[dexdump] εxodus >TRACKERS< apk static analysis

[oF2pks]

>TRACKERS< apk static analysis was already available, on android, with AddonsDetectors ; thanks to non-profit εxodus, we have an open source, multi-platform tool, to analyze embedded trackers in apk, on android & PCs, using dexdump.
With it, Rom-developers can scan their already built apps, like webview or Turbo (DeviceHealthServices Google LLC), to countercheck their 'integrity'.

Analysis is based on cross examination of εxodusJSON & dexdump*apk. On android, dexdump can be found in /system/bin https://exodus-privacy.eu.org/media/static_analysis.png

For Playstore installed apps only , you can straight use open-source εxodus.apk https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy, or directly query online.

On Android, check pilot apk ClassyShark3xodus.apk to cross-analyze classes with 361 Exodus' trackers; LongPress touch, on "launch-able (via icons)" packages_list, displays all full classes.
: added unique permission READ_EXTERNAL_STORAGE to scan *.apk, including ones not yet installed with any FileManager.
: included app_PackagesInfo.apk to scan ALL installed packages (via 2°screen/3dots)
: simple mime +fastscroll +icons
: sub-stats via About/3dots
: sharedUserid and permission.READ_LOGS detection
: search & basic quickToggle switch option

Edit : NOW ON F-Droid https://f-droid.org/en/packages/com.oF2pks.classyshark3xodus/​

Press on class to get synthetic viewer.
No internet required + zero permissions !
KitKat: due to missing getCodeCacheDir()/api21 ClassySharks can crash after multiple successive attempts

On PCs with python3 (&virtualenv), check exodus-standalone to scan any kind of apps package: *apk.
Otherwise with bash (& attached aapt-dexdump_Linux64.tar.gz with lib64/libc++.so) and working grep -P (pcre) you can also perform any apk like (latest Playstore) firefox61.0.2:

./dexdump firefox.apk | grep "Class descriptor" | sed 's/ Class descriptor : //' | grep / | sed 's/\//./g' |sort | uniq > tt.txt

curl -s https://reports.exodus-privacy.eu.org/api/trackers | grep -Po '"code_signature":.*?[^\\]",' | sed 's/"code_signature": //' | sed 's/"",/".",/' | sed 's/|/",\n"/g' | sed 's/"//' | sed 's/",//' | sort | uniq | sed -n '1!p' | xargs -I {} grep {} tt.txt

or simply use attached today signatures :
cat signatures20182408.txt | xargs -I {} grep {} tt.txt

To get more info on apk :
./aapt d badging firefox.apk

On android copy firefox.apk on sdcard
cd sdcard && curl32 -s https://reports.exodus-privacy.eu.org/api/trackers | grep64 --buffer-size=10000K -o '"code_signature":.*?[^\\]",' | sed 's/"code_signature": //' | sed 's/"",/".",/' | sed 's/|/",\n"/g' | sed 's/"//' | sed 's/",//' | sort | uniq | sed -n '1!p' > signatures.txt
--> code signature of these trackers in firefox

    Adjust...com.adjust.sdk. *41
    Google Analytics...com.google.android.gms.analytics. *112
    Google Firebase Analytics...com.google.android.gms.measurement. *125
    LeanPlum...com.leanplum. *262

[εxodus-STANDALONE: python exodus_analyze.py firefox.apk]

=== Information
- APK path: firefox.apk
- APK sum: 31ca22d9977f14b0cf13fa0075ac2acc96070491086498819f1c9adbf92223a8
- App version: 61.0.2
- App version code: 2015574793
- App UID: 0992532694558859C09D4071243035F6FE5A20EC
- App name: Firefox
- App package: org.mozilla.firefox
- App permissions: 32
    - android.permission.GET_ACCOUNTS
    - android.permission.ACCESS_NETWORK_STATE
    - android.permission.MANAGE_ACCOUNTS
    - android.permission.USE_CREDENTIALS
    - android.permission.AUTHENTICATE_ACCOUNTS
    - android.permission.WRITE_SYNC_SETTINGS
    - android.permission.WRITE_SETTINGS
    - android.permission.READ_SYNC_STATS
    - android.permission.READ_SYNC_SETTINGS
    - org.mozilla.firefox_fxaccount.permission.PER_ACCOUNT_TYPE
    - com.google.android.c2dm.permission.RECEIVE
    - org.mozilla.firefox.permission.C2D_MESSAGE
    - com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY
    - android.permission.CHANGE_WIFI_STATE
    - android.permission.ACCESS_WIFI_STATE
    - android.permission.ACCESS_COARSE_LOCATION
    - android.permission.ACCESS_FINE_LOCATION
    - android.permission.ACCESS_NETWORK_STATE
    - android.permission.INTERNET
    - android.permission.RECEIVE_BOOT_COMPLETED
    - android.permission.READ_EXTERNAL_STORAGE
    - android.permission.WRITE_EXTERNAL_STORAGE
    - com.android.launcher.permission.INSTALL_SHORTCUT
    - com.android.launcher.permission.UNINSTALL_SHORTCUT
    - com.android.browser.permission.READ_HISTORY_BOOKMARKS
    - android.permission.WAKE_LOCK
    - android.permission.VIBRATE
    - android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
    - android.permission.SYSTEM_ALERT_WINDOW
    - android.permission.NFC
    - android.permission.RECORD_AUDIO
    - android.permission.CAMERA
- Certificates: 1
    - Issuer: countryName=US, stateOrProvinceName=California, localityName=Mountain View, organizationName=Mozilla Corporation, organizationalUnitName=Release Engineering, commonName=Release Engineering 
Subject: countryName=US, stateOrProvinceName=California, localityName=Mountain View, organizationName=Mozilla Corporation, organizationalUnitName=Release Engineering, commonName=Release Engineering 
Fingerprint: 920f4876a6a57b4a6a2f4ccaf65f7d29ce26ff2c 
Serial: 1282604424
=== Found trackers: 4
- Google Firebase Analytics
- LeanPlum
- Google Analytics
- Adjust

./aapt d badging firefox.apk

package: name='org.mozilla.firefox' versionCode='2015574793' versionName='61.0.2' platformBuildVersionName=''
install-location:'internalOnly'
sdkVersion:'16'
targetSdkVersion:'23'
uses-permission: name='android.permission.GET_ACCOUNTS'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.MANAGE_ACCOUNTS'
uses-permission: name='android.permission.USE_CREDENTIALS'
uses-permission: name='android.permission.AUTHENTICATE_ACCOUNTS'
uses-permission: name='android.permission.WRITE_SYNC_SETTINGS'
uses-permission: name='android.permission.WRITE_SETTINGS'
uses-permission: name='android.permission.READ_SYNC_STATS'
uses-permission: name='android.permission.READ_SYNC_SETTINGS'
uses-permission: name='org.mozilla.firefox_fxaccount.permission.PER_ACCOUNT_TYPE'
uses-permission: name='com.google.android.c2dm.permission.RECEIVE'
uses-permission: name='org.mozilla.firefox.permission.C2D_MESSAGE'
uses-permission: name='com.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY'
uses-permission: name='android.permission.CHANGE_WIFI_STATE'
uses-permission: name='android.permission.ACCESS_WIFI_STATE'
uses-permission: name='android.permission.ACCESS_COARSE_LOCATION'
uses-permission: name='android.permission.ACCESS_FINE_LOCATION'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.RECEIVE_BOOT_COMPLETED'
uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
uses-permission: name='android.permission.WRITE_EXTERNAL_STORAGE'
uses-permission: name='com.android.launcher.permission.INSTALL_SHORTCUT'
uses-permission: name='com.android.launcher.permission.UNINSTALL_SHORTCUT'
uses-permission: name='com.android.browser.permission.READ_HISTORY_BOOKMARKS'
uses-permission: name='android.permission.WAKE_LOCK'
uses-permission: name='android.permission.VIBRATE'
uses-permission: name='android.permission.DOWNLOAD_WITHOUT_NOTIFICATION'
uses-permission: name='android.permission.SYSTEM_ALERT_WINDOW'
uses-permission: name='android.permission.NFC'
uses-permission: name='android.permission.RECORD_AUDIO'
uses-permission: name='android.permission.CAMERA'
application-label:'Firefox'
application-label-af:'Firefox'
application-label-am:'Firefox'
application-label-an:'Firefox'
application-label-ar:'Firefox'
application-label-as:'Firefox'
application-label-ast:'Firefox'
application-label-az:'Firefox'
application-label-az-AZ:'Firefox'
application-label-be:'Firefox'
application-label-bg:'Firefox'
application-label-bn-BD:'Firefox'
application-label-bn-IN:'Firefox'
application-label-br:'Firefox'
application-label-bs:'Firefox'
application-label-ca:'Firefox'
application-label-cak:'Firefox'
application-label-cs:'Firefox'
application-label-cy:'Firefox'
application-label-da:'Firefox'
application-label-de:'Firefox'
application-label-dsb:'Firefox'
application-label-el:'Firefox'
application-label-en-AU:'Firefox'
application-label-en-GB:'Firefox'
application-label-en-IN:'Firefox'
application-label-en-ZA:'Firefox'
application-label-eo:'Firefox'
application-label-es:'Firefox'
application-label-es-AR:'Firefox'
application-label-es-CL:'Firefox'
application-label-es-ES:'Firefox'
application-label-es-MX:'Firefox'
application-label-es-US:'Firefox'
application-label-et:'Firefox'
application-label-et-EE:'Firefox'
application-label-eu:'Firefox'
application-label-eu-ES:'Firefox'
application-label-fa:'Firefox'
application-label-ff:'Firefox'
application-label-fi:'Firefox'
application-label-fr:'Firefox'
application-label-fr-CA:'Firefox'
application-label-fy-NL:'Firefox'
application-label-ga-IE:'Firefox'
application-label-gd:'Firefox'
application-label-gl:'Firefox'
application-label-gl-ES:'Firefox'
application-label-gn:'Firefox'
application-label-gu-IN:'Firefox'
application-label-hi:'Firefox'
application-label-hi-IN:'Firefox'
application-label-hr:'Firefox'
application-label-hsb:'Firefox'
application-label-hu:'Firefox'
application-label-hy-AM:'Firefox'
application-label-in:'Firefox'
application-label-is:'Firefox'
application-label-is-IS:'Firefox'
application-label-it:'Firefox'
application-label-iw:'Firefox'
application-label-ja:'Firefox'
application-label-ka:'Firefox'
application-label-ka-GE:'Firefox'
application-label-kab:'Firefox'
application-label-kk:'Firefox'
application-label-kk-KZ:'Firefox'
application-label-km-KH:'Firefox'
application-label-kn:'Firefox'
application-label-kn-IN:'Firefox'
application-label-ko:'Firefox'
application-label-ky-KG:'Firefox'
application-label-lo:'Firefox'
application-label-lo-LA:'Firefox'
application-label-lt:'Firefox'
application-label-lv:'Firefox'
application-label-mai:'Firefox'
application-label-mk-MK:'Firefox'
application-label-ml:'Firefox'
application-label-ml-IN:'Firefox'
application-label-mn-MN:'Firefox'
application-label-mr:'Firefox'
application-label-mr-IN:'Firefox'
application-label-ms:'Firefox'
application-label-ms-MY:'Firefox'
application-label-my:'Firefox'
application-label-my-MM:'Firefox'
application-label-nb:'Firefox'
application-label-nb-NO:'Firefox'
application-label-ne-NP:'Firefox'
application-label-nl:'Firefox'
application-label-nn-NO:'Firefox'
application-label-oc:'Firefox'
application-label-or:'Firefox'
application-label-pa-IN:'Firefox'
application-label-pl:'Firefox'
application-label-pt:'Firefox'
application-label-pt-BR:'Firefox'
application-label-pt-PT:'Firefox'
application-label-rm:'Firefox'
application-label-ro:'Firefox'
application-label-ru:'Firefox'
application-label-si-LK:'Firefox'
application-label-sk:'Firefox'
application-label-sl:'Firefox'
application-label-son:'Firefox'
application-label-sq:'Firefox'
application-label-sq-AL:'Firefox'
application-label-sr:'Firefox'
application-label-sv:'Firefox'
application-label-sv-SE:'Firefox'
application-label-sw:'Firefox'
application-label-ta:'Firefox'
application-label-ta-IN:'Firefox'
application-label-te:'Firefox'
application-label-te-IN:'Firefox'
application-label-th:'Firefox'
application-label-tl:'Firefox'
application-label-tr:'Firefox'
application-label-trs:'Firefox'
application-label-uk:'Firefox'
application-label-ur:'Firefox'
application-label-ur-PK:'Firefox'
application-label-uz:'Firefox'
application-label-uz-UZ:'Firefox'
application-label-vi:'Firefox'
application-label-wo:'Firefox'
application-label-xh:'Firefox'
application-label-zam:'Firefox'
application-label-zh-CN:'Firefox'
application-label-zh-HK:'Firefox'
application-label-zh-TW:'Firefox'
application-label-zu:'Firefox'
application-icon-160:'res/drawable-hdpi-v4/icon.png'
application-icon-213:'res/drawable-hdpi-v4/icon.png'
application-icon-240:'res/drawable-hdpi-v4/icon.png'
application-icon-320:'res/drawable-xhdpi-v4/icon.png'
application-icon-480:'res/drawable-xxhdpi-v4/icon.png'
application-icon-640:'res/drawable-xxxhdpi-v4/icon.png'
application-icon-65535:'res/drawable-xxxhdpi-v4/icon.png'
application: label='Firefox' icon='res/drawable-hdpi-v4/icon.png'
feature-group: label=''
  uses-gl-es: '0x20000'
  uses-feature-not-required: name='android.hardware.audio.low_latency'
  uses-feature-not-required: name='android.hardware.camera'
  uses-feature-not-required: name='android.hardware.camera.any'
  uses-feature-not-required: name='android.hardware.camera.autofocus'
  uses-feature-not-required: name='android.hardware.location'
  uses-feature-not-required: name='android.hardware.location.gps'
  uses-feature-not-required: name='android.hardware.microphone'
  uses-feature-not-required: name='android.hardware.nfc'
  uses-feature: name='android.hardware.touchscreen'
  uses-feature: name='android.hardware.wifi'
  uses-implied-feature: name='android.hardware.wifi' reason='requested android.permission.ACCESS_WIFI_STATE permission, and requested android.permission.CHANGE_WIFI_STATE permission'
main
other-activities
other-receivers
other-services
supports-screens: 'small' 'normal' 'large' 'xlarge'
supports-any-density: 'true'
locales: '--_--' 'af' 'am' 'an' 'ar' 'as' 'ast' 'az' 'az-AZ' 'be' 'bg' 'bn-BD' 'bn-IN' 'br' 'bs' 'ca' 'cak' 'cs' 'cy' 'da' 'de' 'dsb' 'el' 'en-AU' 'en-GB' 'en-IN' 'en-ZA' 'eo' 'es' 'es-AR' 'es-CL' 'es-ES' 'es-MX' 'es-US' 'et' 'et-EE' 'eu' 'eu-ES' 'fa' 'ff' 'fi' 'fr' 'fr-CA' 'fy-NL' 'ga-IE' 'gd' 'gl' 'gl-ES' 'gn' 'gu-IN' 'hi' 'hi-IN' 'hr' 'hsb' 'hu' 'hy-AM' 'in' 'is' 'is-IS' 'it' 'iw' 'ja' 'ka' 'ka-GE' 'kab' 'kk' 'kk-KZ' 'km-KH' 'kn' 'kn-IN' 'ko' 'ky-KG' 'lo' 'lo-LA' 'lt' 'lv' 'mai' 'mk-MK' 'ml' 'ml-IN' 'mn-MN' 'mr' 'mr-IN' 'ms' 'ms-MY' 'my' 'my-MM' 'nb' 'nb-NO' 'ne-NP' 'nl' 'nn-NO' 'oc' 'or' 'pa-IN' 'pl' 'pt' 'pt-BR' 'pt-PT' 'rm' 'ro' 'ru' 'si-LK' 'sk' 'sl' 'son' 'sq' 'sq-AL' 'sr' 'sv' 'sv-SE' 'sw' 'ta' 'ta-IN' 'te' 'te-IN' 'th' 'tl' 'tr' 'trs' 'uk' 'ur' 'ur-PK' 'uz' 'uz-UZ' 'vi' 'wo' 'xh' 'zam' 'zh-CN' 'zh-HK' 'zh-TW' 'zu'
densities: '160' '213' '240' '320' '480' '640' '65535'
native-code: 'armeabi-v7a'

For odex /system packages; check
-PC: {baksmali list classes} on *.odex or {dextra} on *.vdex http://newandroidbook.com/tools/dextra.html
-android: {oatdump --oat-file=} on *.odex

For android check attached Magisk systemless module with aapt32 curl32 (curl 7.43.0-DEV Android 6.0.1 armv7-a-neon) and grep64 (pcre2grep version 10.22 2016-07-29)

More info for: "tracking software on smartphones" https://theintercept.com/2017/11/24...stine-trackers-found-in-popular-android-apps/
Related tools: https://github.com/ashishb/android-security-awesome

 

[jawz101]

So you make this app now on fdroid? Could there be a way to have it also display all classes not already defined.

Like, 2 options:
1- show classes detected by Exodus signatures

2-
show classes not detected by Exodus signatures
and not com.android.*
and not com.google.*
and not com.firstpartypackage.*

And then a search option

That would be like a way to find new stuff.

Oh, and another complementary tool you might be interested in is called Dexplorer

https://play.google.com/store/apps/details?id=com.dexplorer

I love that you made this. It's raw output and styling gives a feel that "I'm analyzing something" and "wow! Look at all of that crap!"


The only thing I might change on the branding is the icon and name. The only reason I recognized it was because it had Exodus in the name. Maybe 10 other people in the world would make that connection. Just an opinion.

Or give it a snazzy tagline like "The World Famous Zuckerberg NSA Cryptominer Detector- GDPR Edition". That will turn heads.

Thanks!

 

[oF2pks]

ClassySharkExodus upgrade to latest ExodusPrivacy database is on the go on F-Droid: 202
More info https://gitlab.com/oF2pks/3xodusprivacy-toolbox

LongPress gives access to all classes.

...
show classes not detected by Exodus signatures
...
And then a search option
...

For xda Only, attached in first post is edition with search option; also attached is app_PackagesInfo which includes additional full scan option (plus sorted permissions, with '=3' when granted). I will finalize these cosmetics on F-Droid later.
@jawz101 , btw; Etip Exodus wip database is now accessible: https://etip.exodus-privacy.eu.org/trackers/export , thx for your previous extractions.
EDIT : added basic quick Toggle to switch between full & Exodus classes list without recalculation.

 

[MDV106]

Just discovered this on fdroid. Cool app

 

[Essy1]

Hello

 

[yochananmarqos]

ClassyShark3xodus conflicts with PackageInstaller when opening an APK. It asks every time if I want to open with PackageInstaller or ClassyShark3xodus even though I choose Always for PackageInstaller. There are no defaults set for ClassyShark3xodus and defaults are set for PackageInstaller.

I'm using ClassyShark3xodus 1.0-7 from F-Droid on my OnePlus 7 Pro (see sig).

 

[oF2pks]

ClassyShark3xodus conflicts with PackageInstaller when opening an APK. It asks every time if I want to open with PackageInstaller or ClassyShark3xodus even though I choose Always for PackageInstaller. There are no defaults set for ClassyShark3xodus and defaults are set for PackageInstaller.

I'm using ClassyShark3xodus 1.0-7 from F-Droid on my OnePlus 7 Pro (see sig).

For the conflict, it is solely related to manifest intent declaration : https://bitbucket.org/oF2pks/fdroid...oid/app/src/main/AndroidManifest.xml#lines-34.
Uninstall ClassyShark and try F-Droid safe Stanley app (same process intent) to countercheck your PackageInstaller behaviour.

If you don't have Magisk installed, then it looks like a bug in Oneplus rom: ClassyShark (& Stanley) doesn't use any privileged rights (conversely to PackageInstaller) nor su; I suggest a bug report on Oneplus forum (?).

With Magisk "remounts", it's possible PackageInstaller get loose : give a try to foss GhostCommander to check what happens with [OpenWith] .apk option and PackageInstaller selected.

btw I wish you could post on xda the json of OP7pro from my deviceInfos fdroid app https://forum.xda-developers.com/android/apps-games/appfoss-googleserviceframework-gsf-t3849908 ; so I could see OP7pro generics (they are no private infos in the json).

 

[yochananmarqos]

For the conflict, it is solely related to manifest intent declaration : https://bitbucket.org/oF2pks/fdroid...oid/app/src/main/AndroidManifest.xml#lines-34.
Uninstall ClassyShark and try F-Droid safe Stanley app (same process intent) to countercheck your PackageInstaller behaviour.

If you don't have Magisk installed, then it looks like a bug in Oneplus rom: ClassyShark (& Stanley) doesn't use any privileged rights (conversely to PackageInstaller) nor su; I suggest a bug report on Oneplus forum (?).

With Magisk "remounts", it's possible PackageInstaller get loose : give a try to foss GhostCommander to check what happens with [OpenWith] .apk option and PackageInstaller selected.

btw I wish you could post on xda the json of OP7pro from my deviceInfos fdroid app https://forum.xda-developers.com/android/apps-games/appfoss-googleserviceframework-gsf-t3849908 ; so I could see OP7pro generics (they are no private infos in the json).

