FORUMS
Remove All Ads from XDA

[dexdump] εxodus >TRACKERS< apk static analysis

683 posts
Thanks Meter: 892
 
By oF2pks, Senior Member on 24th August 2018, 03:54 PM
Post Reply Email Thread
12th August 2019, 12:18 AM |#11  
Junior Member
Thanks Meter: 6
 
More
Suggestions
I'm poking through the apps on my system, but it took me a while to find the legend; I expected the first menu item to be a list of supported trackers, not a general about popup. Having looked at it for a while now, I've got a large number of comments regarding issues, usability, style, observations, suggestions, etc. Most of them are fairly minor, just renaming menu items and small tweaks for usability, but some documentation is needed in-app.
  1. rename menu item to 'about'
  2. move legend to its own menu item (Related: 1, 2, 11, 14)
  3. format the legend text so it appears the same as the items in the main screen (or use a picture) (Related: 2, 11, 14)
  4. change the urls in the about menu to be clickable
  5. don't highlight package names in white, it looks weird
  6. for gray background on system apps, make the entire background (margins/padding) of the outer element gray, not just the text part. Alternatively, just changed the text color.
  7. consider making the popup screen when tapping an app into a horizontally scrollable view; the hashes/fingerprints don't have to break onto a separate line from the label sha256.
  8. add margins to the screen that pops up on tap; after the loading animation goes away, the letters seem to be only 1px from the window edge, there should be a border of at least 5px around the entire window
  9. Changing the sort method should be labeled as such, I didn't know the funny arrow meant sort until I tapped it
  10. The 'super' label in the menu makes no sense. It should be renamed to Permissions or PackageInfo or Trackers or some such, depending on the view.
  11. In PackageInfo view, there should be something to explain the asterisk and snowflake before the permission label, as well as the ^✓ after it. The nulls should be removed. Consider changing this entire section to a table with headers (*, ☸, permission, group, dangerous, instant, privileged, development, appop, preinstalled, etc) with an explanation of exactly what dangerous, development, *, ☸, and other less obvious terms mean, either on-tap or in a legend somewhere. (Related: 14, 2)
  12. When you tap an app, the information should be cached until the app is closed, to prevent waiting for the work to be done again.
  13. PackageInfo and manifest should be exportable (Related: 15, 17)
  14. Legend for the list of trackers symbols (°, ?, ², μ) (Related: 11, 2)
  15. Having a full package explorer is hardly necessary, but it might be nice to be able to unzip the apk to the sdcard for exploring with another app, along with the list of trackers found in the app and the list of activities, other metadata. (Related: 13, 17)
  16. Firefox Nightly (org.mozilla.fennec_aurora) shows up as having a shared userid, however the package it lists (org.mozilla.fennec.sharedID) doesn't appear to be installed. The other Mozilla apps installed are Klar (org.mozilla.klar), Firefox Lite (org.mozilla.rocket), and Firefox Preview (org.firefox.fenix), none of which are shown as sharing userids.
  17. I can't make selections to copy from various popups to the clipboard. (Related: 13, 15, 16)
  18. After processing an app, save the results for it (more than just #12) until the app is updated.
  19. After processing an app, update the main view; maybe have different symbols or app colors to indicate if an app has been analyzed, and further if any signatures were found.
Yes, it's a long list. Feel free to ignore me, I won't get offended.
The Following User Says Thank You to Efreak2004 For This Useful Post: [ View ] Gift Efreak2004 Ad-Free
 
 
8th September 2019, 11:35 PM |#12  
oF2pks's Avatar
OP Senior Member
Thanks Meter: 892
 
More
New version uploaded: ClassyShark3xodus216-debugSoft.apk with latest Exodus database (216) update and dynamic|☢ androidManifest.xml for primary screen (longclick), 2nd screen will still use static|✇ parser. (more info: https://forum.xda-developers.com/sho...postcount=5798)
@yochananmarqos , this xda edition is softened, can you confirm if working on Oneplus7 without interfering with PackageInstaller.apk ?
App_PackagesInfo is also updated with same manifest dynamic1/static2 behavior.


hi @Efreak2004 , sorry for delay and thank for your interest; here are few I can tell:

-11 In PackageInfo view, there should be something to explain the asterisk and snowflake before the permission label, as well as the ^✓ after it. The nulls should be removed. Consider changing this entire section to a table with headers (*, ☸, permission, group, dangerous, instant, privileged, development, appop, preinstalled, etc) with an explanation of exactly what dangerous, development, *, ☸, and other less obvious terms mean, either on-tap or in a legend somewhere. (Related: 14, 2)

indeed , I have to finalize that with 7#

-12 When you tap an app, the information should be cached until the app is closed, to prevent waiting for the work to be done again.

the app generates extra-huge cache (~Gb): I even decided to use a "brute force" removal of them.

-13 PackageInfo and manifest should be exportable (Related: 15, 17)

use longpress 11#

-14 Legend for the list of trackers symbols (°, ?, ², μ) (Related: 11, 2)

https://gitlab.com/oF2pks/3xodusprivacy-toolbox
° for missing: Amazon new active tracker AWS Kinesis is missing
² for Etip stand-by: Mozilla/Telemetry is now in Etip https://etip.exodus-privacy.eu.org/
µ for micro non-intrusive: Acra;
? when uncertain.
(will be added to menu.)

-15 Having a full package explorer is hardly necessary, but it might be nice to be able to unzip the apk to the sdcard for exploring with another app, along with the list of trackers found in the app and the list of activities, other metadata. (Related: 13, 17)

use apps_packages Infos attached in post #1 or https://f-droid.org/en/packages/com....licationsinfo/
my idea is also to dub with Chairlock (with root/su possible permission removal and more...). I may add this functionality; Xplore already do that.

-16 Firefox Nightly (org.mozilla.fennec_aurora) shows up as having a shared userid, however the package it lists (org.mozilla.fennec.sharedID) doesn't appear to be installed. The other Mozilla apps installed are Klar (org.mozilla.klar), Firefox Lite (org.mozilla.rocket), and Firefox Preview (org.firefox.fenix), none of which are shown as sharing userids.

this is Mozilla decision : I show these, because permissions can be silently granted to others apps that would use same sharedID; in case of Firefox, sharedID is defined but doesn't seem to be used by any other(?).

-17 I can't make selections to copy from various popups to the clipboard. (Related: 13, 15, 16)

use longpress in SubTotals (others popups are wip 11#)

-18 After processing an app, save the results for it (more than just #12) until the app is updated.

(the app generates extra-huge cache (~Gb): I even use a "brute force" removal of them. ) extensive analysis should be done with dexdump (or other) command https://gitlab.com/oF2pks/3xodusprivacy-toolbox ,

-19 After processing an app, update the main view; maybe have different symbols or app colors to indicate if an app has been analyzed, and further if any signatures were found.

(the app generates extra-huge cache (~Gb): I even use a "brute force" removal of them. ) will never have enough "free" time for that : imho, such behavior should be part of aosp inner rom (omnirom ?).
9th September 2019, 07:12 PM |#13  
yochananmarqos's Avatar
Recognized Contributor
Thanks Meter: 2,450
 
Donate to Me
More
Quote:
Originally Posted by oF2pks

this xda edition is softened, can you confirm if working on Oneplus7 without interfering with PackageInstaller.apk ?

Confirmed.

Sent from my OnePlus 7 Pro using XDA Labs
The Following User Says Thank You to yochananmarqos For This Useful Post: [ View ] Gift yochananmarqos Ad-Free
Post Reply Subscribe to Thread

Tags
aapt, dexdump, exodus, pcre2grep, εxodus

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes