• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[APP][XPOSED][6.0+] XPrivacyLua - Android privacy manager

Search This thread

christantoan

Senior Member
Oct 9, 2015
218
94
OnePlus 3T
OnePlus 7 Pro
How do I get the fake location to work? I brought it from the companion pro app. I open the app and scroll down to fake location. I select the "Set" location. Give the numbers in and click save. Then open my app up and the location is still my actual location.
If you're using LSPosed, make sure you have selected the app in the LSPosed Manager
 
  • Like
Reactions: xringo

Fif_

Senior Member
Jun 5, 2013
1,148
1,209
Google Nexus 10
Google Nexus 4
How do I get the fake location to work? I brought it from the companion pro app. I open the app and scroll down to fake location. I select the "Set" location. Give the numbers in and click save. Then open my app up and the location is still my actual location.
You also need the location restriction enabled for the app. And if you use LSPosed or EdExposed in whitelist mode, the app has to be added to XPrivacyLua's scope or to the whitelist.
 

suzukar

Member
Jan 27, 2019
7
0
It looks like the app is using the shell to retrieve system properties. You can use the Runtime.exec family of hooks to prevent that leak, they're available in the hook repository. Use the Fif versions (which can do filtering) and not the M66B versions (which only perform logging).
I've attached what this app can see under the System tab with a full set of hooks. Not much left, only information relevant to the app (DPI, Android version amongst others).
I refer to your custom hook, "FingerprintManager.isHardwareDetected" is grayed out
stock hook "Build.Fingerprint" is enabled
Is there a step I'm missing? Please advise.
 

Attachments

  • photo_1.jpg
    photo_1.jpg
    76.6 KB · Views: 65
  • photo_2.jpg
    photo_2.jpg
    49 KB · Views: 64

Fif_

Senior Member
Jun 5, 2013
1,148
1,209
Google Nexus 10
Google Nexus 4
I refer to your custom hook, "FingerprintManager.isHardwareDetected" is grayed out
stock hook "Build.Fingerprint" is enabled
Is there a step I'm missing? Please advise.
What exactly is your question?
These two hooks are completely unrelated:
FingerprintManager.isHardwareDetected is about hiding the fingerprint reader from apps, and is only available for Oreo and earlier (that's why it's grayed out).
Build.Fingerprint is about hiding the Android build fingerprint.
 

suzukar

Member
Jan 27, 2019
7
0
What exactly is your question?
These two hooks are completely unrelated:
FingerprintManager.isHardwareDetected is about hiding the fingerprint reader from apps, and is only available for Oreo and earlier (that's why it's grayed out).
Build.Fingerprint is about hiding the Android build fingerprint.
Thanks for the reply, I understand.
 

Danmann

Senior Member
Jan 11, 2015
487
125
pwoss.org
If you're using LSPosed, make sure you have selected the app in the LSPosed Manager
Is there a way to automatically select new apps?

I asked them but the issue got closed really quickly:
Maybe you @M66B can have a look?
 
Last edited:

Danmann

Senior Member
Jan 11, 2015
487
125
pwoss.org
If you're using LSP, AFAIK no as I don't think the integration between XPL and LSP works currently. Ideally, when you restrict an app in XPL, it should also enable the app in LSP.
My partner is using xprivacylua, afwall etc but it's hard for her to keep everything in mind. It would be great to make it easy as much as possible for non tech savvy people. I mean even for me it's annoying but only because I use the kiss launcher and I have to type the code in the phone app everytime because the shortcut isn't available...
 
  • Like
Reactions: christantoan

Fif_

Senior Member
Jun 5, 2013
1,148
1,209
Google Nexus 10
Google Nexus 4
My partner is using xprivacylua, afwall etc but it's hard for her to keep everything in mind. It would be great to make it easy as much as possible for non tech savvy people. I mean even for me it's annoying but only because I use the kiss launcher and I have to type the code in the phone app everytime because the shortcut isn't available...
I'm in a similar situation, and I have a bash script and an Automate flow to automatically add apps to a set of configurable Xposed modules (XPrivacyLua, MinMinGuard, etc).
It works by modifying the LSPosed SQLite3 database.
However there's a flaw in that the changes are only picked up by LSPosed after a reboot. Probably because LSPosed caches the contents of the database for performance reasons. There may be a way to force LSPosed to reread the database (kill lspd, send it an intent) but I haven't found it yet.
So, after installing an app, you are not protected by XPL until you reboot.
 

Danmann

Senior Member
Jan 11, 2015
487
125
pwoss.org
I'm in a similar situation, and I have a bash script and an Automate flow to automatically add apps to a set of configurable Xposed modules (XPrivacyLua, MinMinGuard, etc).
It works by modifying the LSPosed SQLite3 database.
However there's a flaw in that the changes are only picked up by LSPosed after a reboot. Probably because LSPosed caches the contents of the database for performance reasons. There may be a way to force LSPosed to reread the database (kill lspd, send it an intent) but I haven't found it yet.
So, after installing an app, you are not protected by XPL until you reboot.
Do you share your setup?
 

Soumy1234

Senior Member
Aug 19, 2017
624
176
I'm in a similar situation, and I have a bash script and an Automate flow to automatically add apps to a set of configurable Xposed modules (XPrivacyLua, MinMinGuard, etc).
It works by modifying the LSPosed SQLite3 database.
However there's a flaw in that the changes are only picked up by LSPosed after a reboot. Probably because LSPosed caches the contents of the database for performance reasons. There may be a way to force LSPosed to reread the database (kill lspd, send it an intent) but I haven't found it yet.
So, after installing an app, you are not protected by XPL until you reboot.
Would you mind PM'ing me the instructions for your setup?
 

ahasae

Senior Member
Nov 9, 2012
121
31
Hiz everyone
How i can get read of this error
I already uninstalled xprivacylua but the app addiction still showing the app in my system
 

Attachments

  • Screenshot_20211028-140039.jpg
    Screenshot_20211028-140039.jpg
    330.1 KB · Views: 69

rpcll

Senior Member
Aug 14, 2014
75
6
Xposed module FakeGapps recently had a patch that circumvents the need for enabling all new apps manually in LSPosed. Is this approach feasible for XPriavcyLua too?

 

Fif_

Senior Member
Jun 5, 2013
1,148
1,209
Google Nexus 10
Google Nexus 4
Xposed module FakeGapps recently had a patch that circumvents the need for enabling all new apps manually in LSPosed. Is this approach feasible for XPriavcyLua too?

No, this wouldn't work for XPL.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Hi, I've tried to find a solution, but even after trying to search this thread I'm not any smarter.

    I've set the public.storage (via hook definitions) accidently for a wrong app any my device is now boot looping. I disabled xprivacylua via recovery, rebooted, tried to delete its data and enabled it again. I tried other things, but no matter if I install the module from scratch or whatever - it always keeps its settings and I just cannot enable it because it causes boot loop. So I also cannot open the xprivlua app to configure it.
    Is there any way to either remove hook definitions via adb, recovery or reset xprivacylua settings outside of the app?

    I suspect that it stores its configs in /data/system/xlua/xlua.db ? If I delete that file, will it reset everything? And is that the only way to resolve the issue or is there a way to delete a downloaded hook definition?

    EDIT: Solved! I've backed up xlua.db, deleted it, rebooted and finally I was able to use my device again. Then I restored the xlua.db, stopped xlua apps, started them again, and all my work was back and I was able to properly config everything.

    If someone else with a similar problems comes here, I hope it helps.
    4
    discussing IMEI hacking is frowned upon.
    Hello and good morning, @Fif_

    You're absolutely correct with above. We do not accept any discussions about or support for IMEI edits or changes on XDA.
    I just want to add some more clarification. If it's about the repair or restoration of the original IMEI (that's somehow lost during ROM flashing etc.) such support is accepted. Same applies to discussions about or support for IMEI spoofing or masking, which is mainly used out of privacy concerns (but obviously no talks about its use for illegal purposes are of course accepted!). So, it's fine as long as it happens on software level and nothing tampers with the actual IMEI that must remain unchanged.
    3
    At the risk of being a little OT, did anyone get this working on Android 12? A nudge in the right direction is appreciated thanks
    Yes. On a Pixel 6 and using the combination below Xprivacy Lua works. The only (important to some) is that banking apps don't work as they see the root.
    To hide root in this version of Magisk enable Zygisk/Enforce Deny list / add then apps you want to hide root from. However this disables Lsposed and hence Lua. So currently you have to decide which one is more important to you.

    Magisk Canary 23013
    Riru-LSPosed 1.6.3
    Riru 26.1.3

    I have tried various combinations but can't get them both to work with one setup. Looking to return the phone.
    3
    I know that I can DENY giving an app "Location Permission" (via the app settings which is different then in XPLUA), and I know that I can block the app from getting my location (or even fake it) using the XPLUA app.

    But what about apps that even if you fake the location, the app still can detect that the "device's" location services is not running and forces you to turn it on.

    This is a problem, because even though the app will get a fake location (via xplua) when I turn on the device's location, the OS (Android) system will then be able to get my location for real (and thus google gets it - which makes this a privacy issue and related to XPLUA).

    So, is there a way to get an app to think that the 'devices' location service is enabled/on, but it is actually NOT on?
    While it should be doable to hook LocationManager.isProviderEnabled and friends, I don't think it would achieve what you'd want.
    If you have location really disabled, when the app will query isProviderEnabled, it would fake it to enabled. But then when the actual location API is invoked, I think the existing location hooks would not be invoked and the app would still get no location (either real or fake).
    Maybe @M66B can shed some light here.
    Anyways, I personally trust XPL to fake (or fuzz) location for all the apps that I want it to, and leave location on all the time.
    3
    This is probably a system property leaking.
    Make sure you have shell restrictions enabled (ProcessBuilder* and Runtime.*, both Fif versions) as well as the two SystemProperties.get*/custom enabled and configured.
    The shell restrictions won't let any commands through, it's a whitelist that's empty by default. Applications may require tweaking the whitelist regexp if they crash.
    But the properties are a blacklist that needs to be configured, or the hooks won't block anything. Search this thread for sample configurations that I've posted. You may have to configure the properties blacklist for your device as well as the list of properties varies from model to model, android versions, etc.
    Yes, I have ProcessBuilder* and Runtime.* installed, both Fif versions, but SystemProperties.get*/custom was not installed and configured. Now I've done that by putting in the hooks from your last post:
    bluetooth.fwversion gsm.operator.alpha gsm.operator.iso-country gsm.operator.numeric gsm.serial gsm.sim. gsm.version. net.bt.name net.dns net.hostname net.r_rmnet net.rmnet oem.device.imeicache oplib. persist.radio.bksim. persist.radio.ddssim. persist.service.bdroid.bdaddr persist.sys.version ro.board.platform ro.boot.bootloader ro.boot.pcba_number ro.boot.serialno ro.boot.veri ro.bootimage. ro.bootloader ro.build. ro.carrier ro.cm. ro.cmlegal ro.expect.recovery_id ro.modversion ro.recovery_id ro.expect_recovery_id ro.product.b ro.product.d ro.product.f ro.product.m ro.product.n ro.runtime.firstboot selinux.restorecon ro.vendor. ro.serialno wc_transport.stack_bdaddr

    However, some parameters were indeed hidden, such as the platform, but the GPS still identifies. Thanks for the reply. I guess chasing privacy can be endless. I've learned that if an app really wants to identify me, it will do it no matter how hard I try. This app and hooks are the only solution to this kind of thing anyway
  • 304
    XPrivacyLua

    banner_play_store.png


    Really simple to use privacy manager for Android 6.0 Marshmallow and later (successor of XPrivacy).

    Revoking Android permissions from apps often let apps crash or malfunction. XPrivacyLua solves this by feeding apps fake data instead of real data.

    Features:

    • Simple to use
    • Manage any user or system app
    • Extensible
    • Multi-user support
    • Free and open source

    See here for all details, including installation instructions and download link.

    Please read the frequently asked questions before asking a question.

    This XDA thread is about using the latest version of XPrivacyLua. Off topic comments are allowed as long they are related to XPrivacyLua and are in the general interest of the followers of this thread, but anything not related to privacy is not allowed.

    If XPrivacyLua doesn't work and/or when "module not running or updated" is shown, this is almost always caused by an Xposed problem.

    Discussions about purchases are not allowed here, please contact me via here instead.

    XPrivacyLua is being maintained and supported, but new features won't be added anymore.

    Custom hook definitions will always be part of XPrivacyLua, but there will be community support only. This means that I won't respond to questions about defining custom hooks anymore. See this thread for the reasons.

    If you value your privacy, please consider to support this project with a donation or by purchasing pro features.

    XPrivacyLua is not a permission manager, but a privacy manager. XPrivacyLua doesn't block things and doesn't revoke permissions, but does replace real data by fake data. This means you can grant Android permissions to an app and still let XPrivacyLua prevent the app from seeing privacy sensitive data. Revoking permissions can result in an app refusing to work and/or to crash. However, replacing real by fake data generally doesn't let an app crash.

    Currently restrictions are quite crude because they mostly replace real data by no data. For example restricting the contacts app from getting contacts will result in an empty contact list. In the near future it might be made possible to select the data an app may see, for example just one group of contacts.

    About feature requests and bug reports:

    The goal is to have a tool that can properly protect the privacy of many in the near future. However, it isn't paid work, so I do whatever I like whenever I like it.

    You can request features in this XDA forum. I will read them, but I will not respond to them and they might or might not be implemented. If I know for sure something will not be implemented, I will let you know.

    You can report any problem you have here. There will be no issue tracker on GitHub.

    For now I have decided to not implement restrictions that are useful to prevent tracking only. There are simply too many data items that can be used for tracking and it would take too much time to develop restrictions for all these data items.

    The basic idea is to restrict only things that 'define' you, so which contacts you have, where you are, which apps you use, etc.

    Maybe we can widen the definition of things that the core of XPL covers to "What defines you, and what can be used to spie on you"? This would include camera/audio, but not tracking.

    XPrivacyLua is pretty feature complete and will be maintained and supported and when there is a need new hook definitions will be added to better protect your privacy. For the rest this FAQ applies:

    https://github.com/M66B/XPrivacyLua/blob/master/FAQ.md#FAQ4

    As said before, development will also depend on Xposed development, which is just minimal unfortunately.

    XDA thanks and donations are appreciated.

    XPrivacyLua is supported with Xposed only. There is no support for VirtualXposed and TaiChi.


    XDA:DevDB Information
    XPrivacyLua, Xposed for all devices (see above for details)

    Contributors
    M66B
    Source Code: https://github.com/M66B/XPrivacyLua

    Xposed Package Name: eu.faircode.xlua

    Version Information
    Status:
    Beta

    Created 2018-01-05
    Last Updated 2020-03-10
    68
    I have just released beta version 0.5 in the Xposed repository.

    The XPrivacyLua framework and user interface seems to be stable enough to call this a beta release.

    Besides several bug fixes and improvements two new restrictions were added:
    • Read account name, which mostly holds your e-mail address and will be replace by '[email protected]' when restricted
    • Read clipboard, which will be replaced by the text 'Private' when restricted

    Furthermore the ability to restrict Android system (be careful!) and to restrict system apps was added. It is possible to restrict all of these individually (XPrivacy could not do that).

    Be sure to take a look at the help page in the app again (use the ?-icon), since there were some useful hints added.

    If you appreciate what I am building here, please let me know by means of an XDA thanks and/or a donation, so that I don't get the feeling 'What am I doing this for?'.
    59
    I have just released alpha version 0.12 in the Xposed repository.

    This version has been redesigned for Android Oreo compatibility. The user interface and the restrictions work properly for me, but be aware that a lot has been changed on the inside ("it is bigger on the inside", lol), also for earlier Android versions. There is one thing I know of that needs improving and that is that the user interface might be updated too often with a lot of restrictions, which might cause delays and hangs. I will look into this tomorrow.

    This change was necessary, but it was a lot of work, so XDA thanks and donations are appreciated.
    56
    I have just released beta version 0.25 in the Xposed repository.

    Changelog:

    With this release XPrivacyLua restriction's can be compared with XPrivacy's. There are now over 100 restriction definitions!

    XDA thanks and donations are appreciated.
    53
    @CHEF-KOCH You have been given enough time to respond here. Now I just think it is pretty cowardly to write critical about XPrivacyLua, but not to tell what can actually be improved, especially because you were invited to do so.

    I still like to hear how XPrivacyLua can be improved, but I don't want to hear what is wrong with XPrivacyLua. You'll need to keep the scope of XPrivacyLua in mind (in short: privacy, not security), see the opening post and previous discussions about this for more information.

    Also, if you really know better, I like to see an original work from your hands to prove that. Actions speak louder than words.

    As it is now, you are discouraging one of the few people in the world who really did something substantial to improve privacy on Android. And don't go talking about VPNs, TOR, etc because your private information, like your contacts, will still leak.

    I also think you are pretty ungrateful for what I did so far.

    To others: if you see someone reference one of his blogs, please reference this comment in response.

    Edit: if you agree with this, please add an XDA thanks to this comment, so it will show up in the right column as a reference for others.