[ROM][[2013-02-15][Guhl] Andromadus Permission Spoofing Framework - CM11 ALPHA
This ROM is based on Andromadus CM11 Alpha. Besides the deep integration of the permission spoofing functionality the ROM is unchanged from Flinnys Andromadus CM11 builds!
In addition to the original Andromadus rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been rebased to Android 4.4 and enhanced (a lot) by me and is now available.
My work was/is originally done for the HTC vision (G2/DZ) for which i provide ROMs based on ASOP and CM10.1.
If you as a developer want to add the permission spoofing framework to your ROM please go ahead it should be portable easily. I will keep the commit list updated. If you need help don't hesitate to ask!
Actually the main motivation to publish this is to inspire other developers to integrate this with their work.
The source of the enhancement can be found on github in the repositories:
The current work is done in the cm-11.0 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: infrastructure bug-fix in ContextImpl.java
framework pff: permission spoofing - contacts and phone log
framework pff: permission spoofing - calendar (Instances)
framework pff: permission spoofing - calendar (Instances - cleanup)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed information persistent and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed information to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
- Empty contact list instead of real contacts - READ_CONTACTS
- False location instead of real location - ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION
- False Information for phone id and phone number - READ_PHONE_STATE
- Empty log instead of real phone call log - READ_CALL_LOG
- Empty calendar list instead of real calendar entries - READ_CALENDAR
Currently the following permissions are available:
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location a location that can be set using the PFF-GPSPath will be reporte (the default spoofed location is the top of Mt. Everest). The implementation is not perfect yet (Google maps and Latitude still seem to know the coarse location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit parameter of the query to 0 if the permission is spoofed.
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions might be added in the future.
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
The source of these apps is also available at https://github.com/guhl
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
UNTESTED NIGHTLY ROM cm-11-20140215-UNOFFICIAL-vision-pff.zip
Gapps are not included in the rom - they can be found at SLIM ROM 4.4 gapps page
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #nexus4, #G2ROOT or #andromadus on freenode IRC.
- Updated from Andromadus/CM - no new spoofing
- ROM is untested
- Rebased from AOSP 4.4 to Andromadus CM11 - ALPHA !!!
- Plamen K. Kosseff for the original framework changes
- Flinny for his huge work on the Andromadus roms and supporting me with my original development for the vision
- pierre_ja, Nipqer, Hymie and all the others at #G2ROOT for their endless help and entertainment