I am looking for an experienced Xposed developer to build me a module. While the module I have in mind is similar to a lot of privacy module out there (in theory), I want a different implementation.
So what am I looking for in a module?
I want a module that will do the following...
Generate Android ID (base 16)
Generate GSF ID
Generate IMEI
Generate IMSI (valid)
Generate ICCID (valid)
Generate Phone # (valid)
Generate Device Serial
Spoof SSID
Spoof Account Email
Spoof installed apps
Spoof Mobile Network Connectivity
Spoof browser fingerprint (webview)
Spoof Device Fingerprint ( I have couple of hundred device fingerprints that can be used for this)
These are what I am looking for in a module. You may say there are modules that already do this; I say I want a different implementation. What I mean is instead of feeding apps with random data, I want to feed them with data that may be seen as valid. For example, I just don't want to generate random SSID strings, I want to pull from a list of few thousand lines randomly. For example, I don't just want to spoof fingerprint info. I want to spoof fingerprint info that matches an actual device (like I said, I have the device fingerprint data).
My implementation will be one-click change. I click on one button and all fields and device fingerprint information is changed... All I have to do is restart for the changes to take effect.
I want to pay for this so I ask that only serious developers contact me with proposal or questions.
Thank you for reading.
hi_there0001 said:
I am looking for an experienced Xposed developer to build me a module. While the module I have in mind is similar to a lot of privacy module out there (in theory), I want a different implementation.
So what am I looking for in a module?
I want a module that will do the following...
Generate Android ID (base 16)
Generate GSF ID
Generate IMEI
Generate IMSI (valid)
Generate ICCID (valid)
Generate Phone # (valid)
Generate Device Serial
Spoof SSID
Spoof Account Email
Spoof installed apps
Spoof Mobile Network Connectivity
Spoof browser fingerprint (webview)
Spoof Device Fingerprint ( I have couple of hundred device fingerprints that can be used for this)
These are what I am looking for in a module. You may say there are modules that already do this; I say I want a different implementation. What I mean is instead of feeding apps with random data, I want to feed them with data that may be seen as valid. For example, I just don't want to generate random SSID strings, I want to pull from a list of few thousand lines randomly. For example, I don't just want to spoof fingerprint info. I want to spoof fingerprint info that matches an actual device (like I said, I have the device fingerprint data).
My implementation will be one-click change. I click on one button and all fields and device fingerprint information is changed... All I have to do is restart for the changes to take effect.
I want to pay for this so I ask that only serious developers contact me with proposal or questions.
Thank you for reading.
Click to expand...
Click to collapse
Seeing that there are no takers, I will post this on a job site. Please disregard this post if you just stumbled on it and are interested.
Related
Hello all,
I am currently trying to build an Xposed Module to disable the location consent dialog at least for just my phone.
I have a rooted VZW LG G4 on Lollipop 5.1 - VS98613B
It is an annoyance to have to agree every time I turn on location or network data.
There is an Xposed Module that disables the location consent dialog, but this module is for the "Google Analytics" agreement, that Google will automatically collect anonymous data. It can be found here:
Code:
repo.xposed.info/module/com.mohammadag.disablelocationconsent
PLEASE NOTE: What I am trying to disable is a similar dialog, BUT IS NOT THE SAME. I have tried this module, along with a LL compatible "Deny Location Consent" module, and neither are targeted for the dialog I get.
I am not able to post links or pictures, but if you go to "i67.tinypic.com/2zzkenq.png" you can see the dialog.
I would like help trying to find the method that calls this dialog to appear, so that I can hook it and replace it with a (I'm assuming a 'return true;') method of my own. I have scoured GrepCode for the right Java class, but don't have much experience on where to look or even what really to look for. The closest I think I have gotten is in com.android.systemui.statusbar.policy.LocationControllerImpl at the link:
Code:
grepcode.com/file/repository.grepcode.com/java/ext/com.google.android/android/5.1.0_r1/com/android/systemui/statusbar/policy/LocationController.java#LocationController.setLocationEnabled%28boolean%29
Any and all help would be greatly appreciated!
TL;DR: I need help finding the method that calls the Location Consent dialog (not for Google) so that I can create an Xposed Module to bypass it.
cryzies said:
After some research, I think I figured it out, mess with GSF. However doing exactly that, I restricted:
Network - WiFi.Srv_getScanResults
Location - Srv_getAllCellInfo
Location - Srv_getCellLocation
Location - Srv_getNeighboringCellInfo
Location - WiFi.Srv_getScanResults
I spoofed my location a couple blocks down and Google Map still jitters between my real and spoofed location, I have tried rebooting. Any suggestions?
Click to expand...
Click to collapse
I posted this in the XPrivacy thread, I'm attempting to disable all methods to obtain location other than GPS. I want to spoof my GPS system wide for privacy reasons, and GPS spoofing is easy however Google Service Framework allows users to determine location using WiFi and Cell. I figured this is such a strange request that I should attempt to take a crack at modifying the Google Service Framework apk. Does anyone have any tips to start this off, I've done some apk reversing before, my biggest worry is finding the functions I need to null in the apk and signing the apk after modifications. Any guidance would be greatly appreciated, any alternative suggestions would be gladly welcomed.
How to redefine app "system permissions" ? Or if not possible howto make app that ...
Hi Everyone,
I'm new to android, and having 2 different phones (running 5.1.1 and 6.0.1 versions, both rooted) and numbers I have quite some issues with apps (paying gps outdoor app, whatsapp,...) and since I travel a lot many connections issues to accounts on other apps "you seem to not be...." with codes I don't get because I'm roaming
In order to find a way to use them with the same accounts and settings on both phones and to solve the authentication issues, I took different angles to solve it, but none worked. In doing so I discovered many ways to enforce permissions through the code that where disabled by the user (worse than I thought). Well I dislike and want to change it.
Anyway to make things shortne approach is to completely limit the app access all localisation approach, phone ID, number, carrier, IP number, other accounts on the phone....
On the 5.1.1 I tried:
App Ops => allows to "change" if one looks in the App, but changes are not effective (way apps work and according to "Explorateur de permissions")
Apk permissions works but only on some user installed apps, I tried moving system apk to other folders, change them through the Apk permissions and reinstall them, didn't work
Decompiling the apk with Apk Studio, changing manifest, recompiling, reinstalling seems to not be enough, if I understood it right if the code contains specific rights and there not in the manifest, it doesn't work. Right
next step would be to dig into the code and change it...
All this is extremely time consuming even if it would be the "clean way"
On the 6.0.1 :
I removed the bloatware with Root Uninstaller,
Modified the permissions apps had, incl system apps
And since some apps still seemed to exchange some information over data or wifi, I limited all background data usage over data or wifi.
All this make my phone much less user friendly and does not solve my issues
So please, I you know of a reliable "easy" way to really manage permissions, or to generate a master permission file that overwrites apps permissions? removing all weird "granted", or if you have any idea on how you'd start it, please let me know
From this "clean approach" I got to spoofing, which seemed to be a solution to work around some issues using several different apps that would change the location, the IP, the network, VPN, spoof caller ID, ...
Well... since I had discovered all kind of right that can be given to an app, I checked their manifests before installing them. They might solve some issues, but generate worse problems (billing?!!all social media accounts?! create social accounts?!?)
So is there a clean app that lets you temporarily "clone" phone1 on phone 2 considering they are not at all the same (manufacturer, android, phoneID, carrier, phone number) and change the location and this only to some apps? Still have to use SIM carrier.
If not, any hints on how to write this?
thx :laugh:
---------------------
Hasbeen developper, totally new to Android who still believes that technology should allow to increase productivity and respect FREEDOM and PRIVACY.
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?
I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?
get a lawyer for that legal stuffs
The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.
---------- Post added at 07:07 PM ---------- Previous post was at 07:06 PM ----------
The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.
irresistiblecam said:
I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?
Click to expand...
Click to collapse
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.
jwoegerbauer said:
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.
Click to expand...
Click to collapse
thank you Danksh you was very helpfull.
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?
irresistiblecam said:
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?
Click to expand...
Click to collapse
Told you that default setting is "randomized MAC address".
FYI:
You must distinguish between MAC address, IMEI and Device ID, which are 3 completely different things: And, these can be changed by the Android user at any time - or will automatically get changed by Android OS itself.
MAC address - read: Wi-Fi MAC address - is used for networking, normally over the Internet
IMEI is a unique manufacturer-assigned number that is part of the Android phone and identifies the handset itself. The identifier that is really used to connect your phone with a phone number is the SIM ID which I believe is the ICCID. This is pretty much what identifies your phone to the tower.
Device ID ( often refered to as Android ID ) is generated when you boot your Android phone first time and will be there forever. When you format everything and factory reset your device then this device ID is overwritten and re-generated and stored again. Similarly, if you ever install a new ROM on your Android device, then this device ID will be overwritten and re-generated when you boot the device first time.
Knowing this you can see that none of the 3 mentioned numbers is unchangeable.