Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,784,877 Members 51,045 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Permissions manager?

Tip us?
 
rogier666
Old
#1  
Senior Member - OP
Thanks Meter 125
Posts: 542
Join Date: Jan 2011
Default [Q] Permissions manager?

Some apps ask for more permissions than I want to give them.

With DroidWall I can take internet permissions away from individual apps, which is great for all those app that demand internet access even though they work fine without it. But what if I want to remove other permissions, such as access to my location or my contacts?

There is a manual way to edit unwanted permissions out of .apk files, but this method is not meant for human consumption.

Q: Is there an app that lets me allow/deny permissions per app?
android underground

S4 Mini, Galaxy Tab, Moto Defy (rooted, overclocked, undervolted, firewalled, adblocked, cyanogenmodded, xposed, etc.)
and a couple of ancient Symbian phones (hacked)
 
kevin@TeslaCoil
Old
#2  
kevin@TeslaCoil's Avatar
Senior Member
Thanks Meter 4,824
Posts: 498
Join Date: May 2010
Location: Chicago
It is not possible and is a very bad idea to do by modifying the APK.

I agree it'd be cool if Android was implemented to allow optional permissions. I hate adding permissions to my apps because I know some users don't want to give them. But Android is not designed this way.

Here's how I and just about every other developer would do something like make use of the READ_PHONE_STATE permissions to read your IMEI:
Code:
 TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
String deviceId = tm.getDeviceId();
Without the READ_PHONE_STATE permission, the above could would do this:


It's possible for developers to write their code to handle not having a permission they expect to have:
Code:
 
String deviceId;
try { TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
deviceId = tm.getDeviceId();
} catch (SecurityException ex) {
deviceId = "1234";
}
However no app dev does this. And unless a future version of Android itself were to allow this, it's unlikely app devs would take the time to test and update their apps to gracefully degrade when the user has used some hacky method to restrict the app. (I wouldn't. I have to do enough testing already just supporting all the manufacture skins and custom roms.)

If you question a permission you should ask the dev. And if you don't like the answer, or don't trust the dev, you should avoid the app.

(DroidWall doesn't remove the INTERNET permission, it just firewalls off the app from using the internet. Looks like a network connection issue to the app, which already has to be handle gracefully.)
The Following 3 Users Say Thank You to kevin@TeslaCoil For This Useful Post: [ Click to Expand ]
 
rogier666
Old
(Last edited by rogier666; 16th April 2011 at 06:18 AM.)
#3  
Senior Member - OP
Thanks Meter 125
Posts: 542
Join Date: Jan 2011
DroidWall tells the apps it blocks that there is no live internet connection, even though the connection is alive and kicking for every other app. AdBlock works in a similar way: it doesn't deny apps from calling their banner farm, it just keeps it out of reach by redirecting the request to 127.0.0.1.

There are many ways to make apps believe they've got permissions that they don't really have.

For example, a permissions manager could spoof an empty contacts list for apps that want to read your phone book. Apps that want to know where you are for no good reason would only have to be fed some random coordinates instead of getting your real location.

Maybe Android was not designed that way, but one of the advantages of an open system is that you can make it do things beyond the original specs. If we root our phones and install custom ROMs to get rid of unwanted bloatware, why not apply similar techniques to get rid of unwanted app permissions?

Of course you could simply avoid apps that ask for too many permissions (but only if suitable alternative apps are available), but such a sledgehammer approach wouldn't be necessary with a permissions manager that gives you more subtle tools to tame your apps. This way you can have the best of both worlds: remove undesired permissions without throwing out the entire app.
android underground

S4 Mini, Galaxy Tab, Moto Defy (rooted, overclocked, undervolted, firewalled, adblocked, cyanogenmodded, xposed, etc.)
and a couple of ancient Symbian phones (hacked)
 
SAI Peregrinus
Old
#4  
Member
Thanks Meter 18
Posts: 52
Join Date: Dec 2010
It's been done in the lab, hopefully they release source. The paper is a pretty good read, and not overly verbose.
Can't post links, don't want to spam 8 posts for it, so Google for "Taming Information-Stealing Smartphone Applications". The paper is from NCSU.
 
rogier666
Old
#5  
Senior Member - OP
Thanks Meter 125
Posts: 542
Join Date: Jan 2011
Exactly what I'm looking for. Let's hope it hits the market soon!

The long version (in pdf format): http://www.csc.ncsu.edu/faculty/jiang/pubs/TRUST11.pdf

The short version: http://insciences.org/article.php?article_id=10052

Even shorter: http://apps.findingthis.com/utilitie...-applications/

Screenshot:
android underground

S4 Mini, Galaxy Tab, Moto Defy (rooted, overclocked, undervolted, firewalled, adblocked, cyanogenmodded, xposed, etc.)
and a couple of ancient Symbian phones (hacked)
The Following User Says Thank You to rogier666 For This Useful Post: [ Click to Expand ]
 
rogier666
Old
#6  
Senior Member - OP
Thanks Meter 125
Posts: 542
Join Date: Jan 2011
Permissions manager for rooted phones from the author of Busybox: Permissions Denied.
android underground

S4 Mini, Galaxy Tab, Moto Defy (rooted, overclocked, undervolted, firewalled, adblocked, cyanogenmodded, xposed, etc.)
and a couple of ancient Symbian phones (hacked)
The Following User Says Thank You to rogier666 For This Useful Post: [ Click to Expand ]
 
aweaver33
Old
#7  
Senior Member
Thanks Meter 10
Posts: 110
Join Date: Apr 2011
Location: Palm Bay, FL
Unfortunately, it looks like Permissions Denied actually denies permissions rather than spoofing them, so I would expect most apps to crash as mentioned by kevin. The spoofing approach in the NCSU papers seems like the more robust approach unless and until Google implements optional permissions, at which point app developers would hopefully start adding graceful permission exception handlers.

Sent from my Dinc via XDA app.
 
krzych
Old
#8  
Senior Member
Thanks Meter 264
Posts: 1,000
Join Date: Jul 2009
Location: Warsaw
This is really the worst "feature" of Android. Someone should fix it really fast even creating a "shadow" distro with patched permission manager (if it cannot be done as an add-on).

Is anything new in this topic around?
HTC Desire HD & Samsung Galaxy S4
Radio S-OFF, SuperCID or here | Eng S-OFF or here | Radio flashing | Radios | Proximity | Launcher | Voice | Battery | Prop | GPS Antenna | Desire Boost - Audio Effects App for DHD
Android - the most buggy system I've ever seen...
The Following User Says Thank You to krzych For This Useful Post: [ Click to Expand ]
 
lufc
Old
#9  
lufc's Avatar
Senior Moderator / Resident Priest
Thanks Meter 1,485
Posts: 9,512
Join Date: Oct 2007
Location: Blackpool UK

 
DONATE TO ME
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Pay attention and participate,Encourage,
not discourage, Listen to advice and accept instruction,
and in the end you will be wise.......... Prov. 19:20
 
LochNiss
Old
#10  
Member
Thanks Meter 2
Posts: 39
Join Date: Dec 2007
Quote:
Originally Posted by rogier666 View Post
Some apps ask for more permissions than I want to give them.

Q: Is there an app that lets me allow/deny permissions per app?
Did they ever release the TISSA app? I can't find anything about the app since last April.

Tags
permissions
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes