Settings there is an option to Encrypt Phone and SD Card. Will this suffice so I can maintain root?
If not, is there a way to root and install a TWRP LG Pie Rom zip without disabling encryption via Disable_Dm-Verity_ForceEncrypt?
Or is it impossible to root and use Company Portal with the LG V30?
Thanks in advance!
Drew
Click to expand...
Click to collapse
My only solution to this problem was to always use webaccess for my Office365 account. They required the portal to use Outlook, and part of that requirement allowed them to wipe my phone whenever they wanted. It's my phone, so I guess I won't use their email on my phone.
Sounds like your company has yet another behind-the-times IT department (like mine). Although mine is also exceptionally incompetent. They left the IMAP server open and available to anyone, so I simply used that with my GMail account instead. It did require me to allow them admin access to the phone to wipe the device (though I think they can only wipe the email) but it worked. They finally got modern and are using 365 so now it doesn't need these extra things. You might want to see if you can wait until they wake up and/or see if there is a server you can connect to. I found mine because, due to their incompetence, they let iPhones use the native mail app via the IMAP server, but forced Android to use some garbage 3rd party software for it instead of GMail. In both cases, the IMAP server was easily seen and setup.
I also have a company phone, so I don't really care if they can wipe it. Again, if I was going to take data from them, I'd do it before I announced I was leaving like any reasonably-intelligent person... so wiping accomplishes nothing. But, again, these IT departments are really dumb and incompetent...
To answer your initial question, I don't know if there's a way to re-enable encryption... but I also don't think that this is something that they can detect anyway. I'm thinking it may be something else they're tripping over. You may consider installing Magisk, and then using it's HIDE feature to see if you can hide the typical "signs" of rooting/etc. It may be good enough to get you working. If it doesn't you simply remove Magisk again (or just stop using it)?
Thanks @ldeveraux and @schwinn8 for the replies!
I know we use Office 365 but I'll have to ask about web access to see if that is possible. It's my phone and supposedly it's "not required" that I install Company Portal/Outlook/Teams on my phone, but I would be the only one at the firm not doing that and I am a new hire so... kind of a bad look so soon. I am not really comfortable with them being able to wipe my phone either, but that wasn't mentioned to me... yet.
Also would have to ask about IMAP, but I doubt it. No company phones either which is fine.
Pretty sure it is the encryption (or lack thereof in my case) that is the issue. I already use Magisk v22 and Hide all signs of Company Portal and pass Safetynet. On another XDA thread where Company Portal is discussed, I followed the suggested steps to no avail:
1) Install Company Portal V5.0.5067.0
2) Magisk Hide ALL of Company Portal checkboxes
3) Reboot
4) Still pass SafetyNet
5) Launch Company Portal
While the app doesn't specify the encryption as to why it cannot get me to the login screen, that's the only conclusion I can reach at the moment.
Did either of you try or look into encryption built into the LG/Android Settings menu? I don't want to do that unless I know of someone with success with it, but am curious if that would allow root via Magisk Hide, encryption, and Company Portal.
Thanks!
Drew
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
ldeveraux said:
No I stopped carrying when they wanted permission to wipe. If the company was paying for the phone, that's one thing. If I'm using my personal phone for company use, that doesn't fly.
I realize this doesn't answer your question at all, but it's food for thought!
Click to expand...
Click to collapse
Carrying? Or did you mean caring?
drewcu said:
Carrying? Or did you mean caring?
Click to expand...
Click to collapse
Caring. I don't own a firearm.
ldeveraux said:
Caring. I don't own a firearm.
Click to expand...
Click to collapse
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
drewcu said:
Lol got it. Just making sure I understood what you meant.
Assume you didn't look into the LG rom based encryption then?
Click to expand...
Click to collapse
No at that point I gave up
Hopefully you'll get some help here, because I'd still like to be able to actually use Outlook on my phone!
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
schwinn8 said:
So, a quick search says that there are modules available and other things that need to be tried. One further thing is to hide root from various Google modules. I remember hearing that for some other apps... that you had to hide root from Google services. I also remember hearing that, in some cases, you have to clear data for apps after the hide, because they apparently save the rooted-status in their own data.
Basically, I doubt encryption is the issue... root is usually the problem and can be a bit tricky to hide properly. You just have to try things. I have never seen any app fail to work because encryption is not available... it's always a root-detection issue.
As for the IMAP thing, the point there is to use the settings you find elsewhere to access email. You're not asking IT for permission or info... you just need to find it. Most Microsoft-based IT places I have worked with have zero clue that this is open and offered, so once you find it it's just a matter of plugging in the right info.
As for the web-interface, again, my company (for example) doesn't tell us that we can use the Outlook app, but it works with no tricks whatsoever. Plug in your company account info and it figures out how to connect.
FYI, the module I mentioned above is referenced here: https://forum.xda-developers.com/t/...ne-company-portal-hider-intune-hider.3780451/ - no idea if this is necessary or even the latest version...
Click to expand...
Click to collapse
Thanks for the suggestions! I actually have tried different modules without success both for EdXposed (Security Bypass for Company Portal with CP version 5.0.3013.0 and Bypass Exchange Policies). The closest I got was with CP 5.0.3013.0 where I could enter my credentials but then wasn't able to agree to the Terms and Conditions which is a prerequisite and got denied. The module you linked is no longer needed if using Magisk v22 with Magisk Hide according to people in the thread.
Have also tried the Outlook app, Outlook web access, Gmail, IMAP, POP3 -- all smartly locked down tight for compliance reasons by our IT. Just says to enroll with Company Portal after entering credentials.
Pretty sure the Magisk Hide route would work with V5.0.5067.0 if my device was encrypted. Company Portal checks whether your device is encrypted supposedly, so either you have to actually be encrypted or find a way around that. I am willing to be encrypted if I can still be rooted...
Not sure where to go from here to get it working without an encrypted device... but thanks for the post.
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
I remember the other reason I stopped trying to use the Company Portal. They need permission to wipe my phone, which obviously I'm not cool with. Whenever I disable the Company Portal, mail stops working. That's reason enough!
schwinn8 said:
As I recall, Xposed is not really working or functional these days. The module I linked to is a Magisk module. Did you follow those directions, because it sounds like you didn't.
It sounds like you don't want to believe me... that's fine. I believe the answers are out there and it's just a root issue. You probably just need to do more reading and searching. I'm going to give up since you don't seem to want to hear it from me, so good luck...
If you find a solution, do let people know on this thread so the matter can be closed/completed.
Click to expand...
Click to collapse
Yes I am aware that the module you linked is for Magisk. If you go to the OP, all the text is struck through because the module is no longer necessary as I stated previously.
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
kb8no said:
It is easy to be confused. The "module" from the OP was needed before but is now obsolete since Magisk has gained the necessary functionality alone without the "module". There is no "module" in Magisk. Now go back and read the past posts over 2 months. First you hide Magisk so it passes safety net. Then you go into superuser MagiskHide, go into the app (eg Portal) and check everything. You need to understand that they updated Portal so you need to downgrade it so Portal will work again. You need to understand to use latest Magisk and Magisk changed. Not surprising you are confused. Now perhaps you have figured out the basics and the details will make sense.
Click to expand...
Click to collapse
So I followed the steps on page 23 of that thread using Intune Company Portal V5.0.5067.0:
[MODULE] Microsoft Intune Company Portal Hider (Intune Hider)
Introduction: Simple Module To Hide The Root From Microsoft Intune Company Portal. - After The Installation & 1st Reboot, It Hides The Rooting & Disables Itself [P.S. Disabling Itself For Some Versions] - Enabling This Module From Magisk Manager...
forum.xda-developers.com
IlyaKol said:
Good call on the GitHub ticket.
For anyone reading, this is the process I followed:
1) Uninstall the existing Intune Company Portal
2) Reboot
3) Install the APK listed above or from another source (I used APK Pure). DO NOT LAUNCH INTUNE!
4) Before launching, go into Magisk and make sure to hide ALL of it as well as all of Outlook, OneNote, OneDrive, Teams, etc. (whatever uses your company credentails)
5) Launch InTune and set it up.
6) Disable auto-updates of the app as he stated in Google Play Store.
7) Profit.
Click to expand...
Click to collapse
The result is I am still stuck on the "Open the Intune App" screen... No other error messages related to rooting, but cannot even get to log in or download Outlook or Teams. Have tried downloading the Intune App from the Play Store and that tells me to open Company Portal... so going in circles... I'm told I need to only use Company Portal from our IT firm.
I went through the same Magisk module thread and found others talking about not having encryption, and they are in the same position as I am -- following the steps or using the Magisk module (before Magisk v22) and still not getting CP to work.
Thus I am 99.9% sure I cannot use CP because I don't have encryption. You don't have to believe me, but I have tried everything I can think of save for using LG's Encrypt Phone feature... Would do it if I got confirmation I could stay rooted, not lose my data/settings, and then use Company Portal.
But yes, I absolutely would post the solution here if I find it!
Thanks anyway.
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
ChazzMatt said:
I'm rooted and have long had corporate email (two different companies) on a paid app called "Nine". First company was Fortune 100 global media company, and 2nd (past 3 years) is smaller but still has aggressive IT policies. Neither paid for my phone. I specifically remember with the first having to agree they could wipe the phone if it was lost -- but I think due to me being rooted they wouldn't be able to.
Nine - Email & Calendar - Apps on Google Play
Nine is a full-fledged and intuitive email app which supports Exchange and IMAP
play.google.com
Click to expand...
Click to collapse
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
drewcu said:
Just tried Nine and it also tells me after entering my credentials that I need to use Company Portal (just like Outlook and Web Access).
Do these two companies you worked for use Intune Company Portal to manage policies?
Click to expand...
Click to collapse
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
For Nine I only needed the email server name.
For the previous Fortune 100 company I worked for, it was almost 4 years ago so I don't remember all the details but I remember granting them the privilege but I don't remember adding them as an admin.
ldeveraux said:
I just installed portal and outlook, added both as admin or whatever it's called, and have a fully functioning inbox. I don't know if I'll leave it like this for the reasons I mentioned, but it works. I have the latest twrp, latest magisk, and adguard installed. I have no clue if I'm encrypted or not, how would I check? But I was trying to use the older version of Portal and it kept looping, so I installed the latest from the play store and we're up and running.
@ChazzMatt do you really think they can't wipe if they so desire? How could we confirm that? I surely don't want to give them that ability considering if you disable their permissions it stops working completely.
Click to expand...
Click to collapse
Company Portal didn't used to work for you, correct? What changed? Can you please list your steps this time?
I think to check encryption you use Termux and enter 'getprop ro.crypto.state' -- mine says unencrypted.
One other question is what version of Twrp are you using? I'm using one from 2 years ago -- 3.2.3 and never wanted to bother with the Pie one 3.3 or whatever is latest... Might have something to do with it...