No, I don't have Magisk installed. I'm waiting on my unlock code.

I attached the json file from Kaltura.

 

[oF2pks]

No, I don't have Magisk installed. I'm waiting on my unlock code.

I attached the json file from Kaltura.

(thx for json, I wish more xda users could throw their json so I could update the app: initially, I thought xda could be interested to settle a global coherent central database (for forums headers ? @MikeChannon ) to help cross-development through similar devices (OEM kernel , soc ...)).

I have uploaded new softened ClassyShark3xodus(202) in post#1 ; normally Oneplus PackageInstaller.apk should use this in manifest:

<intent-filter android:priority="1-99">​

<action android:name="android.intent.action.VIEW" />​

​

<category android:name="android.intent.category.INSTALL_PACKAGE" />​

<category android:name="android.intent.category.DEFAULT" />​

​

<data android:scheme="content" />​

<data android:scheme="file" />​

<data android:mimeType="application/vnd.android.package-archive" />​

</intent-filter>​

you can check apk's manifest.xml (and many more...) with attached app_PackagesInfo-debug13.apk.

NEW in xda/debug post#1:

• 
  ClassyShark3xodus : file sha256 (as shown in fdroid' index.xml)
• 
  app_PackagesInfo : signature decryption cert with sha1/256

 

[lfom]

Awesome project, please keep it up! Exodus is good, but too slow to run from phone, and it only works with apps from PlayStore. Regards.

 

[Efreak2004]

Suggestions

I'm poking through the apps on my system, but it took me a while to find the legend; I expected the first menu item to be a list of supported trackers, not a general about popup. Having looked at it for a while now, I've got a large number of comments regarding issues, usability, style, observations, suggestions, etc. Most of them are fairly minor, just renaming menu items and small tweaks for usability, but some documentation is needed in-app.

1. rename menu item to 'about'
2. move legend to its own menu item (Related: 1, 2, 11, 14)
3. format the legend text so it appears the same as the items in the main screen (or use a picture) (Related: 2, 11, 14)
4. change the urls in the about menu to be clickable
5. don't highlight package names in white, it looks weird
6. for gray background on system apps, make the entire background (margins/padding) of the outer element gray, not just the text part. Alternatively, just changed the text color.
7. consider making the popup screen when tapping an app into a horizontally scrollable view; the hashes/fingerprints don't have to break onto a separate line from the label sha256.
8. add margins to the screen that pops up on tap; after the loading animation goes away, the letters seem to be only 1px from the window edge, there should be a border of at least 5px around the entire window
9. Changing the sort method should be labeled as such, I didn't know the funny arrow meant sort until I tapped it
10. The 'super' label in the menu makes no sense. It should be renamed to Permissions or PackageInfo or Trackers or some such, depending on the view.
11. In PackageInfo view, there should be something to explain the asterisk and snowflake before the permission label, as well as the ^✓ after it. The nulls should be removed. Consider changing this entire section to a table with headers (*, ☸, permission, group, dangerous, instant, privileged, development, appop, preinstalled, etc) with an explanation of exactly what dangerous, development, *, ☸, and other less obvious terms mean, either on-tap or in a legend somewhere. (Related: 14, 2)
12. When you tap an app, the information should be cached until the app is closed, to prevent waiting for the work to be done again.
13. PackageInfo and manifest should be exportable (Related: 15, 17)
14. Legend for the list of trackers symbols (°, ?, ², μ) (Related: 11, 2)
15. Having a full package explorer is hardly necessary, but it might be nice to be able to unzip the apk to the sdcard for exploring with another app, along with the list of trackers found in the app and the list of activities, other metadata. (Related: 13, 17)
16. Firefox Nightly (org.mozilla.fennec_aurora) shows up as having a shared userid, however the package it lists (org.mozilla.fennec.sharedID) doesn't appear to be installed. The other Mozilla apps installed are Klar (org.mozilla.klar), Firefox Lite (org.mozilla.rocket), and Firefox Preview (org.firefox.fenix), none of which are shown as sharing userids.
17. I can't make selections to copy from various popups to the clipboard. (Related: 13, 15, 16)
18. After processing an app, save the results for it (more than just #12) until the app is updated.
19. After processing an app, update the main view; maybe have different symbols or app colors to indicate if an app has been analyzed, and further if any signatures were found.

Yes, it's a long list. Feel free to ignore me, I won't get offended.

 

[oF2pks]

New version uploaded: ClassyShark3xodus216-debugSoft.apk with latest Exodus database (216) update and dynamic|☢ androidManifest.xml for primary screen (longclick), 2nd screen will still use static|✇ parser. (more info: https://forum.xda-developers.com/showpost.php?p=80190710&postcount=5798)
@yochananmarqos , this xda edition is softened, can you confirm if working on Oneplus7 without interfering with PackageInstaller.apk ?
App_PackagesInfo is also updated with same manifest dynamic1/static2 behavior.


hi @Efreak2004 , sorry for delay and thank for your interest; here are few I can tell:

-11 In PackageInfo view, there should be something to explain the asterisk and snowflake before the permission label, as well as the ^✓ after it. The nulls should be removed. Consider changing this entire section to a table with headers (*, ☸, permission, group, dangerous, instant, privileged, development, appop, preinstalled, etc) with an explanation of exactly what dangerous, development, *, ☸, and other less obvious terms mean, either on-tap or in a legend somewhere. (Related: 14, 2)

indeed , I have to finalize that with 7#

-12 When you tap an app, the information should be cached until the app is closed, to prevent waiting for the work to be done again.

the app generates extra-huge cache (~Gb): I even decided to use a "brute force" removal of them.

-13 PackageInfo and manifest should be exportable (Related: 15, 17)

use longpress 11#

-14 Legend for the list of trackers symbols (°, ?, ², μ) (Related: 11, 2)

https://gitlab.com/oF2pks/3xodusprivacy-toolbox
° for missing: Amazon new active tracker AWS Kinesis is missing
² for Etip stand-by: Mozilla/Telemetry is now in Etip https://etip.exodus-privacy.eu.org/
µ for micro non-intrusive: Acra;
? when uncertain.
(will be added to menu.)

-15 Having a full package explorer is hardly necessary, but it might be nice to be able to unzip the apk to the sdcard for exploring with another app, along with the list of trackers found in the app and the list of activities, other metadata. (Related: 13, 17)

use apps_packages Infos attached in post #1 or https://f-droid.org/en/packages/com.oF2pks.applicationsinfo/
my idea is also to dub with Chairlock (with root/su possible permission removal and more...). I may add this functionality; Xplore already do that.

-16 Firefox Nightly (org.mozilla.fennec_aurora) shows up as having a shared userid, however the package it lists (org.mozilla.fennec.sharedID) doesn't appear to be installed. The other Mozilla apps installed are Klar (org.mozilla.klar), Firefox Lite (org.mozilla.rocket), and Firefox Preview (org.firefox.fenix), none of which are shown as sharing userids.

this is Mozilla decision : I show these, because permissions can be silently granted to others apps that would use same sharedID; in case of Firefox, sharedID is defined but doesn't seem to be used by any other(?).

-17 I can't make selections to copy from various popups to the clipboard. (Related: 13, 15, 16)

use longpress in SubTotals (others popups are wip 11#)

-18 After processing an app, save the results for it (more than just #12) until the app is updated.

(the app generates extra-huge cache (~Gb): I even use a "brute force" removal of them. ) extensive analysis should be done with dexdump (or other) command https://gitlab.com/oF2pks/3xodusprivacy-toolbox ,

-19 After processing an app, update the main view; maybe have different symbols or app colors to indicate if an app has been analyzed, and further if any signatures were found.

(the app generates extra-huge cache (~Gb): I even use a "brute force" removal of them. ) will never have enough "free" time for that : imho, such behavior should be part of aosp inner rom (omnirom ?).

 

[yochananmarqos]

this xda edition is softened, can you confirm if working on Oneplus7 without interfering with PackageInstaller.apk ?

Confirmed.

Sent from my OnePlus 7 Pro using XDA Labs

 

[ildar_prophet]

willing to develop App_PackagesInfo further? I'd suggest some simple yet "cool" menu additions: enable/disable app, view in Yalp or Play Market (in addition to F-Droid) and (maybe) stop the app.

And also not so trivial: adding apps lists to save and load just as https://f-droid.org/wiki/page/com.projectsexception.myapplist.open does.

 

[CubaoX]

What does it mean if the application name is displayed in orange, and what if in black (most names are black)?

 

[oF2pks]

Exodus database new release (eof269)

New soft (no [android:scheme="content"]) build is up in #1st post, Exodus database new release (eof269): 344 (304+40 signatures for 258+34 recensed trackers.)

(this debug edition is now using xdaShark3xodus name since eof236)

What does it mean if the application name is displayed in orange, and what if in black (most names are black)?

Devs can decide to define/use a common [ShareUserId] for multiple apps (with also same cert); thus permissions declared & granted in one app can be silently acquired in others using that same ShareUserId: these apps with ShareUserId activated, are shown in orange with corresponding string.
General doc is "behind" primary line in 3dots' 1st screen : tap on {344 exoTrackers(292)}.

willing to develop App_PackagesInfo further? ...

@ildar_prophet further improvements will move to Chairlock https://forum.xda-developers.com/android/apps-games/appfoss4-1-chairlock-complete-t3956991

 

[oF2pks]

Exodus database new release (eof357)

@SkandaH (@MishaalRahman ) following latest xda#news on appZygote/Selinux, I've uploaded up-to-date ClassyShark3xodus_357 with appZygote service detection : if any, a toast will popup at start & refresh and service name will also be displayed in 2nd screen (apk sub-totals).
post#1: https://forum.xda-developers.com/attachments/classyshark3xodus357-debugsoft-apk.5224635/

Following https://cs.android.com/search?q=FLAG_USE_APP_ZYGOTE , such isolated process is documented in frameworks/base/framework-minus-apex/android_common/xref30/srcjars.xref/com/android/internal/R.java as:

/**
* <p>
* @ attr description
* If true, and this is an {@link android.R.attr#isolatedProcess} service, the service
* will be spawned from an Application Zygote, instead of the regular Zygote.
* <p>
* The Application Zygote will first pre-initialize the application's class loader. Then,
* if the application has defined the {@link android.R.attr#zygotePreloadName} attribute,
* the Application Zygote will call into that class to allow it to perform
* application-specific preloads (such as loading a shared library). Therefore,
* spawning from the Application Zygote will typically reduce the service
* launch time and reduce its memory usage. The downside of using this flag
* is that you will have an additional process (the app zygote itself) that
* is taking up memory. Whether actual memory usage is improved therefore strongly
* depends on the number of isolated services that an application starts,
* and how much memory those services save by preloading and sharing memory with
* the app zygote. Therefore, it is recommended to measure memory usage under
* typical workloads to determine whether it makes sense to use this flag.
*
* <p>May be a boolean value, such as "<code>true</code>" or
* "<code>false</code>".
*
* @ attr name android:useAppZygote
*/
public static final int AndroidManifestService_useAppZygote=18;
/**

(Let me know of any suggestions for upcoming official release on F-Droid.)

@yochananmarqos , I fixed bugs on this xda debug flavor: screen shortcuts and *.apk file direct scanning via GhostCommander/OpenWith (since Manifest is softened...)

 

[jsusang]

Hi, @oF2pks!

Thank you for your ClassyShark3xodus app!

I downloaded it from F-droid, and have been
using it on a Note9/Android 10 & Note20 Ultra/Android 11. It is an awesome utility to find out what apps are doing on your phone!

What are "Permissions: misses" (in the "Super" panel, listed in the three-button menu)?

Thanks!

 

[oF2pks]

Exodus database new release (eof422)

New soft (no android:scheme="content") build is up in #1st post, Exodus database new release (eof422): 528+34 signatures for 403+31 identified trackers.

Nota: you have to uninstall previous xda debug flavor due to signature change for it, in AndroidStudio (_ArticFox ?).

...What are "Permissions: misses" (in the "Super" panel, listed in the three-button menu)?
...

These are declared permissions in an apk that are missing on your device for both global framework-res.apk (Android) & all other installed apps.

As example, on android11, Playstore (com.android.vending) will miss android.permission.BLUETOOTH_SCAN which only appears in android12/framework-res.apk (like ~17 new others in API level 31)
Some can also miss because of deprecation like android.permission.ACCESS_SUPERUSER.

As for "Permissions: duplicates", be aware the result depends on the active filter: only relevant when Permissions are sorted by Name...

 

[Bach_J]

Hi, @oF2pks!
When I open Classyshark (https://f-droid.org/en/packages/com.oF2pks.classyshark3xodus/), this toast message appears from AppZygote:

appZygote:
com.android.chromeorg.chromium.content.app.SandboxedProcessService0

I have a Samsung smartphone with Android 11.

What is the meaning of this warning? Did I install an hacked apk? Did I get a malware or something like that? I downloaded it from f-droid.