FORUMS
Remove All Ads from XDA
Honor 7x
Win an Honor 7X!
Post Reply Email Thread
[Closing message]
Hi,

I am discontinuing the work on the Android Permission Spoofing Framework as I am not using Android anymore.
If anybody is interested in taking over the development I would be very happy to help her or him getting started as much as possible.
Feel free to contact me if you would like to work on it.

Sorry and have fun - Guhl
[End closing message]


This ROM is based on Andromadus CM11 Alpha. Besides the deep integration of the permission spoofing functionality the ROM is unchanged from Flinnys Andromadus CM11 builds!

In addition to the original Andromadus rom it includes the permission spoofing framework enhancement that was originally developed by Plamen K. Kosseff for Android 2.3. The functionality has been rebased to Android 4.4 and enhanced (a lot) by me and is now available.

My work was/is originally done for the HTC vision (G2/DZ) for which i provide ROMs based on ASOP and CM10.1.
If you as a developer want to add the permission spoofing framework to your ROM please go ahead it should be portable easily. I will keep the commit list updated. If you need help don't hesitate to ask!
Actually the main motivation to publish this is to inspire other developers to integrate this with their work.

The source of the enhancement can be found on github in the repositories:
android_frameworks_base
cm-android_frameworks_opt_telephony
cm-android_packages_apps_Settings

The current work is done in the cm-11.0 branch and the relevant commits are:

framework initial commit
framework bug fix 1
framework bug fix 2
frameworks telephony initial commit
app settings initial commit
framework permission spoofing - location
framework pff: infrastructure code cleanup
framework pff: infrastructure bug-fix in ContextImpl.java
framework pff: permission spoofing - contacts and phone log
framework pff: permission spoofing - calendar (Instances)
framework pff: permission spoofing - calendar (Instances - cleanup)
framework pff: permission revoking - initial commit
framework pff: add PFFInfoDatabase to make spoofed information persistent and changeable
framework pff: bug fix for permission revoking

What is permission spoofing
Permission spoofing means that the framework will return spoofed information to Apps instead of the original information based on permissions that the App requested during installation. The main motivation for the development of this functionality is the protection of the privacy of the phones owner.
Examples for spoofed information are:
  • Empty contact list instead of real contacts - READ_CONTACTS
  • False location instead of real location - ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION
  • False Information for phone id and phone number - READ_PHONE_STATE
  • Empty log instead of real phone call log - READ_CALL_LOG
  • Empty calendar list instead of real calendar entries - READ_CALENDAR
  • ....

Current implementation
Currently the following permissions are available:
READ_PHONE_STATE
While this permission allows the App to read the state of the phone (in call, ...) it also allows the App to read information like the phone number or the IMEI of the phone. Instead of revoking the permission that has to be granted to an App, permission spoofing provides spoofed information for this sensitive data.
ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION
Instead of the real location a location that can be set using the PFF-GPSPath will be reporte (the default spoofed location is the top of Mt. Everest). The implementation is not perfect yet (Google maps and Latitude still seem to know the coarse location - working on that)
READ_CONTACTS and READ_CALL_LOG
Instead of the contacts and the call log an empty list will be reported. The implementation sets the limit parameter of the query to 0 if the permission is spoofed.
READ_CALENDAR
The implementation changes the date for which the items will returned to the first week of 1970.

More permissions might be added in the future.

Usage
Spoofing can be enabled on a per App basis. To enable spoofing go to Settings - Apps, choose the App for which you want to spoof the permission. Below the spoofable permission will be a switch that can be set to On to enable spoofing or Off to disable spoofing for this App.

Optional Apps
The source of these apps is also available at https://github.com/guhl

PFF-GPSPath
The PFF-GPSPath App can be used to set the spoofed location and in addition it can also be used to define a path the can then be simulated in the App (by effectively moveing the spoofed location)!
HowTo for PFF-GPSPath HowTo

PFF-Settings
The PFF-Settings app provides the same functionality as App - Settings but in a more comprehensive way.
It provides a list of all Apps (including system Apps) that have a spoofable permission and allows you to set spoofing On/Off for them

PFF-Test
If you spoof a spoofable permission for the app PFF-Test you can check the info that the framework provides to PFF-Test

Downloads
ROM cm-11-20140108-UNOFFICIAL-vision-pff.zip (kind of stable version)
ROM cm-11-20140331-UNOFFICIAL-vision-pff.zip (nightly)
Gapps are not included in the rom - they can be found at SLIM ROM 4.4 gapps page
PFF-GPSPath_1_3.apk
PFF-AppSettings_1_1.apk
PFF-Test

Communication
I do not want to start a flame war on spoofing on XDA. Whiile spoofing is important for me I do understand people opposing it.
If you want to talk to me, the best way to do this is to look for me (Guhl) at #nexus4, #G2ROOT or #andromadus on freenode IRC.

Changelog
2014-03-31
  • Updated from Andromadus/CM - fixed SMS/MMS crash
2014-03-22
  • Updated from Andromadus/CM
2014-02-15
  • Updated from Andromadus/CM - no new spoofing
  • ROM is untested
2014-01-08
  • Rebased from AOSP 4.4 to Andromadus CM11 - ALPHA !!!

Credits
  • Plamen K. Kosseff for the original framework changes
  • Flinny for his huge work on the Andromadus roms and supporting me with my original development for the vision
  • pierre_ja, Nipqer, Hymie and all the others at #G2ROOT for their endless help and entertainment
The Following 6 Users Say Thank You to guhl99 For This Useful Post: [ View ] Gift guhl99 Ad-Free
9th January 2014, 11:06 AM |#2  
OP Senior Member
Thanks Meter: 521
 
More
Keep in mind - this is ALPHA
Hi,

at the moment the permission spoofing build that i posted today is based on Andromadus ALPHA.

Please have a look at [ROM][24-12-13][Flinny] Andromadus - CM10/11.0 - Vision [alpha2] to see what works and what does not.

There are problems with:
- installing gapps
- android standard browser
- GPS (maybe)
- ...

Have fun - Guhl
The Following 2 Users Say Thank You to guhl99 For This Useful Post: [ View ] Gift guhl99 Ad-Free
9th January 2014, 04:53 PM |#3  
demkantor's Avatar
Recognized Contributor
Flag mpls
Thanks Meter: 3,768
 
More
So glad to see you are making this! Keep it up my man, love your work!

Sent from my Nexus 4 using XDA Premium 4 mobile app
The Following User Says Thank You to demkantor For This Useful Post: [ View ] Gift demkantor Ad-Free
20th January 2014, 11:43 PM |#4  
Account currently disabled
Thanks Meter: 44
 
More
fantastic work, running great
2nd February 2014, 08:27 AM |#5  
soadfan's Avatar
Senior Member
Flag Sofia
Thanks Meter: 4
 
More
G Sensor works!
But when i hit revoke network access it turns on but isn't saved, so next time i enter app info it's off again (i've tested the app i revoked had network access) I want to remove avast and use this (for many reasons)
And looks like i need to restore apps + data via titanium back and than to move to sd-ext using link2sd, because restoring sd-ext via recovery console isn't working. Link2sd don't recognize any program, but when print info there's about 1gb used space on sdext so apps are there.
Now i'm swapping back to 4.2, and when have time to play with TB will migrate completely.
2nd February 2014, 10:39 AM |#6  
robuser007's Avatar
Senior Member
Thanks Meter: 89
 
More
I use xprivacy (having another phone): works also great (you need the exposed framework).
15th February 2014, 11:49 PM |#7  
OP Senior Member
Thanks Meter: 521
 
More
Updated ROM from Andromadus/CM - Test-Build available
Hi,

I did update the ROM from the Andromadus/CM sources and provides a test-build (see the OP).
As I am on holidays and ain't got a vision with me I can't test the ROM - but maybe someone wants to.

Have fun - Guhl
The Following 2 Users Say Thank You to guhl99 For This Useful Post: [ View ] Gift guhl99 Ad-Free
4th April 2014, 08:59 PM |#8  
ivifly's Avatar
Senior Member
Thanks Meter: 9
 
More
Thank you!
Thank you for the right step into more personal saefty!

Just a quetion. Why can i not aktivate the revoke stop for geting into the www?
And, why does any firewall not work?

Greetings and please continue your importaint work!
If i can help, just email me...

Lg ivi

Sent from my Desire Z using xda premium
5th April 2014, 12:12 AM |#9  
Account currently disabled
Thanks Meter: 44
 
More
Quote:
Originally Posted by ivifly

Thank you!
Thank you for the right step into more personal saefty!

Just a quetion. Why can i not aktivate the revoke stop for geting into the www?
And, why does any firewall not work?

Greetings and please continue your importaint work!
If i can help, just email me...

Lg ivi

Sent from my Desire Z using xda premium

as for the firewall I be-leave that's been messed up in the CM git hub , the Linux (android) packet filters are messed up, I could be wrong but I think that's the issue with FW programs
6th April 2014, 05:59 PM |#10  
ivifly's Avatar
Senior Member
Thanks Meter: 9
 
More
Ok, i installed it over and the contacts funtion works, and now i knew why
But beside this, the revoke botton is now keeping the positoon on or off BUT therre is NO influence into the networkfunktion.
I mean, still the funktion seams to work, but the apps can still get into the www ;(

Or, do i use it on some way worng?
...
Lg ivi

Sent from my Desire Z using xda premium
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes