Sure, but you were talking about merging, even later on. Which, as I said would be a huge technical hassle to do and later maintain.
With 'merging' I meant to use the existent product and integrate it into the 'new idea' sorry but there is or was a misunderstanding I guess. Tbh, it doesn't change the point it's possible, no matter if you want or dislike it. The point was, as said another one. I guess Marcel got this and it's not to criticize that there is a new module it's related to the 'give up thing'.
That's not possible since we're on a rooted device, this can't be blocked. A real-world scenario is that you allowed a root app which abuses another injection or hooking methods in order to block Xposed itself or an explicit module.This can happen if a user allows a legimitate app which is maybe compromised, which is possible. I'm aware of the fact that you can restrict root apps with other root apps but for a normal user this seems unrealistic according to my research because malicious, manipulated packages, apps etc is still difficult to identify.No, not if you don't just let any app do it. I covered this over on GitHub already.
Yes and they try to, and then get circumvented again. It's the SafetyNet cat-and-mouse-game.
The thing is that user need root (as mentioned) and another framework which is a security hole by itself. This is not or not clearily mentioned or explained (in my eyes). But I do admit that I did not made a pull request in order to cover this topic myself, however I'm not the developer.
It wasn't a change in Android that made XPrivacy unstable and hard to maintain, but the design of the app itself.
Depending on the implementation, as mentioned a workaround would be to integrate certain advance functinality with a warning, but okay it's another philosphical thing not related to what I said.
Marcel is offering his help and clarifications on something because you posted a blog post obviously before you knew everything and studied the source code, and you call it an "incredibly stupid argument"? Huh.
That is your assumption I knew the module already before I was in fact first Blog which reported about the module in a short review (which is outdated since the module got updated). However, the point here is that nobody needs any permission to write something no matter if it's right or wrong.
Aw, come on... We talked about this here many times. There's no need to do so. If you really really want it, there's even a custom hook for it... So saying "you can't" is wrong. XPL just won't unless you specifically ask it to.
Sadly it's FUD.
WhatsApp has access to all my contacts vs. WhatsApp thinks it has access to all my contacts but in reality it has none/only a few. Now, which version is better for your privacy? What is so hard to understand about this? I think you're getting a little hung up about the whole tracking/fingerprinting thing. That is not everything XPL is for.
You're clearly not as involved as I'm in security topics. Once you logged in into no matter which website or app you can't fake it's data as mentioned there is additional tracking + methods to bypass this. A real-world example is using IPv6 which stores and transmits your MAC address.
I already adressed this on GitHub as well; sharing a unique ID with a small subset of users is superior to sharing it with nobody. When the attacker knows what I use, he can do a little about it, but that can easily be voided by more hooks/modules. Do note that XPrivacyLua is meant to protect Privacy, not Security (hence the name). So we're not talking about malware but companies trying to spy on you through hidden stuff in their apps.
Incorrect, an attacker can Geoblock yor IP, location etc. Which means you are unable to use it's website or page, Xprivacy Lua won't address this since you can't put in your own data (last time I checked). Netflix is best example, which flags it's user which are behind a VPN this is done by blacklisting certain IP ranges typically used by VPN's. Xprivacy LUA doesn't bypass this.
I get more and more the impression that you're coming from a strong background about web security/privacy. But this is Android. This is different. XPL doesn't aim to protect against each and every way to fingerprint your device. It helps against the most common fingerprinting and tracking techniques, which is enough to get rid of the majority of it because most companies don't bother to use more advanced stuff. And it is mainly meant to be able to use apps that require your personal data without either breaking the app or giving it your data.
Android is an OS same like every other OS which doesn't magically do things differently, HTTPS is as secure or insecure as on Windows or Linux, speaking about it's protocol weaknesses or leaks. Right XPL doesn't claim it protect you against everything but I never said it, I said that in terms of privacy it doesn't help at all or only to reduce certain things which is again not clearly mentioned on the internet, people installing it in the hope to get more privacy which is according to my research definitely not correct.
Yes my background is that I contribute to Chrome and Tor project so I have credibility and over 30 years of knowledge and the reason I not coded any application or module like this because I see it as too complicated in order to deliver a 'privacy' solution or it takes more manpower, money time etc. since Android already in fact improved it's own defining mechanism.
Okay, I'm done here, if you do not believe my words or not like my Blog it's your opinion but doesn't attack me or pretend you tried to contact me when I already debunked it. There is also no need to defend the module, it's not against Marcel's work it's against that the module simply doesn't deliver what (I think) deserves to get more attention, or not in his current state without to mention that there are some problems - and this is not incorrect.
Anyway, I wish you good luck with your program. I not waste my time with this anymore. If there are questions, please comment directly on my blog or if you think I do this because clickbait (which is not true) then use chats like Riot, GitHub etc. My statement that I pay everyone for research 1000$ dollars is still valid.