Starting with Android 6(?) your app needs the ACCESS_FINE_LOCATION permission and the user has to turn on the system-wide location setting in order to scan for Bluetooth devices from the app: https://stackoverflow.com/questions...-bluetooth-low-energy-scanning-on-android-6-0
Google is arguing that you could use just the Bluetooth data to find the location of the phone and thus hid Bluetooth scanning behind the location permission. (Which my opinion is ridiculous because they could have added a separate permission instead of forcing the user to give up all their battery life to GPS and WiFi location tracking.)
Now with Android 8 there appears to be a new API, namely the CompanionDeviceManager:
https://developer.android.com/guide/topics/connectivity/companion-device-pairing
This API only seems to require adding the FEATURE_COMPANION_DEVICE_SETUP feature to the manifest, but yet it allows scanning for Bluetooth devices, even with the system-wide location setting turned off.
Now I'm wondering if that API is somehow anonymizing the Bluetooth data, e.g. by removing the MAC addresses or what else could be the reason for why Google thinks that this does not need to be hidden behind the location permissions?
No one?
Any suggestions on other forums where people might be able to help me?
Don't think anyone here can answer your question.
Damn... I was really hoping to find an anser to this. :/
Related
Hello,
I was wondering if someone could point me in the right direction for a Bluetooth Networking Project I'd like to do.
The ultimate goal:
- Having some sort of bluetooth app with root privileges, which, when walking past someone, would allow some sort of passive communication without the users authorisation nor involvement.
This is similar to the idea on the 3DS called "SpotPass":
(I would have posted the link, but I'm not allowed to)
I do not have much experience on the subject, but suppose it would involve having root permissions to access the bluetooth module, being able to broadcast a message (to other users of this application).
I'm not sure if this might involve creating a completely different driver.
The reason is actually to create a short-distanced-passive-communication application useful for getting short messages or announcements across, with the low power consumption of bluetooth (vs wifi).
If this kind of communication if not possible, could someone please explain why, or at least give me some sort of link with the reason.
Thanks in advance
Say I wanted to have the most secure Sony Xperia Z Ultra possible (without "too much" sacrifice of useability).
In the context of this thread I define security as broadly anything barring network anonymity ie. hiding your device public IP address.
So I want security from network attackers (eg. drive-by download, WiFi attacks), physical device attackers (eg. customs searching devices for IP violations ... no really, that's about to become a thing apparently, GF and/or mistresses) .
How would you do it?
Could you please use sections of
Code:
firmware
phone settings
app settings
behavior
because I want to curate the best answers from users in this post for the good of the forum.
My thoughts so far are:
Firmware:
Root is disabled
Bootloader should be locked.
^^ These I'm not sure about - see if we don't have root then we don't have iptable firewall and hosts level server blocking.
One recovery should be used
Honestly I'm not sure which ROM is more secure than another but I'm assuming the latest and greatest is more secure so that would be MM atm. No idea if Sony is more secure than another flavour of ZU Android.
Phone settings:
Developer options off
Sideload apps off
Do not connect to unknown WiFi
NFC Off by default
Bluetooth Off by default
PIN unlock required
Auto-lock ON
App settings: (this includes apps you should have/not have and their settings)
I figure every additional app that I don't use is a needless attack surface so start with no apps at all - uninstall everything. Only install what you use ... for which you need root unless the ROM is premade like this.
Firewall app (Netguard no-root Firewall, DroidWall if we have root)
Adblock (if we have root)
AV - honestly most mobile AV seems pathetic at being secure and not acting like malware (notifications, popup windows etc) but Avast at least seems to not hog resources.
-Auto update every app
User behaviour:
NEVER:
-install apps from anywhere other than Google Play. Or possibly FDroid
-let another person use your device
I'd like to hear your suggestions, critique and everything else, cheers!
So you're not gonna install from other than google play, then what ad blocker are you going to use? Where is adblocker connecting to?
You're talking about still having a lot of apps connecting through servers that you don't control.
morestupidemailnames said:
You're talking about still having a lot of apps connecting through servers that you don't control.
Click to expand...
Click to collapse
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
panyan said:
Well if you are worried about connecting to servers that you dont control - isnt that all servers?
At which point you may as well remove all WIFI and Mobile Data capabilities and just stick to 2G
Click to expand...
Click to collapse
Exactly my point.
The op is a long winded question that leaves you with more questions.
Probably why there's been such a landslide of security tips here
cryzies said:
After some research, I think I figured it out, mess with GSF. However doing exactly that, I restricted:
Network - WiFi.Srv_getScanResults
Location - Srv_getAllCellInfo
Location - Srv_getCellLocation
Location - Srv_getNeighboringCellInfo
Location - WiFi.Srv_getScanResults
I spoofed my location a couple blocks down and Google Map still jitters between my real and spoofed location, I have tried rebooting. Any suggestions?
Click to expand...
Click to collapse
I posted this in the XPrivacy thread, I'm attempting to disable all methods to obtain location other than GPS. I want to spoof my GPS system wide for privacy reasons, and GPS spoofing is easy however Google Service Framework allows users to determine location using WiFi and Cell. I figured this is such a strange request that I should attempt to take a crack at modifying the Google Service Framework apk. Does anyone have any tips to start this off, I've done some apk reversing before, my biggest worry is finding the functions I need to null in the apk and signing the apk after modifications. Any guidance would be greatly appreciated, any alternative suggestions would be gladly welcomed.
Hi all,
I have a tablet that I would like to make as secure as possible from prying eyes (mainly the corporate ones). To do this, I know that once you have root, you can change any file on the system. Here's my question:
What files can/should I either remove or rename to disable the following on Android?
Any location-based data collection including background or hidden transfer. I want my GPS to be a paperweight. This extends to services that derive your location based on network data i.e. router info, WiFi connection data, etc.
Bluetooth. I want to disable Bluetooth function completely.
Any Google or Samsung background services that collect data of any kind from the device. This includes play services, etc.
Case in point: I want as much privacy as possible while still being able to use apps that connect to the internet. It would actually be nice if there was an app that removed/restored functionality at the OS code level w/ root. This would allow you to make devices private w/out the need for flashing a ROM.
The tablet is a Samsung Galaxy Tab A7 Lite. Thanks for any help you can provide!!
On my new S23U, I noted after doing the smart transfer of all my stuff from my old phone that Android System Intelligence and Google were both given "Allow all the time" location permission. Of course, I removed it immediately.
The only thing I'm uncertain of is whether this was the case before I did the smart transfer - does it really require allow all the time location permission for Android System Intelligence?
Anyone able to confirm what the setting is out of the box?