[Closing message]
Hi,
I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.
Sorry and have fun - Guhl
[End closing message]
This ROM is based on the Andromadus 4.2.x AOSP build.
There is also a CM10.1 based version available here [ROM][21-01-13][Guhl] Andromadus Permission Spoofing Framework CM10.1
In addition to the original AOSP rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been ported to Android 4.x and enhanced by me and is now available.
The source of the enhancement can be found on github in the repositories:
android_frameworks_base
android_frameworks_opt_telephony
android_packages_apps_Settings
The current work is done in the JB4.2 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: permission spoofing - contacts and phone log
framework permission spoofing - calendar (Instances)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed informations persistant and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed informations to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location the top of Mount Everest will be reported. The implimentation is not perfect yet (Google maps and Latitude still seem to know the location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit paramter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions will be added in the near future.
Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
Optional Apps
The source of these apps is also available at https://github.com/guhl
PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
Downloads
ROM AndromadusAOSP4.2-vision-pff-16062013.zip
Gapps are not included in the rom - they can be found at gapps-jb-20130301-signed.zip
PFF-GPSPath_1_2.apk (needs a ROM >= 20130526)
PFF-AppSettings_1_1.apk
PFF-Test
Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #G2ROOT or #andromadus on freenode IRC.
Changelog
2013-10-21
Credits
Hi,
I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.
Sorry and have fun - Guhl
[End closing message]
This ROM is based on the Andromadus 4.2.x AOSP build.
There is also a CM10.1 based version available here [ROM][21-01-13][Guhl] Andromadus Permission Spoofing Framework CM10.1
In addition to the original AOSP rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been ported to Android 4.x and enhanced by me and is now available.
The source of the enhancement can be found on github in the repositories:
android_frameworks_base
android_frameworks_opt_telephony
android_packages_apps_Settings
The current work is done in the JB4.2 branch and the relevant commits are:
framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: permission spoofing - contacts and phone log
framework permission spoofing - calendar (Instances)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed informations persistant and changeable
framework pff: bug fix for permission revoking
What is permission spoofing
Permission spoofing means that the framework will return spoofed informations to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
- Empty contact list instead of real contacts - READ_CONTACTS
- False location instead of real location - ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION
- False Information for phone id and phone number - READ_PHONE_STATE
- Empty log instead of real phone call log - READ_CALL_LOG
- Empty calendar list instead of real calendar entries - READ_CONTACTS
- ....
Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location the top of Mount Everest will be reported. The implimentation is not perfect yet (Google maps and Latitude still seem to know the location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit paramter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.
More permissions will be added in the near future.
Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.
Optional Apps
The source of these apps is also available at https://github.com/guhl
PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo
PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them
PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test
Downloads
ROM AndromadusAOSP4.2-vision-pff-16062013.zip
Gapps are not included in the rom - they can be found at gapps-jb-20130301-signed.zip
PFF-GPSPath_1_2.apk (needs a ROM >= 20130526)
PFF-AppSettings_1_1.apk
PFF-Test
Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #G2ROOT or #andromadus on freenode IRC.
Changelog
2013-10-21
- Fix permission unspoofing bug in PFF-AppSettings -> Version 1.1 - see downloads
- PFF-GPSPath_1_2.apk added Altitude detection and routing!
- Updated from Andromadus
- Bugfix - Crash of PackageManager when installing apk from file.
- Framework change to make the spoofed information persistent and changeable
- App PFF-GPSPath to set and simulate the spoofed location
- permission revoking moved to Main-ROM and removed the Test-ROM
- Enabled permission revoking (in Test-ROM)
- Switched Wifi driver to WPA without p2p
- Fixed kernel config that broke Wifi
- Added the "Kill app back button" functionality to the AOSP rom
- Updated from Andromadus (no new spoofing)
- Added buttons to PFF-AppSettings to spoof/unspoof all apps with one click
- Updated from Andromadus (no new spoofing)
- Updated from Andromadus (no new spoofing)
- Added spoofing for READ_CALENDAR
- Added spoofing for READ_CONTACTS and READ_CALL_LOG
- Updated PFF-AppSettings to reflect the new permissions
- Updated from Andromadus (no new spoofing)
- Updated from Andromadus (no new spoofing)
- Added location spoofing
- Added location testing to PFF-Test
Credits
- Plamen K. Kosseff for the original framework changes
- Flinny for his huge work on the Andromadus roms and supporting me
- pierre_ja, Nipqer, Hymie and all the others at #G2ROOT for their endless help and entertainment
Last edited: