[Q] Permissions manager?

Search This thread

rogier666

Senior Member
Jan 27, 2011
599
145
androidblog.site666.info
Some apps ask for more permissions than I want to give them.

With DroidWall I can take internet permissions away from individual apps, which is great for all those app that demand internet access even though they work fine without it. But what if I want to remove other permissions, such as access to my location or my contacts?

There is a manual way to edit unwanted permissions out of .apk files, but this method is not meant for human consumption.

Q: Is there an app that lets me allow/deny permissions per app?
 

kevin@TeslaCoil

Senior Member
May 19, 2010
498
5,110
Chicago
teslacoilsw.com
It is not possible and is a very bad idea to do by modifying the APK.

I agree it'd be cool if Android was implemented to allow optional permissions. I hate adding permissions to my apps because I know some users don't want to give them. But Android is not designed this way.

Here's how I and just about every other developer would do something like make use of the READ_PHONE_STATE permissions to read your IMEI:
Code:
 TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
String deviceId = tm.getDeviceId();

Without the READ_PHONE_STATE permission, the above could would do this:
13393-android_force_close_super.jpg


It's possible for developers to write their code to handle not having a permission they expect to have:
Code:
String deviceId;
try { TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
deviceId = tm.getDeviceId();
} catch (SecurityException ex) {
deviceId = "1234";
}

However no app dev does this. And unless a future version of Android itself were to allow this, it's unlikely app devs would take the time to test and update their apps to gracefully degrade when the user has used some hacky method to restrict the app. (I wouldn't. I have to do enough testing already just supporting all the manufacture skins and custom roms.)

If you question a permission you should ask the dev. And if you don't like the answer, or don't trust the dev, you should avoid the app.

(DroidWall doesn't remove the INTERNET permission, it just firewalls off the app from using the internet. Looks like a network connection issue to the app, which already has to be handle gracefully.)
 

rogier666

Senior Member
Jan 27, 2011
599
145
androidblog.site666.info
DroidWall tells the apps it blocks that there is no live internet connection, even though the connection is alive and kicking for every other app. AdBlock works in a similar way: it doesn't deny apps from calling their banner farm, it just keeps it out of reach by redirecting the request to 127.0.0.1.

There are many ways to make apps believe they've got permissions that they don't really have.

For example, a permissions manager could spoof an empty contacts list for apps that want to read your phone book. Apps that want to know where you are for no good reason would only have to be fed some random coordinates instead of getting your real location.

Maybe Android was not designed that way, but one of the advantages of an open system is that you can make it do things beyond the original specs. If we root our phones and install custom ROMs to get rid of unwanted bloatware, why not apply similar techniques to get rid of unwanted app permissions?

Of course you could simply avoid apps that ask for too many permissions (but only if suitable alternative apps are available), but such a sledgehammer approach wouldn't be necessary with a permissions manager that gives you more subtle tools to tame your apps. This way you can have the best of both worlds: remove undesired permissions without throwing out the entire app.
 
Last edited:

SAI Peregrinus

Senior Member
Dec 14, 2010
53
19
It's been done in the lab, hopefully they release source. The paper is a pretty good read, and not overly verbose.
Can't post links, don't want to spam 8 posts for it, so Google for "Taming Information-Stealing Smartphone Applications". The paper is from NCSU.
 

aweaver33

Senior Member
Apr 17, 2011
109
12
Palm Bay, FL
Unfortunately, it looks like Permissions Denied actually denies permissions rather than spoofing them, so I would expect most apps to crash as mentioned by kevin. The spoofing approach in the NCSU papers seems like the more robust approach unless and until Google implements optional permissions, at which point app developers would hopefully start adding graceful permission exception handlers.

Sent from my Dinc via XDA app.
 

krzych

Senior Member
Jul 29, 2009
1,141
301
Warsaw
This is really the worst "feature" of Android. Someone should fix it really fast even creating a "shadow" distro with patched permission manager (if it cannot be done as an add-on).

Is anything new in this topic around?
 
  • Like
Reactions: scandiun

noneandroid

Member
Jan 20, 2011
31
2
i've been using lbe and it's been useful. it doesn't block every permission of an app but some things as internet (as droidwall), contacts, gps and sms/phone call it blocks. If you're looking for a real permission blocker, you may want to take a look at some cyanogen 7 rom. the app blocking is enabled on it, pretty handy for me.
 

white-gecko

Member
Apr 12, 2012
8
12
Unfortunately LBE crashes my phone (black screen as soon as the background service starts) and Cyanogen Mod doesn't include this feature anymore. Are there any other permission manager apps? Since PDroid seams hard to setup.
 

rogier666

Senior Member
Jan 27, 2011
599
145
androidblog.site666.info
Unfortunately LBE crashes my phone (black screen as soon as the background service starts) and Cyanogen Mod doesn't include this feature anymore. Are there any other permission manager apps? Since PDroid seams hard to setup.


There's a new app called LBE Security Manager, but it's Google-translated from chinese to english so it may be hard to use.

http://xdaforums.com/showthread.php?t=1422479

Looks like the makers of LBE are focussing on their home market (population 1.35 billion) and ignoring the rest of the world.
 
  • Like
Reactions: Raidel™

Mr.Chavez

New member
Sep 9, 2008
2
1
Hi!

I have just got myself an android phone and I am lookign for a good permissions manager app - would be grateful for any solutions.
I've had a look at LBE, but it requires access to all your phone's functions!!! Seems silly to produce a security app that can MAKE CALLS and SEND MESSAGES from your phone!!
Are there any other alternatives for android JB?

Thank you!

PS I'm absolutely shocked by android's permissions policy - seems like a massive threat to me. maybe I'm paranoid =) I'd be grateful for any links to info about securing the phone.
Also I can't seem to set a root password but that's a different story 0_0
 
  • Like
Reactions: Raidel™

rogier666

Senior Member
Jan 27, 2011
599
145
androidblog.site666.info
Hi!

I have just got myself an android phone and I am lookign for a good permissions manager app - would be grateful for any solutions.
I've had a look at LBE, but it requires access to all your phone's functions!!! Seems silly to produce a security app that can MAKE CALLS and SEND MESSAGES from your phone!!
Are there any other alternatives for android JB?

Thank you!

PS I'm absolutely shocked by android's permissions policy - seems like a massive threat to me. maybe I'm paranoid =) I'd be grateful for any links to info about securing the phone.
Also I can't seem to set a root password but that's a different story 0_0

With the way Android is set up all permissions managers need a truckload of permissions to do their job. Once you give your security app root access the other permissions don't matter anymore. Whether it's LBE, Permissions Denied, or the built-in permissions manager of CyanogenMod makes no difference. Once you give 'em root access they can do whatever they want.
 

Mr.Chavez

New member
Sep 9, 2008
2
1
With the way Android is set up all permissions managers need a truckload of permissions to do their job. Once you give your security app root access the other permissions don't matter anymore. Whether it's LBE, Permissions Denied, or the built-in permissions manager of CyanogenMod makes no difference. Once you give 'em root access they can do whatever they want.

Thank you.
Can LBE from XDA be trusted?..

In my understanding Google does not provide any guarantees on apps downloaded from Google Play store (i.e. i've been warned about permissions when installing an app so it's at my own risk - is that right?

What is the general public view on android security then? Is it better to let one app take over the phone (eg lbe or permission denied)?

Thank you for helping an android newbie!
 

NYLimited

Inactive Recognized Contributor
Jan 5, 2008
3,825
2,286
New Hampshire, USA
Thank you.
Can LBE from XDA be trusted?..

In my understanding Google does not provide any guarantees on apps downloaded from Google Play store (i.e. i've been warned about permissions when installing an app so it's at my own risk - is that right?

What is the general public view on android security then? Is it better to let one app take over the phone (eg lbe or permission denied)?

Thank you for helping an android newbie!

I have used various versions of LBE without problems in the past (am not using it at the moment). You need to trust someone or something eventually.

Firewall can help.

ROM Toolbox has an advanced freeze option in app manager which can disable a number of intents, including start on boot, ad engines, analytics, etc. Of course, disabling things can at times have undesirable results but if you take notes of your changes they can easily be turned back on later.


---
Duct tape is like the force. It has a light side and a dark side and it holds the universe together. (via Tapatalk)
 

rogier666

Senior Member
Jan 27, 2011
599
145
androidblog.site666.info
I've switched off everything in LBE Privacy Guard (Play Store version) that needs internet, blocked it with DroidWall (and later with AFWall+), and checked my router logs and packet sniffer. I never caught LBE going online when it wasn't supposed to.

PDroid is safe too, but very hard to build into your ROM.
 

belek1979

Senior Member
Oct 7, 2008
486
50
Warsaw
my.opera.com
How about permission managera under Android 4.3? No root needed...

Is it possible to unlock APP ops without an third party APP? Just editing some file? I have got root
 

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    It is not possible and is a very bad idea to do by modifying the APK.

    I agree it'd be cool if Android was implemented to allow optional permissions. I hate adding permissions to my apps because I know some users don't want to give them. But Android is not designed this way.

    Here's how I and just about every other developer would do something like make use of the READ_PHONE_STATE permissions to read your IMEI:
    Code:
     TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
    String deviceId = tm.getDeviceId();

    Without the READ_PHONE_STATE permission, the above could would do this:
    13393-android_force_close_super.jpg


    It's possible for developers to write their code to handle not having a permission they expect to have:
    Code:
    String deviceId;
    try { TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
    deviceId = tm.getDeviceId();
    } catch (SecurityException ex) {
    deviceId = "1234";
    }

    However no app dev does this. And unless a future version of Android itself were to allow this, it's unlikely app devs would take the time to test and update their apps to gracefully degrade when the user has used some hacky method to restrict the app. (I wouldn't. I have to do enough testing already just supporting all the manufacture skins and custom roms.)

    If you question a permission you should ask the dev. And if you don't like the answer, or don't trust the dev, you should avoid the app.

    (DroidWall doesn't remove the INTERNET permission, it just firewalls off the app from using the internet. Looks like a network connection issue to the app, which already has to be handle gracefully.)
    1
    1
    Permissions manager for rooted phones from the author of Busybox: Permissions Denied.
    1
    This is really the worst "feature" of Android. Someone should fix it really fast even creating a "shadow" distro with patched permission manager (if it cannot be done as an add-on).

    Is anything new in this topic around?
    1
    Some apps ask for more permissions than I want to give them.

    Q: Is there an app that lets me allow/deny permissions per app?

    Did they ever release the TISSA app? I can't find anything about the app since last April.